Merge pull request #938 from Shocktrooper/main

Third times a charm for protected environments

Author: timofurrer

docs/resources/project_environment.md

@@ -0,0 +1,73 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_project_environment Resource - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  The gitlab_project_environment resource allows to manage the lifecycle of an environment in a project.
+  -> During a terraform destroy this resource by default will not attempt to stop the environment first.
+  An environment is required to be in a stopped state before a deletetion of the environment can occur.
+  Set the stop_before_destroy flag to attempt to automatically stop the environment before deletion.
+  Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/environments.html
+---
+
+# gitlab_project_environment (Resource)
+
+The `gitlab_project_environment` resource allows to manage the lifecycle of an environment in a project.
+
+-> During a terraform destroy this resource by default will not attempt to stop the environment first.
+An environment is required to be in a stopped state before a deletetion of the environment can occur.
+Set the `stop_before_destroy` flag to attempt to automatically stop the environment before deletion.
+
+**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/environments.html)
+
+## Example Usage
+
+```terraform
+resource "gitlab_group" "this" {
+  name        = "example"
+  path        = "example"
+  description = "An example group"
+}
+
+resource "gitlab_project" "this" {
+  name                   = "example"
+  namespace_id           = gitlab_group.this.id
+  initialize_with_readme = true
+}
+
+resource "gitlab_project_environment" "this" {
+  project      = gitlab_project.this.id
+  name         = "example"
+  external_url = "www.example.com"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the environment.
+- `project` (String) The ID or full path of the project to environment is created for.
+
+### Optional
+
+- `external_url` (String) Place to link to for this environment.
+- `id` (String) The ID of this resource.
+- `stop_before_destroy` (Boolean) Determines whether the environment is attempted to be stopped before the environment is deleted.
+
+### Read-Only
+
+- `created_at` (String) The ISO8601 date/time that this environment was created at in UTC.
+- `slug` (String) The name of the environment in lowercase, shortened to 63 bytes, and with everything except 0-9 and a-z replaced with -. No leading / trailing -. Use in URLs, host names and domain names.
+- `state` (String) State the environment is in. Valid values are `available`, `stopped`.
+- `updated_at` (String) The ISO8601 date/time that this environment was last updated at in UTC.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# GitLab project environments can be imported using an id made up of `projectId:environmenId`, e.g.
+terraform import gitlab_project_environment.bar 123:321
+```

docs/resources/project_protected_environment.md

@@ -0,0 +1,99 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_project_protected_environment Resource - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  The gitlab_project_protected_environment resource allows to manage the lifecycle of a protected environment in a project.
+  Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/protected_environments.html
+---
+
+# gitlab_project_protected_environment (Resource)
+
+The `gitlab_project_protected_environment` resource allows to manage the lifecycle of a protected environment in a project.
+
+**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/protected_environments.html)
+
+## Example Usage
+
+```terraform
+resource "gitlab_group" "this" {
+  name        = "example"
+  path        = "example"
+  description = "An example group"
+}
+
+resource "gitlab_project" "this" {
+  name                   = "example"
+  namespace_id           = gitlab_group.this.id
+  initialize_with_readme = true
+}
+
+resource "gitlab_project_environment" "this" {
+  project      = gitlab_project.this.id
+  name         = "example"
+  external_url = "www.example.com"
+}
+
+resource "gitlab_project_protected_environment" "this" {
+  project     = gitlab_project.this.id
+  environment = gitlab_project_environment.this.name
+
+  deploy_access_levels {
+    access_level = "developer"
+  }
+}
+
+resource "gitlab_project_protected_environment" "this" {
+  project     = gitlab_project.this.id
+  environment = gitlab_project_environment.this.name
+
+  deploy_access_levels {
+    group_id = gitlab_group.test.id
+  }
+}
+
+resource "gitlab_project_protected_environment" "this" {
+  project     = gitlab_project.this.id
+  environment = gitlab_project_environment.this.name
+
+  deploy_access_levels {
+    user_id = gitlab_user.test.id
+  }
+
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `deploy_access_levels` (Block List, Min: 1, Max: 1) Array of access levels allowed to deploy, with each described by a hash. (see [below for nested schema](#nestedblock--deploy_access_levels))
+- `environment` (String) The name of the environment.
+- `project` (String) The ID or full path of the project which the protected environment is created against.
+
+### Optional
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--deploy_access_levels"></a>
+### Nested Schema for `deploy_access_levels`
+
+Optional:
+
+- `access_level` (String) Levels of access required to deploy to this protected environment. Valid values are `developer`, `maintainer`.
+- `group_id` (Number) The ID of the group allowed to deploy to this protected environment. The project must be shared with the group.
+- `user_id` (Number) The ID of the user allowed to deploy to this protected environment. The user must be a member of the project.
+
+Read-Only:
+
+- `access_level_description` (String) Readable description of level of access.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# GitLab protected environments can be imported using an id made up of `projectId:environmentName`, e.g.
+terraform import gitlab_project_protected_environment.bar 123:production
+```

