diff --git a/codefresh/cfclient/gitops_abac_rules.go b/codefresh/cfclient/gitops_abac_rules.go index 0e09d30..69cc841 100644 --- a/codefresh/cfclient/gitops_abac_rules.go +++ b/codefresh/cfclient/gitops_abac_rules.go @@ -31,6 +31,7 @@ type GitopsAbacRuleResponse struct { Data struct { AbacRule GitopsAbacRule `json:"abacRule,omitempty"` CreateAbacRule GitopsAbacRule `json:"createAbacRule,omitempty"` + UpdateAbacRule GitopsAbacRule `json:"updateAbacRule,omitempty"` RemoveAbacRule GitopsAbacRule `json:"removeAbacRule,omitempty"` } `json:"data"` } @@ -165,6 +166,54 @@ func (client *Client) CreateAbacRule(gitopsAbacRule *GitopsAbacRule) (*GitopsAba return &gitopsAbacRuleResponse.Data.CreateAbacRule, nil } +func (client *Client) UpdateAbacRule(gitopsAbacRule *GitopsAbacRule) (*GitopsAbacRule, error) { + acc, err := client.GetCurrentAccount() + gitopsAbacRule.AccountId = acc.ID + if err != nil { + return nil, err + } + + request := GraphQLRequest{ + Query: `mutation ($accountId: String!, $updateAbacRuleInput: UpdateAbacRuleInput!) { + updateAbacRule( + accountId: $accountId + updateAbacRuleInput: $updateAbacRuleInput + ) { + id + accountId + entityType + teams + tags + actions + attributes { + name + key + value + } + } + } + `, + Variables: map[string]interface{}{ + "accountId": acc.ID, + "updateAbacRuleInput": gitopsAbacRule, + }, + } + + response, err := client.SendGqlRequest(request) + if err != nil { + fmt.Println("Error:", err) + return nil, err + } + + var gitopsAbacRuleResponse GitopsAbacRuleResponse + err = DecodeGraphQLResponseInto(response, &gitopsAbacRuleResponse) + if err != nil { + return nil, err + } + + return &gitopsAbacRuleResponse.Data.UpdateAbacRule, nil +} + func (client *Client) DeleteAbacRule(id string) (*GitopsAbacRule, error) { request := GraphQLRequest{ Query: ` diff --git a/codefresh/resource_abac_rules.go b/codefresh/resource_abac_rules.go index a1e6010..9b5c0cc 100644 --- a/codefresh/resource_abac_rules.go +++ b/codefresh/resource_abac_rules.go @@ -3,7 +3,6 @@ package codefresh import ( "context" "fmt" - "log" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/cfclient" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/internal/datautil" @@ -11,7 +10,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) -var validSetValues = []string{"REFRESH", "SYNC", "TERMINATE_SYNC", "VIEW_POD_LOGS", "APP_ROLLBACK", "TRIGGER_PROMOTION", "RETRY_RELEASE", "PROMOTE_TO"} +var validSetValues = []string{"REFRESH", "SYNC", "TERMINATE_SYNC", "VIEW_POD_LOGS", "APP_ROLLBACK", "TRIGGER_PROMOTION", "RETRY_RELEASE", "PROMOTE_TO", "RETRY_RELEASE", "ROLLOUT_ABORT", "ROLLOUT_PAUSE", "ROLLOUT_PROMOTE_FULL", "ROLLOUT_RESUME", "ROLLOUT_RESTART"} func resourceGitopsAbacRule() *schema.Resource { return &schema.Resource{ @@ -58,6 +57,10 @@ The effective tags of the resource to apply the permission to. There are two spe `, Type: schema.TypeSet, Optional: true, + Computed: true, + DefaultFunc: func() (interface{}, error) { + return []string{"*", "untagged"}, nil + }, Elem: &schema.Schema{ Type: schema.TypeString, }, @@ -102,7 +105,6 @@ Action to be allowed. Possible values: }, CustomizeDiff: func(ctx context.Context, diff *schema.ResourceDiff, v interface{}) error { actions := diff.Get("actions").(*schema.Set).List() - for _, action := range actions { actionStr := action.(string) if !contains(validSetValues, actionStr) { @@ -169,17 +171,11 @@ func resourceGitopsAbacRuleUpdate(d *schema.ResourceData, meta interface{}) erro client := meta.(*cfclient.Client) abacRule := *mapResourceToGitopsAbacRule(d) - resp, err := client.CreateAbacRule(&abacRule) + _, err := client.UpdateAbacRule(&abacRule) if err != nil { return err } - deleteErr := resourceGitopsAbacRuleDelete(d, meta) - if deleteErr != nil { - log.Printf("[WARN] failed to delete permission %v: %v", abacRule, deleteErr) - } - d.SetId(resp.ID) - return resourceGitopsAbacRuleRead(d, meta) }