Merge pull request #79 from tmeckel/r_query_permissions

New resource azuredevops_workitemquery_permissions
microsoft · Jul 30, 2020 · 368de4c · 368de4c
2 parents 992dbe5 + 764f407
commit 368de4c
Show file tree

Hide file tree

Showing 12 changed files with 6,697 additions and 2 deletions.
diff --git a/azdosdkmocks/workitemtracking_sdk_mock.go b/azdosdkmocks/workitemtracking_sdk_mock.go
diff --git a/azuredevops/internal/acceptancetests/resource_workitemquery_permissions_test.go b/azuredevops/internal/acceptancetests/resource_workitemquery_permissions_test.go
@@ -0,0 +1,193 @@
+// +build all permissions resource_workitemquery_permissions
+// +build !exclude_permissions !resource_workitemquery_permissions
+
+package acceptancetests
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/ahmetb/go-linq"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/terraform-providers/terraform-provider-azuredevops/azuredevops/internal/acceptancetests/testutils"
+)
+
+func hclWorkItemQueryPermissions(projectName string, path string, permissions map[string]string) string {
+	projectResource := testutils.HclProjectResource(projectName)
+
+	szPermissions := linq.From(permissions).
+		Select(func(i interface{}) interface{} {
+			kv := i.(linq.KeyValue)
+			return fmt.Sprintf(`%s = "%s"`, kv.Key, kv.Value)
+		}).
+		Aggregate(func(r interface{}, i interface{}) interface{} {
+			if r.(string) == "" {
+				return i
+			}
+			return r.(string) + "\n" + i.(string)
+		}).(string)
+
+	szPath := ""
+	if path != "" {
+		szPath = fmt.Sprintf("path = \"%s\"", path)
+	}
+
+	return fmt.Sprintf(`
+%s
+
+data "azuredevops_group" "project-administrators" {
+	project_id = azuredevops_project.project.id
+	name       = "Project administrators"
+}
+
+resource "azuredevops_workitemquery_permissions" "wiq-permissions" {
+	project_id  = azuredevops_project.project.id
+	principal   = data.azuredevops_group.project-administrators.id
+	%s
+	permissions = {
+		%s
+	}
+}
+`, projectResource, szPath, szPermissions)
+}
+
+func TestAccWorkItemQueryPermissions_SetProjectPermissions(t *testing.T) {
+	projectName := testutils.GenerateResourceName()
+	permissions := map[string]string{
+		"Contribute":        "Allow",
+		"Delete":            "Deny",
+		"ManagePermissions": "NotSet",
+	}
+	config := hclWorkItemQueryPermissions(projectName, "", permissions)
+
+	tfNode := "azuredevops_workitemquery_permissions.wiq-permissions"
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testutils.PreCheck(t, nil) },
+		Providers:    testutils.GetProviders(),
+		CheckDestroy: testutils.CheckProjectDestroyed,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testutils.CheckProjectExists(projectName),
+					resource.TestCheckResourceAttrSet(tfNode, "project_id"),
+					resource.TestCheckResourceAttrSet(tfNode, "principal"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.%", "3"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.Contribute", "allow"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.Delete", "deny"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.ManagePermissions", "notset"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccWorkItemQueryPermissions_UpdateProjectPermissions(t *testing.T) {
+	projectName := testutils.GenerateResourceName()
+	config1 := hclWorkItemQueryPermissions(projectName, "", map[string]string{
+		"Contribute":        "Allow",
+		"Delete":            "Deny",
+		"ManagePermissions": "NotSet",
+	})
+	config2 := hclWorkItemQueryPermissions(projectName, "", map[string]string{
+		"Contribute":        "Deny",
+		"Delete":            "Allow",
+		"ManagePermissions": "Deny",
+	})
+
+	tfNode := "azuredevops_workitemquery_permissions.wiq-permissions"
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testutils.PreCheck(t, nil) },
+		Providers:    testutils.GetProviders(),
+		CheckDestroy: testutils.CheckProjectDestroyed,
+		Steps: []resource.TestStep{
+			{
+				Config: config1,
+				Check: resource.ComposeTestCheckFunc(
+					testutils.CheckProjectExists(projectName),
+					resource.TestCheckResourceAttrSet(tfNode, "project_id"),
+					resource.TestCheckResourceAttrSet(tfNode, "principal"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.%", "3"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.Contribute", "allow"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.Delete", "deny"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.ManagePermissions", "notset"),
+				),
+			},
+			{
+				Config: config2,
+				Check: resource.ComposeTestCheckFunc(
+					testutils.CheckProjectExists(projectName),
+					resource.TestCheckResourceAttrSet(tfNode, "project_id"),
+					resource.TestCheckResourceAttrSet(tfNode, "principal"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.%", "3"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.Contribute", "deny"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.Delete", "allow"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.ManagePermissions", "deny"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccWorkItemQueryPermissions_SetSharedQueriesPermissions(t *testing.T) {
+	projectName := testutils.GenerateResourceName()
+	permissions := map[string]string{
+		"Contribute":        "Allow",
+		"Delete":            "Deny",
+		"ManagePermissions": "NotSet",
+	}
+	config := hclWorkItemQueryPermissions(projectName, "/", permissions)
+
+	tfNode := "azuredevops_workitemquery_permissions.wiq-permissions"
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testutils.PreCheck(t, nil) },
+		Providers:    testutils.GetProviders(),
+		CheckDestroy: testutils.CheckProjectDestroyed,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testutils.CheckProjectExists(projectName),
+					resource.TestCheckResourceAttrSet(tfNode, "project_id"),
+					resource.TestCheckResourceAttrSet(tfNode, "principal"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.%", "3"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.Contribute", "allow"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.Delete", "deny"),
+					resource.TestCheckResourceAttr(tfNode, "permissions.ManagePermissions", "notset"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccWorkItemQueryPermissions_SetInvalidFolderPermissions(t *testing.T) {
+	projectName := testutils.GenerateResourceName()
+	permissions := map[string]string{
+		"Contribute":        "Allow",
+		"Delete":            "Deny",
+		"ManagePermissions": "NotSet",
+	}
+	config := hclWorkItemQueryPermissions(projectName, "/invalid", permissions)
+
+	tfNode := "azuredevops_workitemquery_permissions.wiq-permissions"
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testutils.PreCheck(t, nil) },
+		Providers:    testutils.GetProviders(),
+		CheckDestroy: testutils.CheckProjectDestroyed,
+		Steps: []resource.TestStep{
+			{
+				Config:      config,
+				ExpectError: regexp.MustCompile("Unable to find query"),
+				Check: resource.ComposeTestCheckFunc(
+					testutils.CheckProjectExists(projectName),
+					resource.TestCheckNoResourceAttr(tfNode, "project_id"),
+					resource.TestCheckNoResourceAttr(tfNode, "principal"),
+					resource.TestCheckNoResourceAttr(tfNode, "permissions.Contribute"),
+					resource.TestCheckNoResourceAttr(tfNode, "permissions.Delete"),
+					resource.TestCheckNoResourceAttr(tfNode, "permissions.ManagePermissions"),
+				),
+			},
+		},
+	})
+}
diff --git a/azuredevops/internal/client/client.go b/azuredevops/internal/client/client.go
@@ -21,6 +21,7 @@ import (
 	"github.com/microsoft/azure-devops-go-api/azuredevops/security"
 	"github.com/microsoft/azure-devops-go-api/azuredevops/serviceendpoint"
 	"github.com/microsoft/azure-devops-go-api/azuredevops/taskagent"
+	"github.com/microsoft/azure-devops-go-api/azuredevops/workitemtracking"
 	"github.com/terraform-providers/terraform-provider-azuredevops/version"
 )
 