examples/resources/gitlab_project_environment/import.sh

@@ -0,0 +1,2 @@
+# GitLab project environments can be imported using an id made up of `projectId:environmenId`, e.g.
+terraform import gitlab_project_environment.bar 123:321

examples/resources/gitlab_project_environment/resource.tf

@@ -0,0 +1,17 @@
+resource "gitlab_group" "this" {
+  name        = "example"
+  path        = "example"
+  description = "An example group"
+}
+
+resource "gitlab_project" "this" {
+  name                   = "example"
+  namespace_id           = gitlab_group.this.id
+  initialize_with_readme = true
+}
+
+resource "gitlab_project_environment" "this" {
+  project      = gitlab_project.this.id
+  name         = "example"
+  external_url = "www.example.com"
+}

examples/resources/gitlab_project_protected_environment/import.sh

@@ -0,0 +1,2 @@
+# GitLab protected environments can be imported using an id made up of `projectId:environmentName`, e.g.
+terraform import gitlab_project_protected_environment.bar 123:production

examples/resources/gitlab_project_protected_environment/resource.tf

@@ -0,0 +1,45 @@
+resource "gitlab_group" "this" {
+  name        = "example"
+  path        = "example"
+  description = "An example group"
+}
+
+resource "gitlab_project" "this" {
+  name                   = "example"
+  namespace_id           = gitlab_group.this.id
+  initialize_with_readme = true
+}
+
+resource "gitlab_project_environment" "this" {
+  project      = gitlab_project.this.id
+  name         = "example"
+  external_url = "www.example.com"
+}
+
+resource "gitlab_project_protected_environment" "this" {
+  project     = gitlab_project.this.id
+  environment = gitlab_project_environment.this.name
+
+  deploy_access_levels {
+    access_level = "developer"
+  }
+}
+
+resource "gitlab_project_protected_environment" "this" {
+  project     = gitlab_project.this.id
+  environment = gitlab_project_environment.this.name
+
+  deploy_access_levels {
+    group_id = gitlab_group.test.id
+  }
+}
+
+resource "gitlab_project_protected_environment" "this" {
+  project     = gitlab_project.this.id
+  environment = gitlab_project_environment.this.name
+
+  deploy_access_levels {
+    user_id = gitlab_user.test.id
+  }
+
+}

internal/provider/access_level_helpers.go

@@ -55,14 +55,22 @@ var validProtectedBranchUnprotectAccessLevelNames = []string{
 	"developer", "maintainer",
 }
 
+var validProtectedEnvironmentDeploymentLevelNames = []string{
+	"developer", "maintainer",
+}
+
+var validProjectEnvironmentStates = []string{
+	"available", "stopped",
+}
+
 var accessLevelNameToValue = map[string]gitlab.AccessLevelValue{
 	"no one":     gitlab.NoPermissions,
 	"minimal":    gitlab.MinimalAccessPermissions,
 	"guest":      gitlab.GuestPermissions,
 	"reporter":   gitlab.ReporterPermissions,
 	"developer":  gitlab.DeveloperPermissions,
 	"maintainer": gitlab.MaintainerPermissions,
-	"owner":      gitlab.OwnerPermission,
+	"owner":      gitlab.OwnerPermissions,
 
 	// Deprecated and should be removed in v4 of this provider
 	"master": gitlab.MaintainerPermissions,

internal/provider/helper_test.go

@@ -116,7 +116,7 @@ func testAccCurrentUser(t *testing.T) *gitlab.User {
 	return user
 }
 
-// testAccCreateGroups is a test helper for creating a project.
+// testAccCreateProject is a test helper for creating a project.
 func testAccCreateProject(t *testing.T) *gitlab.Project {
 	t.Helper()
 
@@ -326,6 +326,30 @@ func testAccCreateDeployKey(t *testing.T, projectID int, options *gitlab.AddDepl
 	return deployKey
 }
 
+// testAccCreateProjectEnvironment is a test helper function for creating a project environment
+func testAccCreateProjectEnvironment(t *testing.T, projectID int, options *gitlab.CreateEnvironmentOptions) *gitlab.Environment {
+	t.Helper()
+
+	projectEnvironment, _, err := testGitlabClient.Environments.CreateEnvironment(projectID, options)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Cleanup(func() {
+		if projectEnvironment.State != "stopped" {
+			_, err = testGitlabClient.Environments.StopEnvironment(projectID, projectEnvironment.ID)
+			if err != nil {
+				t.Fatal(err)
+			}
+		}
+		if _, err := testGitlabClient.Environments.DeleteEnvironment(projectID, projectEnvironment.ID); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	return projectEnvironment
+}
+
 // testAccGitlabProjectContext encapsulates a GitLab client and test project to be used during an
 // acceptance test.
 type testAccGitlabProjectContext struct {