Fix gitlab_project and gitlab_project_share relationship (#421)

- gitlab_project: remove shared_with_groups attribute
- gitlab_project_share: fix update failing to change access_level

Author: armsnyder

docs/resources/project.md

@@ -74,11 +74,6 @@ The following arguments are supported:
 
 * `shared_runners_enabled` - (Optional) Enable shared runners for this project.
 
-* `shared_with_groups` - (Optional) Enable sharing the project with a list of groups (maps).
-  * `group_id` - (Required) Group id of the group you want to share the project with.
-  * `group_access_level` - (Required) Group's sharing permissions. See [group members permission][group_members_permissions] for more info.
-  Valid values are `guest`, `reporter`, `developer`, `maintainer`.
-
 * `archived` - (Optional) Whether the project is in read-only mode (archived). Repositories can be archived/unarchived by toggling this parameter.
 
 * `initialize_with_readme` - (Optional) Create master branch with first commit containing a README.md file.
@@ -101,9 +96,6 @@ The following additional attributes are exported:
 
 * `runners_token` - Registration token to use during runner setup.
 
-* `shared_with_groups` - List of the groups the project is shared with.
-  * `group_name` - Group's name.
-
 * `remove_source_branch_after_merge` - Enable `Delete source branch` option by default for all new merge requests.
 
 

gitlab/data_source_gitlab_projects.go

@@ -850,3 +850,19 @@ func dataSourceGitlabProjectsRead(d *schema.ResourceData, meta interface{}) (err
 	}
 	return err
 }
+
+func flattenSharedWithGroupsOptions(project *gitlab.Project) []interface{} {
+	var sharedWithGroupsList []interface{}
+
+	for _, option := range project.SharedWithGroups {
+		values := map[string]interface{}{
+			"group_id":           option.GroupID,
+			"group_access_level": accessLevelValueToName[gitlab.AccessLevelValue(option.GroupAccessLevel)],
+			"group_name":         option.GroupName,
+		}
+
+		sharedWithGroupsList = append(sharedWithGroupsList, values)
+	}
+
+	return sharedWithGroupsList
+}

gitlab/helper_test.go

@@ -28,18 +28,6 @@ func testAccCompareGitLabAttribute(attr string, expected, received *schema.Resou
 	return nil
 }
 
-func testAccIsSkippedAttribute(needle string, haystack []string) bool {
-	if needle == "" {
-		return false
-	}
-	for _, hay := range haystack {
-		if hay == needle {
-			return true
-		}
-	}
-	return false
-}
-
 // Returns true if the acceptance test is running Gitlab EE.
 // Meant to be used as SkipFunc to skip tests that work only on Gitlab CE.
 func isRunningInEE() (bool, error) {

gitlab/resource_gitlab_project.go

@@ -172,28 +172,6 @@ var resourceGitLabProjectSchema = map[string]*schema.Schema{
 		Elem:     &schema.Schema{Type: schema.TypeString},
 		Set:      schema.HashString,
 	},
-	"shared_with_groups": {
-		Type:     schema.TypeSet,
-		Optional: true,
-		Elem: &schema.Resource{
-			Schema: map[string]*schema.Schema{
-				"group_id": {
-					Type:     schema.TypeInt,
-					Required: true,
-				},
-				"group_access_level": {
-					Type:     schema.TypeString,
-					Required: true,
-					ValidateFunc: validation.StringInSlice([]string{
-						"no one", "guest", "reporter", "developer", "maintainer"}, false),
-				},
-				"group_name": {
-					Type:     schema.TypeString,
-					Computed: true,
-				},
-			},
-		},
-	},
 	"archived": {
 		Type:        schema.TypeBool,
 		Description: "Whether the project is archived.",
@@ -249,7 +227,6 @@ func resourceGitlabProjectSetToState(d *schema.ResourceData, project *gitlab.Pro
 	d.Set("web_url", project.WebURL)
 	d.Set("runners_token", project.RunnersToken)
 	d.Set("shared_runners_enabled", project.SharedRunnersEnabled)
-	d.Set("shared_with_groups", flattenSharedWithGroupsOptions(project))
 	d.Set("tags", project.TagList)
 	d.Set("archived", project.Archived)
 	d.Set("remove_source_branch_after_merge", project.RemoveSourceBranchAfterMerge)
@@ -334,14 +311,6 @@ func resourceGitlabProjectCreate(d *schema.ResourceData, meta interface{}) error
 		}
 	}
 
