Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit aa380e2

Browse files
ethanndicksonethanndickson
authored
fix: correctly patch template acl (#90)
1 parent 8a9647f commit aa380e2

File tree

2 files changed

+58
-20
lines changed

2 files changed

+58
-20
lines changed

internal/provider/template_resource.go

+23-5
Original file line numberDiff line numberDiff line change
@@ -531,7 +531,7 @@ func (r *TemplateResource) Create(ctx context.Context, req resource.CreateReques
531531
if resp.Diagnostics.HasError() {
532532
return
533533
}
534-
err = client.UpdateTemplateACL(ctx, templateResp.ID, convertACLToRequest(acl))
534+
err = client.UpdateTemplateACL(ctx, templateResp.ID, convertACLToRequest(codersdk.TemplateACL{}, acl))
535535
if err != nil {
536536
resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to create template ACL: %s", err))
537537
return
@@ -684,7 +684,13 @@ func (r *TemplateResource) Update(ctx context.Context, req resource.UpdateReques
684684
if resp.Diagnostics.HasError() {
685685
return
686686
}
687-
err := client.UpdateTemplateACL(ctx, templateID, convertACLToRequest(acl))
687+
curACL, err := client.TemplateACL(ctx, templateID)
688+
if err != nil {
689+
resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to get template ACL: %s", err))
690+
return
691+
}
692+
693+
err = client.UpdateTemplateACL(ctx, templateID, convertACLToRequest(curACL, acl))
688694
if err != nil {
689695
resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to update template ACL: %s", err))
690696
return
@@ -1053,15 +1059,27 @@ func markActive(ctx context.Context, client *codersdk.Client, templateID uuid.UU
10531059
return nil
10541060
}
10551061

1056-
func convertACLToRequest(permissions ACL) codersdk.UpdateTemplateACL {
1062+
func convertACLToRequest(curACL codersdk.TemplateACL, newACL ACL) codersdk.UpdateTemplateACL {
10571063
var userPerms = make(map[string]codersdk.TemplateRole)
1058-
for _, perm := range permissions.UserPermissions {
1064+
for _, perm := range newACL.UserPermissions {
10591065
userPerms[perm.ID.ValueString()] = codersdk.TemplateRole(perm.Role.ValueString())
10601066
}
10611067
var groupPerms = make(map[string]codersdk.TemplateRole)
1062-
for _, perm := range permissions.GroupPermissions {
1068+
for _, perm := range newACL.GroupPermissions {
10631069
groupPerms[perm.ID.ValueString()] = codersdk.TemplateRole(perm.Role.ValueString())
10641070
}
1071+
// For each user or group to remove, we need to set their role to empty
1072+
// string.
1073+
for _, perm := range curACL.Users {
1074+
if _, ok := userPerms[perm.ID.String()]; !ok {
1075+
userPerms[perm.ID.String()] = ""
1076+
}
1077+
}
1078+
for _, perm := range curACL.Groups {
1079+
if _, ok := groupPerms[perm.ID.String()]; !ok {
1080+
groupPerms[perm.ID.String()] = ""
1081+
}
1082+
}
10651083
return codersdk.UpdateTemplateACL{
10661084
UserPerms: userPerms,
10671085
GroupPerms: groupPerms,

internal/provider/template_resource_test.go

+35-15
Original file line numberDiff line numberDiff line change
@@ -357,6 +357,12 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
357357
firstUser, err := client.User(ctx, codersdk.Me)
358358
require.NoError(t, err)
359359

360+
group, err := client.CreateGroup(ctx, firstUser.OrganizationIDs[0], codersdk.CreateGroupRequest{
361+
Name: "bosses",
362+
QuotaAllowance: 200,
363+
})
364+
require.NoError(t, err)
365+
360366
cfg1 := testAccTemplateResourceConfig{
361367
URL: client.URL.String(),
362368
Token: client.SessionToken(),
@@ -366,13 +372,6 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
366372
// Auto-generated version name
367373
Directory: PtrTo("../../integration/template-test/example-template"),
368374
Active: PtrTo(true),
369-
// TODO(ethanndickson): Remove this when we add in `*.tfvars` parsing
370-
TerraformVariables: []testAccTemplateKeyValueConfig{
371-
{
372-
Key: PtrTo("name"),
373-
Value: PtrTo("world"),
374-
},
375-
},
376375
},
377376
},
378377
ACL: testAccTemplateACLConfig{
@@ -381,6 +380,10 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
381380
Key: PtrTo(firstUser.OrganizationIDs[0].String()),
382381
Value: PtrTo("use"),
383382
},
383+
{
384+
Key: PtrTo(group.ID.String()),
385+
Value: PtrTo("admin"),
386+
},
384387
},
385388
UserACL: []testAccTemplateKeyValueConfig{
386389
{
@@ -392,11 +395,14 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
392395
}
393396

