Add variable sets permission to team project

CHANGELOG.md

@@ -1,5 +1,7 @@
 # Unreleased
 
+* Add BETA support for adding custom project permission for variable sets `ProjectVariableSetsPermission` by @netramali [21879](https://github.com/hashicorp/atlas/pull/21879)
+
 # v1.73.0
 
 ## Enhancements

team_project_access.go

@@ -71,6 +71,9 @@ type TeamProjectAccess struct {
 type TeamProjectAccessProjectPermissions struct {
 	ProjectSettingsPermission ProjectSettingsPermissionType `jsonapi:"attr,settings"`
 	ProjectTeamsPermission    ProjectTeamsPermissionType    `jsonapi:"attr,teams"`
+	// ProjectVariableSetsPermission represents read, manage, and no access custom permission for project-level variable sets
+	// This relation is considered BETA, SUBJECT TO CHANGE, and likely unavailable to most users.
+	ProjectVariableSetsPermission ProjectVariableSetsPermissionType `jsonapi:"attr,variable-sets"`
 }
 
 // WorkspacePermissions represents the team's permission on all workspaces in its project
@@ -104,6 +107,16 @@ const (
 	ProjectTeamsPermissionManage ProjectTeamsPermissionType = "manage"
 )
 
+// ProjectVariableSetsPermissionType represents the permission type to a project's variable sets
+// This relation is considered BETA, SUBJECT TO CHANGE, and likely unavailable to most users.
+type ProjectVariableSetsPermissionType string
+
+const (
+	ProjectVariableSetsPermissionNone  ProjectVariableSetsPermissionType = "none"
+	ProjectVariableSetsPermissionRead  ProjectVariableSetsPermissionType = "read"
+	ProjectVariableSetsPermissionWrite ProjectVariableSetsPermissionType = "write"
+)
+
 // WorkspaceRunsPermissionType represents the permissiontype to project workspaces' runs
 type WorkspaceRunsPermissionType string
 
@@ -143,6 +156,8 @@ const (
 type TeamProjectAccessProjectPermissionsOptions struct {
 	Settings *ProjectSettingsPermissionType `json:"settings,omitempty"`
 	Teams    *ProjectTeamsPermissionType    `json:"teams,omitempty"`
+	// This relation is considered BETA, SUBJECT TO CHANGE, and likely unavailable to most users.
+	VariableSets *ProjectVariableSetsPermissionType `json:"variable-sets,omitempty"`
 }
 
 type TeamProjectAccessWorkspacePermissionsOptions struct {

team_project_access_integration_test.go

@@ -166,13 +166,15 @@ func TestTeamProjectAccessesAdd(t *testing.T) {
 	})
 
 	t.Run("with valid options for all custom TeamProject permissions", func(t *testing.T) {
+		skipUnlessBeta(t)
 		options := TeamProjectAccessAddOptions{
 			Access:  *ProjectAccess(TeamProjectAccessCustom),
 			Team:    tmTest,
 			Project: pTest,
 			ProjectAccess: &TeamProjectAccessProjectPermissionsOptions{
-				Settings: ProjectSettingsPermission(ProjectSettingsPermissionUpdate),
-				Teams:    ProjectTeamsPermission(ProjectTeamsPermissionManage),
+				Settings:     ProjectSettingsPermission(ProjectSettingsPermissionUpdate),
+				Teams:        ProjectTeamsPermission(ProjectTeamsPermissionManage),
+				VariableSets: ProjectVariableSetsPermission(ProjectVariableSetsPermissionWrite),
 			},
 			WorkspaceAccess: &TeamProjectAccessWorkspacePermissionsOptions{
 				Runs:          WorkspaceRunsPermission(WorkspaceRunsPermissionApply),
@@ -209,6 +211,7 @@ func TestTeamProjectAccessesAdd(t *testing.T) {
 			assert.Equal(t, options.Access, item.Access)
 			assert.Equal(t, *options.ProjectAccess.Settings, item.ProjectAccess.ProjectSettingsPermission)
 			assert.Equal(t, *options.ProjectAccess.Teams, item.ProjectAccess.ProjectTeamsPermission)
+			assert.Equal(t, *options.ProjectAccess.VariableSets, item.ProjectAccess.ProjectVariableSetsPermission)
 			assert.Equal(t, *options.WorkspaceAccess.Runs, item.WorkspaceAccess.WorkspaceRunsPermission)
 			assert.Equal(t, *options.WorkspaceAccess.SentinelMocks, item.WorkspaceAccess.WorkspaceSentinelMocksPermission)
 			assert.Equal(t, *options.WorkspaceAccess.StateVersions, item.WorkspaceAccess.WorkspaceStateVersionsPermission)
@@ -352,11 +355,13 @@ func TestTeamProjectAccessesUpdate(t *testing.T) {
 	})
 
 	t.Run("with valid custom permissions attributes for all permissions", func(t *testing.T) {
+		skipUnlessBeta(t)
 		options := TeamProjectAccessUpdateOptions{
 			Access: ProjectAccess(TeamProjectAccessCustom),
 			ProjectAccess: &TeamProjectAccessProjectPermissionsOptions{
-				Settings: ProjectSettingsPermission(ProjectSettingsPermissionUpdate),
-				Teams:    ProjectTeamsPermission(ProjectTeamsPermissionManage),
+				Settings:     ProjectSettingsPermission(ProjectSettingsPermissionUpdate),
+				Teams:        ProjectTeamsPermission(ProjectTeamsPermissionManage),
+				VariableSets: ProjectVariableSetsPermission(ProjectVariableSetsPermissionRead),
 			},
 			WorkspaceAccess: &TeamProjectAccessWorkspacePermissionsOptions{
 				Runs:          WorkspaceRunsPermission(WorkspaceRunsPermissionPlan),
@@ -378,6 +383,7 @@ func TestTeamProjectAccessesUpdate(t *testing.T) {
 		assert.Equal(t, tpa.Access, TeamProjectAccessCustom)
 		assert.Equal(t, *options.ProjectAccess.Teams, tpa.ProjectAccess.ProjectTeamsPermission)
 		assert.Equal(t, *options.ProjectAccess.Settings, tpa.ProjectAccess.ProjectSettingsPermission)
+		assert.Equal(t, *options.ProjectAccess.VariableSets, tpa.ProjectAccess.ProjectVariableSetsPermission)
 		assert.Equal(t, *options.WorkspaceAccess.Runs, tpa.WorkspaceAccess.WorkspaceRunsPermission)
 		assert.Equal(t, *options.WorkspaceAccess.SentinelMocks, tpa.WorkspaceAccess.WorkspaceSentinelMocksPermission)
 		assert.Equal(t, *options.WorkspaceAccess.StateVersions, tpa.WorkspaceAccess.WorkspaceStateVersionsPermission)

type_helpers.go

@@ -29,6 +29,11 @@ func ProjectTeamsPermission(v ProjectTeamsPermissionType) *ProjectTeamsPermissio
 	return &v
 }
 
+// ProjectVariableSetsPermission returns a pointer to the given team access project type.
+func ProjectVariableSetsPermission(v ProjectVariableSetsPermissionType) *ProjectVariableSetsPermissionType {
+	return &v
+}
+
 // WorkspaceRunsPermission returns a pointer to the given team access project type.
 func WorkspaceRunsPermission(v WorkspaceRunsPermissionType) *WorkspaceRunsPermissionType {
 	return &v