CENG-286: PR reviews

cloudsmith/resource_package_deny_policy.go

@@ -138,10 +138,11 @@ func packageDenyPolicyDelete(d *schema.ResourceData, m interface{}) error {
 //nolint:funlen
 func packageDenyPolicy() *schema.Resource {
 	return &schema.Resource{
-		Create: packageDenyPolicyCreate,
-		Read:   packageDenyPolicyRead,
-		Update: packageDenyPolicyUpdate,
-		Delete: packageDenyPolicyDelete,
+		Create:      packageDenyPolicyCreate,
+		Read:        packageDenyPolicyRead,
+		Update:      packageDenyPolicyUpdate,
+		Delete:      packageDenyPolicyDelete,
+		Description: "Package deny policies control which packages can be downloaded within their repositories.",
 
 		Importer: &schema.ResourceImporter{
 			StateContext: packageDenyPolicyImport,

cloudsmith/resource_package_deny_policy_test.go

@@ -0,0 +1,84 @@
+//nolint:testpackage
+package cloudsmith
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+// create a baisc package deny policy function
+
+func TestAccPackageDenyPolicy_basic(t *testing.T) {
+	t.Parallel()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccPackageDenyPolicyCheckDestroy("cloudsmith_package_deny_policy.test"),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccPackageDenyPolicyConfigBasic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccPackageDenyPolicyCheckExists("cloudsmith_package_deny_policy.test"),
+					resource.TestCheckResourceAttr("cloudsmith_package_deny_policy.test", "namespace", os.Getenv("CLOUDSMITH_NAMESPACE")),
+					resource.TestCheckResourceAttr("cloudsmith_package_deny_policy.test", "enabled", "true"),
+					resource.TestCheckResourceAttr("cloudsmith_package_deny_policy.test", "name", "test-package-deny-policy-terraform-provider"),
+					resource.TestCheckResourceAttr("cloudsmith_package_deny_policy.test", "package_query", "name:example"),
+				),
+			},
+		},
+	})
+}
+
+// create a basic package deny policy config
+
+var testAccPackageDenyPolicyConfigBasic = fmt.Sprintf(`
+resource "cloudsmith_package_deny_policy" "test" {
+  namespace = "%s"
+  enabled = true
+  name = "test-package-deny-policy-terraform-provider"
+  package_query = "name:example"
+}
+`, os.Getenv("CLOUDSMITH_NAMESPACE"))
+
+// create a package deny policy check destroy function
+
+func testAccPackageDenyPolicyCheckDestroy(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := testAccProvider.Meta().(*providerConfig).APIClient
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "cloudsmith_package_deny_policy" {
+				continue
+			}
+
+			_, _, err := client.OrgsApi.OrgsDenyPolicyRead(testAccProvider.Meta().(*providerConfig).Auth, rs.Primary.Attributes["namespace"], rs.Primary.ID).Execute()
+			if err == nil {
+				return fmt.Errorf("Package deny policy still exists")
+			}
+		}
+		return nil
+	}
+}
+
+// create a package deny policy check exists function
+
+func testAccPackageDenyPolicyCheckExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := testAccProvider.Meta().(*providerConfig).APIClient
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "cloudsmith_package_deny_policy" {
+				continue
+			}
+
+			_, _, err := client.OrgsApi.OrgsDenyPolicyRead(testAccProvider.Meta().(*providerConfig).Auth, rs.Primary.Attributes["namespace"], rs.Primary.ID).Execute()
+			if err != nil {
+				return fmt.Errorf("Package deny policy does not exist")
+			}
+		}
+		return nil
+	}
+}

cloudsmith/resource_repository.go

@@ -69,7 +69,7 @@ func resourceRepositoryCreate(d *schema.ResourceData, m interface{}) error {
 
 	repository, _, err := pc.APIClient.ReposApi.ReposCreateExecute(req)
 	if err != nil {
-		return err
+		return fmt.Errorf("error creating repository: %w", err)
 	}
 
 	d.SetId(repository.GetSlugPerm())
@@ -80,7 +80,7 @@ func resourceRepositoryCreate(d *schema.ResourceData, m interface{}) error {
 			if is404(resp) {
 				return errKeepWaiting
 			}
-			return err
+			return fmt.Errorf("error reading repository: %w", err)
 		}
 		return nil
 	}
@@ -104,7 +104,7 @@ func resourceRepositoryRead(d *schema.ResourceData, m interface{}) error {
 			return nil
 		}
 
-		return err
+		return fmt.Errorf("error reading repository: %w", err)
 	}
 
 	d.Set("cdn_url", repository.GetCdnUrl())
@@ -211,7 +211,7 @@ func resourceRepositoryUpdate(d *schema.ResourceData, m interface{}) error {
 	})
 	repository, _, err := pc.APIClient.ReposApi.ReposPartialUpdateExecute(req)
 	if err != nil {
-		return err
+		return fmt.Errorf("error updating repository: %w", err)
 	}
 
 	d.SetId(repository.GetSlugPerm())
@@ -237,7 +237,7 @@ func resourceRepositoryDelete(d *schema.ResourceData, m interface{}) error {
 	req := pc.APIClient.ReposApi.ReposDelete(pc.Auth, namespace, d.Id())
 	_, err := pc.APIClient.ReposApi.ReposDeleteExecute(req)
 	if err != nil {
-		return err
+		return fmt.Errorf("error deleting repository: %w", err)
 	}
 
