Add resources for allowed projects and excluded workspaces

Author: tylerwolf

internal/provider/provider.go

@@ -107,7 +107,9 @@ func Provider() *schema.Provider {
 		ResourcesMap: map[string]*schema.Resource{
 			"tfe_admin_organization_settings":    resourceTFEAdminOrganizationSettings(),
 			"tfe_agent_pool":                     resourceTFEAgentPool(),
+			"tfe_agent_pool_allowed_projects":    resourceTFEAgentPoolAllowedProjects(),
 			"tfe_agent_pool_allowed_workspaces":  resourceTFEAgentPoolAllowedWorkspaces(),
+			"tfe_agent_pool_excluded_workspaces": resourceTFEAgentPoolExcludedWorkspaces(),
 			"tfe_agent_token":                    resourceTFEAgentToken(),
 			"tfe_oauth_client":                   resourceTFEOAuthClient(),
 			"tfe_opa_version":                    resourceTFEOPAVersion(),

internal/provider/resource_tfe_agent_pool_allowed_projects.go

@@ -0,0 +1,144 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// NOTE: This is a legacy resource and should be migrated to the Plugin
+// Framework if substantial modifications are planned. See
+// docs/new-resources.md if planning to use this code as boilerplate for
+// a new resource.
+
+package provider
+
+import (
+	"errors"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/go-tfe"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceTFEAgentPoolAllowedProjects() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTFEAgentPoolAllowedProjectsCreate,
+		Read:   resourceTFEAgentPoolAllowedProjectsRead,
+		Update: resourceTFEAgentPoolAllowedProjectsUpdate,
+		Delete: resourceTFEAgentPoolAllowedProjectsDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"agent_pool_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"allowed_project_ids": {
+				Type:     schema.TypeSet,
+				Required: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func resourceTFEAgentPoolAllowedProjectsCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(ConfiguredClient)
+
+	apID := d.Get("agent_pool_id").(string)
+
+	// Create a new options struct.
+	options := tfe.AgentPoolAllowedProjectsUpdateOptions{}
+
+	if allowedProjectIDs, allowedProjectSet := d.GetOk("allowed_project_ids"); allowedProjectSet {
+		options.AllowedProjects = []*tfe.Project{}
+		for _, projectID := range allowedProjectIDs.(*schema.Set).List() {
+			if val, ok := projectID.(string); ok {
+				options.AllowedProjects = append(options.AllowedProjects, &tfe.Project{ID: val})
+			}
+		}
+	}
+
+	log.Printf("[DEBUG] Update agent pool: %s", apID)
+	_, err := config.Client.AgentPools.UpdateAllowedProjects(ctx, apID, options)
+	if err != nil {
+		return fmt.Errorf("Error updating agent pool %s: %w", apID, err)
+	}
+
+	d.SetId(apID)
+
+	return nil
+}
+
+func resourceTFEAgentPoolAllowedProjectsRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(ConfiguredClient)
+
+	agentPool, err := config.Client.AgentPools.Read(ctx, d.Id())
+	if err != nil {
+		if errors.Is(err, tfe.ErrResourceNotFound) {
+			log.Printf("[DEBUG] agent pool %s no longer exists", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("Error reading configuration of agent pool %s: %w", d.Id(), err)
+	}
+
+	var allowedProjectIDs []string
+	for _, project := range agentPool.AllowedProjects {
+		allowedProjectIDs = append(allowedProjectIDs, project.ID)
+	}
+	d.Set("allowed_project_ids", allowedProjectIDs)
+	d.Set("agent_pool_id", agentPool.ID)
+
+	return nil
+}
+
+func resourceTFEAgentPoolAllowedProjectsUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(ConfiguredClient)
+
+	apID := d.Get("agent_pool_id").(string)
+
+	// Create a new options struct.
+	options := tfe.AgentPoolAllowedProjectsUpdateOptions{
+		AllowedProjects: []*tfe.Project{},
+	}
+
+	if allowedProjectIDs, allowedProjectSet := d.GetOk("allowed_project_ids"); allowedProjectSet {
+		options.AllowedProjects = []*tfe.Project{}
+		for _, projectID := range allowedProjectIDs.(*schema.Set).List() {
+			if val, ok := projectID.(string); ok {
+				options.AllowedProjects = append(options.AllowedProjects, &tfe.Project{ID: val})
+			}
+		}
+	}
+
+	log.Printf("[DEBUG] Update agent pool: %s", apID)
+	_, err := config.Client.AgentPools.UpdateAllowedProjects(ctx, apID, options)
+	if err != nil {
+		return fmt.Errorf("Error updating agent pool %s: %w", apID, err)
+	}
+
+	d.SetId(apID)
+
+	return nil
+}
+
+func resourceTFEAgentPoolAllowedProjectsDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(ConfiguredClient)
+
+	apID := d.Get("agent_pool_id").(string)
+
+	// Create a new options struct.
+	options := tfe.AgentPoolAllowedProjectsUpdateOptions{
+		AllowedProjects: []*tfe.Project{},
+	}
+
+	log.Printf("[DEBUG] Update agent pool: %s", apID)
+	_, err := config.Client.AgentPools.UpdateAllowedProjects(ctx, apID, options)
+	if err != nil {
+		return fmt.Errorf("Error updating agent pool %s: %w", apID, err)
+	}
+
+	return nil
+}