394397
cfg2 := cfg1
395-
cfg2.ACL.null = true
398+
cfg2.ACL.GroupACL = slices.Clone(cfg2.ACL.GroupACL[1:])
396399

397400
cfg3 := cfg2
398-
cfg3.AllowUserAutostart = PtrTo(false)
399-
cfg3.AutostopRequirement = testAccAutostopRequirementConfig{
401+
cfg3.ACL.null = true
402+
403+
cfg4 := cfg3
404+
cfg4.AllowUserAutostart = PtrTo(false)
405+
cfg4.AutostopRequirement = testAccAutostopRequirementConfig{
400406
DaysOfWeek: PtrTo([]string{"monday", "tuesday"}),
401407
Weeks: PtrTo(int64(2)),
402408
}
@@ -409,19 +415,33 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
409415
{
410416
Config: cfg1.String(t),
411417
Check: resource.ComposeAggregateTestCheckFunc(
412-
resource.TestCheckResourceAttr("coderd_template.test", "acl.groups.#", "1"),
418+
resource.TestCheckResourceAttr("coderd_template.test", "acl.groups.#", "2"),
413419
resource.TestMatchTypeSetElemNestedAttrs("coderd_template.test", "acl.groups.*", map[string]*regexp.Regexp{
414-
"id": regexp.MustCompile(".+"),
420+
"id": regexp.MustCompile(firstUser.OrganizationIDs[0].String()),
415421
"role": regexp.MustCompile("^use$"),
416422
}),
423+
resource.TestMatchTypeSetElemNestedAttrs("coderd_template.test", "acl.groups.*", map[string]*regexp.Regexp{
424+
"id": regexp.MustCompile(group.ID.String()),
425+
"role": regexp.MustCompile("^admin$"),
426+
}),
427+
resource.TestCheckResourceAttr("coderd_template.test", "acl.users.#", "1"),
417428
resource.TestMatchTypeSetElemNestedAttrs("coderd_template.test", "acl.users.*", map[string]*regexp.Regexp{
418-
"id": regexp.MustCompile(".+"),
429+
"id": regexp.MustCompile(firstUser.ID.String()),
419430
"role": regexp.MustCompile("^admin$"),
420431
}),
421432
),
422433
},
423434
{
424435
Config: cfg2.String(t),
436+
Check: resource.ComposeAggregateTestCheckFunc(
437+
resource.TestMatchTypeSetElemNestedAttrs("coderd_template.test", "acl.users.*", map[string]*regexp.Regexp{
438+
"id": regexp.MustCompile(firstUser.ID.String()),
439+
"role": regexp.MustCompile("^admin$"),
440+
}),
441+
),
442+
},
443+
{
444+
Config: cfg3.String(t),
425445
Check: resource.ComposeAggregateTestCheckFunc(
426446
resource.TestCheckNoResourceAttr("coderd_template.test", "acl"),
427447
func(s *terraform.State) error {
@@ -439,7 +459,7 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
439459
if len(acl.Groups) != 1 {
440460
return fmt.Errorf("expected 1 group ACL, got %d", len(acl.Groups))
441461
}
442-
if acl.Groups[0].Role != "use" && acl.Groups[0].ID != firstUser.OrganizationIDs[0] {
462+
if acl.Groups[0].Role != "admin" && acl.Groups[0].ID != group.ID {
443463
return fmt.Errorf("expected group ACL to be 'use' for %s, got %s", firstUser.OrganizationIDs[0].String(), acl.Groups[0].Role)
444464
}
445465
if len(acl.Users) != 1 {
@@ -453,7 +473,7 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
453473
),
454474
},
455475
{
456-
Config: cfg3.String(t),
476+
Config: cfg4.String(t),
457477
Check: resource.ComposeAggregateTestCheckFunc(
458478
resource.TestCheckResourceAttr("coderd_template.test", "allow_user_auto_start", "false"),
459479
resource.TestCheckResourceAttr("coderd_template.test", "auto_stop_requirement.days_of_week.#", "2"),

0 commit comments

Comments
 (0)