 	if requiredBool(d, "wait_for_deletion") {
@@ -247,7 +247,7 @@ func resourceRepositoryDelete(d *schema.ResourceData, m interface{}) error {
 				if is404(resp) {
 					return nil
 				}
-				return err
+				return fmt.Errorf("error reading repository: %w", err)
 			}
 			return errKeepWaiting
 		}
@@ -314,7 +314,8 @@ func resourceRepository() *schema.Resource {
 				Description: "This defines the default level of privilege that all of your organization members " +
 					"have for this repository. This does not include collaborators, but applies to any member of the " +
 					"org regardless of their own membership role (i.e. it applies to owners, managers and members). " +
-					"Be careful if setting this to admin, because any member will be able to change settings.",
+					"Be careful if setting this to admin, because any member will be able to change settings." +
+					"Valid values include: `Admin`, `Read`, `Write`, `None`.",
 				Optional:     true,
 				Computed:     true,
 				ValidateFunc: validation.StringInSlice([]string{"Admin", "Read", "Write", "None"}, false),
@@ -466,7 +467,8 @@ func resourceRepository() *schema.Resource {
 				Type: schema.TypeString,
 				Description: "The repository type changes how it is accessed and billed. Private repositories " +
 					"can only be used on paid plans, but are visible only to you or authorised delegates. Public " +
-					"repositories are free to use on all plans and visible to all Cloudsmith users.",
+					"repositories are free to use on all plans and visible to all Cloudsmith users." +
+					"Valid values include: `Private` or `Public`.",
 				Optional:     true,
 				Default:      "Private",
 				ValidateFunc: validation.StringInSlice([]string{"Private", "Public"}, false),
@@ -538,12 +540,15 @@ func resourceRepository() *schema.Resource {
 				Computed: true,
 			},
 			"storage_region": {
-				Type:         schema.TypeString,
-				Description:  "The Cloudsmith region in which package files are stored.",
+				Type: schema.TypeString,
+				Description: "The Cloudsmith region in which package files are stored." +
+					"Supported regions include: Northern California, United States (us-norcal), Sydney, Australia (au-sydney)," +
+					"Singapore (sg-singapore), Montreal, Canada (ca-montreal), Frankfurt, Germany (de-frankfurt), Oregon," +
+					"United States (us-oregon), Ohio, United States (us-ohio), Dublin, Ireland (ie-dublin)",
 				Optional:     true,
 				Computed:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.StringIsNotEmpty,
+				ValidateFunc: validation.StringInSlice([]string{"us-norcal", "au-sydney", "sg-singapore", "ca-montreal", "de-frankfurt", "us-oregon", "us-ohio", "ie-dublin"}, false),
 			},
 			"strict_npm_validation": {
 				Type: schema.TypeBool,
@@ -604,7 +609,8 @@ func resourceRepository() *schema.Resource {
 				Type: schema.TypeString,
 				Description: "This defines the minimum level of privilege required for a user to view repository statistics, " +
 					"to include entitlement-based usage, if applicable. If a user does not have the permission, they won't be " +
-					"able to view any statistics, either via the UI, API or CLI.",
+					"able to view any statistics, either via the UI, API or CLI." +
+					"Valid values include: `Admin`, `Write`, `Read`.",
 				Optional:     true,
 				Computed:     true,
 				ValidateFunc: validation.StringInSlice([]string{"Admin", "Write", "Read"}, false),

docs/data-sources/entitlement_list.md

@@ -8,12 +8,12 @@ provider "cloudsmith" {
     api_key = "my-api-key"
 }
 
-data "cloudsmith_namespace" "my_namespace" {
-    slug = "my-namespace"
+data "cloudsmith_organization" "my_organization" {
+    slug = "my-organization"
 }
 
 data "cloudsmith_repository" "my_repository" {
-    namespace  = data.cloudsmith_namespace.my_namespace.slug_perm
+    namespace  = data.cloudsmith_organization.my_organization.slug_perm
     identifier = "my-repository"
 }
 
@@ -80,4 +80,4 @@ The following attribute is additionally exported:
   * `updated_by_url` - URL for the user who updated the entitlement token.
   * `usage` - The usage associated with the token.
   * `user` - The user associated with the token.
-  * `user_url` - URL for the user associated with the token.
+  * `user_url` - URL for the user associated with the token.

docs/resources/package_deny_policy.md

@@ -0,0 +1,43 @@
+# Package Deny Policy Resource
+
+Create a package deny policy resource.
+
+## Example Usage
+
+```hcl
+provider "cloudsmith" {
+    api_key = "my-api-key"
+}
+
+data "cloudsmith_organization" "my_organization" {
+    slug = "my-organization"
+}
+
+data "cloudsmith_package_deny_policy" "test" {
+    namespace = my_organization.slug_perm
+    enabled = true
+    name = "test-package-deny-policy-terraform-provider"
+    package_query = "name:example"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+- `name` (Optional) - A descriptive name for the package deny policy.
+- `description` (Optional) - Description of the package deny policy.
+- `package_query` (Required) - The query to match the packages to be blocked.
+- `enabled` (Optional) - Is the package deny policy enabled? Defaults to `true`
+- `namespace` - The namespace where package deny policy is managed
+
+## Attribute Reference
+
+The following attributes are exported:
+
+- `id` - The ID of the package deny policy.
+- `name` - The name of the package deny policy.
+- `description` - The description of the package deny policy.
+- `package_query` - The query used to match the packages to be blocked.
+- `enabled` - Whether the package deny policy is enabled.
+- `namespace` - The namespace where package deny policy is managed