@@ -45,6 +46,7 @@ type AggregatedClient struct {
 	FeatureManagementClient       featuremanagement.Client
 	SecurityClient                security.Client
 	IdentityClient                identity.Client
+	WorkItemTrackingClient        workitemtracking.Client
 	Ctx                           context.Context
 }
 
@@ -133,7 +135,13 @@ func GetAzdoClient(azdoPAT string, organizationURL string, tfVersion string) (*A
 		return nil, err
 	}
 
-	featuremanagement := featuremanagement.NewClient(ctx, connection)
+	featuremanagementClient := featuremanagement.NewClient(ctx, connection)
+
+	workitemtrackingClient, err := workitemtracking.NewClient(ctx, connection)
+	if err != nil {
+		log.Printf("getAzdoClient(): workitemtracking.NewClient failed.")
+		return nil, err
+	}
 
 	aggregatedClient := &AggregatedClient{
 		OrganizationURL:               organizationURL,
@@ -146,9 +154,10 @@ func GetAzdoClient(azdoPAT string, organizationURL string, tfVersion string) (*A
 		ServiceEndpointClient:         serviceEndpointClient,
 		TaskAgentClient:               taskagentClient,
 		MemberEntitleManagementClient: memberentitlementmanagementClient,
-		FeatureManagementClient:       featuremanagement,
+		FeatureManagementClient:       featuremanagementClient,
 		SecurityClient:                securityClient,
 		IdentityClient:                identityClient,
+		WorkItemTrackingClient:        workitemtrackingClient,
 		Ctx:                           ctx,
 	}