-	if v, ok := d.GetOk("shared_with_groups"); ok {
-		for _, option := range expandSharedWithGroupsOptions(v) {
-			if _, err := client.Projects.ShareProjectWithGroup(project.ID, option); err != nil {
-				return err
-			}
-		}
-	}
-
 	if d.Get("archived").(bool) {
 		// strange as it may seem, this project is created in archived state...
 		if _, _, err := client.Projects.ArchiveProject(d.Id()); err != nil {
@@ -476,12 +445,6 @@ func resourceGitlabProjectUpdate(d *schema.ResourceData, meta interface{}) error
 		}
 	}
 
-	if d.HasChange("shared_with_groups") {
-		if err := updateSharedWithGroups(d, meta); err != nil {
-			return err
-		}
-	}
-
 	if d.HasChange("archived") {
 		if d.Get("archived").(bool) {
 			if _, _, err := client.Projects.ArchiveProject(d.Id()); err != nil {
@@ -538,121 +501,3 @@ func resourceGitlabProjectDelete(d *schema.ResourceData, meta interface{}) error
 	}
 	return nil
 }
-
-func expandSharedWithGroupsOptions(v interface{}) []*gitlab.ShareWithGroupOptions {
-	shareWithGroupOptionsList := []*gitlab.ShareWithGroupOptions{}
-
-	for _, config := range v.(*schema.Set).List() {
-		data := config.(map[string]interface{})
-
-		groupAccess := accessLevelNameToValue[data["group_access_level"].(string)]
-
-		shareWithGroupOptions := &gitlab.ShareWithGroupOptions{
-			GroupID:     gitlab.Int(data["group_id"].(int)),
-			GroupAccess: &groupAccess,
-		}
-
-		shareWithGroupOptionsList = append(shareWithGroupOptionsList,
-			shareWithGroupOptions)
-	}
-
-	return shareWithGroupOptionsList
-}
-
-func flattenSharedWithGroupsOptions(project *gitlab.Project) []interface{} {
-	sharedWithGroups := project.SharedWithGroups
-	sharedWithGroupsList := []interface{}{}
-
-	for _, option := range sharedWithGroups {
-		values := map[string]interface{}{
-			"group_id": option.GroupID,
-			"group_access_level": accessLevelValueToName[gitlab.AccessLevelValue(
-				option.GroupAccessLevel)],
-			"group_name": option.GroupName,
-		}
-
-		sharedWithGroupsList = append(sharedWithGroupsList, values)
-	}
-
-	return sharedWithGroupsList
-}
-
-func findGroupProjectSharedWith(target *gitlab.ShareWithGroupOptions,
-	groups []*gitlab.ShareWithGroupOptions) (*gitlab.ShareWithGroupOptions, int, error) {
-	for i, group := range groups {
-		if *group.GroupID == *target.GroupID {
-			return group, i, nil
-		}
-	}
-
-	return nil, 0, fmt.Errorf("group not found")
-}
-
-func getGroupsProjectSharedWith(project *gitlab.Project) []*gitlab.ShareWithGroupOptions {
-	sharedGroups := []*gitlab.ShareWithGroupOptions{}
-
-	for _, group := range project.SharedWithGroups {
-		sharedGroups = append(sharedGroups, &gitlab.ShareWithGroupOptions{
-			GroupID: gitlab.Int(group.GroupID),
-			GroupAccess: gitlab.AccessLevel(gitlab.AccessLevelValue(
-				group.GroupAccessLevel)),
-		})
-	}
-
-	return sharedGroups
-}
-
-func updateSharedWithGroups(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*gitlab.Client)
-
-	var groupsToUnshare []*gitlab.ShareWithGroupOptions
-	var groupsToShare []*gitlab.ShareWithGroupOptions
-
-	// Get target groups from the TF config and current groups from Gitlab server
-	targetGroups := expandSharedWithGroupsOptions(d.Get("shared_with_groups"))
-	project, _, err := client.Projects.GetProject(d.Id(), nil)
-	if err != nil {
-		return err
-	}
-	currentGroups := getGroupsProjectSharedWith(project)
-
-	for _, targetGroup := range targetGroups {
-		currentGroup, index, err := findGroupProjectSharedWith(targetGroup, currentGroups)
-
-		// If no corresponding group is found, it must be added
-		if err != nil {
-			groupsToShare = append(groupsToShare, targetGroup)
-			continue
-		}
-
-		// If group is different it must be deleted and added again
-		if *targetGroup.GroupAccess != *currentGroup.GroupAccess {
-			groupsToShare = append(groupsToShare, targetGroup)
-			groupsToUnshare = append(groupsToUnshare, targetGroup)
-		}
-
-		// Remove currentGroup from from list
-		currentGroups = append(currentGroups[:index], currentGroups[index+1:]...)
-	}
-
-	// All groups still present in currentGroup must be deleted
-	groupsToUnshare = append(groupsToUnshare, currentGroups...)
-
-	// Unshare groups to delete and update
-	for _, group := range groupsToUnshare {
-		_, err := client.Projects.DeleteSharedProjectFromGroup(d.Id(), *group.GroupID)
-		if err != nil {
-			return err
-		}
-	}
-
-	// Share groups to add and update
-	for _, group := range groupsToShare {
-		_, err := client.Projects.ShareProjectWithGroup(d.Id(), group)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}