internal/provider/resource_tfe_agent_pool_allowed_projects_test.go

@@ -0,0 +1,215 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"errors"
+	"fmt"
+	"testing"
+
+	tfe "github.com/hashicorp/go-tfe"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+)
+
+func TestAccTFEAgentPoolAllowedProjects_create_update(t *testing.T) {
+	tfeClient, err := getClientUsingEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	org, orgCleanup := createBusinessOrganization(t, tfeClient)
+	t.Cleanup(orgCleanup)
+
+	allowedProjectsIDs := &[]string{}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV5ProviderFactories: testAccMuxedProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEAgentPoolAllowedProjects_basic(org.Name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTFEAgentPoolAllowedProjectExists("tfe_agent_pool.foobar", allowedProjectsIDs),
+					testAccCheckTFEAgentPoolAllowedProjectsCount(2, allowedProjectsIDs),
+				),
+			},
+			{
+				Config: testAccTFEAgentPoolAllowedProjects_update(org.Name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTFEAgentPoolAllowedProjectExists("tfe_agent_pool.foobar", allowedProjectsIDs),
+					testAccCheckTFEAgentPoolAllowedProjectsCount(1, allowedProjectsIDs),
+				),
+			},
+			{
+				Config: testAccTFEAgentPoolAllowedProjects_destroy(org.Name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTFEAgentPoolAllowedProjectsNotExists("tfe_agent_pool.foobar"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckTFEAgentPoolAllowedProjectExists(resourceName string, allowedProjects *[]string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		*allowedProjects = []string{}
+
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceName)
+		}
+
+		// Resource ID equals the Agent Pool ID
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No instance ID is set")
+		}
+
+		agentPool, err := testAccConfiguredClient.Client.AgentPools.Read(ctx, rs.Primary.ID)
+		if err != nil && !errors.Is(err, tfe.ErrResourceNotFound) {
+			return fmt.Errorf("error while fetching agent pool: %w", err)
+		}
+
+		if len(agentPool.AllowedProjects) == 0 {
+			return fmt.Errorf("Allowed Projects for agent pool %s do not exist", rs.Primary.ID)
+		}
+
+		for _, project := range agentPool.AllowedProjects {
+			*allowedProjects = append(*allowedProjects, project.ID)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckTFEAgentPoolAllowedProjectsNotExists(resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceName)
+		}
+
+		// Resource ID equals the Agent Pool ID
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No instance ID is set")
+		}
+
+		agentPool, err := testAccConfiguredClient.Client.AgentPools.Read(ctx, rs.Primary.ID)
+		if err != nil && !errors.Is(err, tfe.ErrResourceNotFound) {
+			return fmt.Errorf("error while fetching agent pool: %w", err)
+		}
+
+		if len(agentPool.AllowedProjects) > 0 {
+			return fmt.Errorf("Allowed Projects for agent pool %s exists", rs.Primary.ID)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckTFEAgentPoolAllowedProjectsCount(expected int, allowedProjects *[]string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if len(*allowedProjects) != expected {
+			return fmt.Errorf("expected %d allowed projects, got %d", expected, len(*allowedProjects))
+		}
+		return nil
+	}
+}
+
+func TestAccTFEAgentPoolAllowedProjects_import(t *testing.T) {
+	skipIfEnterprise(t)
+
+	tfeClient, err := getClientUsingEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	org, orgCleanup := createBusinessOrganization(t, tfeClient)
+	t.Cleanup(orgCleanup)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV5ProviderFactories: testAccMuxedProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEAgentPoolAllowedProjects_basic(org.Name),
+			},
+			{
+				ResourceName:      "tfe_agent_pool_allowed_projects.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccTFEAgentPoolAllowedProjects_destroy(organization string) string {
+	return fmt.Sprintf(`
+resource "tfe_project" "foobar" {
+  name = "foobar"
+  organization = "%s"
+}
+
+resource "tfe_project" "test-project" {
+  name = "test-project"
+  organization = "%s"
+}
+
+resource "tfe_agent_pool" "foobar" {
+  name         = "agent-pool-updated"
+  organization = "%s"
+  organization_scoped = false
+}`, organization, organization, organization)
+}
+
+func testAccTFEAgentPoolAllowedProjects_update(organization string) string {
+	return fmt.Sprintf(`
+resource "tfe_project" "foobar" {
+  name = "foobar"
+  organization = "%s"
+}
+
+resource "tfe_project" "test-project" {
+  name = "test-project"
+  organization = "%s"
+}
+
+resource "tfe_agent_pool" "foobar" {
+  name         = "agent-pool-updated"
+  organization = "%s"
+  organization_scoped = false
+}
+
+resource "tfe_agent_pool_allowed_projects" "foobar"{
+  agent_pool_id 		= tfe_agent_pool.foobar.id
+  allowed_project_ids = [tfe_project.foobar.id]
+}`, organization, organization, organization)
+}
+
+func testAccTFEAgentPoolAllowedProjects_basic(organization string) string {
+	return fmt.Sprintf(`
+resource "tfe_project" "foobar" {
+  name = "foobar"
+  organization = "%s"
+}
+
+resource "tfe_project" "test-project" {
+  name = "test-project"
+  organization = "%s"
+}
+
+resource "tfe_agent_pool" "foobar" {
+  name         = "agent-pool-updated"
+  organization = "%s"
+  organization_scoped = false
+}
+
+resource "tfe_agent_pool_allowed_projects" "foobar"{
+  agent_pool_id 		= tfe_agent_pool.foobar.id
+  allowed_project_ids = [
+	tfe_project.foobar.id,
+	tfe_project.test-project.id
+   ]
+}`, organization, organization, organization)
+}