gitlab/resource_gitlab_project_share_group.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"log"
 	"strconv"
-	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/xanzy/go-gitlab"
@@ -16,7 +15,6 @@ func resourceGitlabProjectShareGroup() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceGitlabProjectShareGroupCreate,
 		Read:   resourceGitlabProjectShareGroupRead,
-		Update: resourceGitlabProjectShareGroupUpdate,
 		Delete: resourceGitlabProjectShareGroupDelete,
 		Importer: &schema.ResourceImporter{
 			State: schema.ImportStatePassthrough,
@@ -36,6 +34,7 @@ func resourceGitlabProjectShareGroup() *schema.Resource {
 			"access_level": {
 				Type:         schema.TypeString,
 				ValidateFunc: validateValueFunc(acceptedAccessLevels),
+				ForceNew:     true,
 				Required:     true,
 			},
 		},
@@ -104,26 +103,6 @@ func projectIdAndGroupIdFromId(id string) (string, int, error) {
 	return projectId, groupId, nil
 }
 
-func resourceGitlabProjectShareGroupUpdate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*gitlab.Client)
-
-	groupId := d.Get("group_id").(int)
-	projectId := d.Get("project_id").(string)
-	accessLevelId := accessLevelID[strings.ToLower(d.Get("access_level").(string))]
-
-	options := gitlab.ShareWithGroupOptions{
-		GroupID:     &groupId,
-		GroupAccess: &accessLevelId,
-	}
-	log.Printf("[DEBUG] update gitlab project membership %v for %s", groupId, projectId)
-
-	_, err := client.Projects.ShareProjectWithGroup(projectId, &options)
-	if err != nil {
-		return err
-	}
-	return resourceGitlabProjectShareGroupRead(d, meta)
-}
-
 func resourceGitlabProjectShareGroupDelete(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*gitlab.Client)