add support for IW Triggers Team restrictions

PagerDuty · Apr 22, 2024 · 24555a4 · 24555a4
1 parent 78fde86
commit 24555a4
Show file tree

Hide file tree

Showing 2 changed files with 178 additions and 0 deletions.
diff --git a/pagerduty/resource_pagerduty_incident_workflow_trigger.go b/pagerduty/resource_pagerduty_incident_workflow_trigger.go
@@ -52,6 +52,24 @@ func resourcePagerDutyIncidentWorkflowTrigger() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"permissions": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"restricted": {
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
+						"team_id": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -138,6 +156,23 @@ func validateIncidentWorkflowTrigger(_ context.Context, d *schema.ResourceDiff,
 		return fmt.Errorf("when trigger type conditional is used, condition must be specified")
 	}
 
+	permissionsData, hadPermissions := d.GetOk("permissions")
+	if hadPermissions {
+		permissions := permissionsData.([]interface{})
+		if len(permissions) > 0 {
+			permission := permissions[0].(map[string]interface{})
+			if triggerType != "manual" && permission["restricted"].(bool) {
+				return fmt.Errorf("restricted can only be true when trigger type is manual")
+			}
+			if !permission["restricted"].(bool) && permission["team_id"].(string) != "" {
+				return fmt.Errorf("team_id not allowed when restricted is false")
+			}
+			if permission["restricted"].(bool) && permission["team_id"].(string) == "" {
+				return fmt.Errorf("team_id must be specified when restricted is true")
+			}
+		}
+	}
+
 	s, hadServices := d.GetOk("services")
 	all := d.Get("subscribed_to_all_services").(bool)
 	if all && hadServices && len(s.([]interface{})) > 0 {
@@ -186,6 +221,14 @@ func flattenIncidentWorkflowTrigger(d *schema.ResourceData, t *pagerduty.Inciden
 	if t.Condition != nil {
 		d.Set("condition", t.Condition)
 	}
+	if t.Permissions != nil {
+		d.Set("permissions", []map[string]interface{}{
+			{
+				"restricted": t.Permissions.Restricted,
+				"team_id":    t.Permissions.TeamID,
+			},
+		})
+	}
 
 	return nil
 }
@@ -219,6 +262,10 @@ func buildIncidentWorkflowTriggerStruct(d *schema.ResourceData, forUpdate bool)
 		iwt.Condition = &condStr
 	}
 
+	if permissions, ok := d.GetOk("permissions"); ok {
+		iwt.Permissions = expandIncidentWorkflowTriggerPermissions(permissions)
+	}
+
 	return &iwt, nil
 }
 
@@ -232,3 +279,18 @@ func buildIncidentWorkflowTriggerServices(s interface{}) []*pagerduty.ServiceRef
 	}
 	return newServices
 }
+
+func expandIncidentWorkflowTriggerPermissions(v interface{}) *pagerduty.IncidentWorkflowTriggerPermissions {
+	var permissions *pagerduty.IncidentWorkflowTriggerPermissions
+
+	permissionsData, ok := v.([]interface{})
+	if ok && len(permissionsData) > 0 {
+		p := permissionsData[0].(map[string]interface{})
+		permissions = &pagerduty.IncidentWorkflowTriggerPermissions{
+			Restricted: p["restricted"].(bool),
+			TeamID:     p["team_id"].(string),
+		}
+	}
+
+	return permissions
+}
diff --git a/pagerduty/resource_pagerduty_incident_workflow_trigger_test.go b/pagerduty/resource_pagerduty_incident_workflow_trigger_test.go
@@ -228,6 +228,122 @@ func TestAccPagerDutyIncidentWorkflowTrigger_BasicConditionalAllServices(t *test
 	})
 }
 
+func TestAccPagerDutyIncidentWorkflowTrigger_ManualWithTeamPermissions(t *testing.T) {
+	username := fmt.Sprintf("tf-%s", acctest.RandString(5))
+	email := fmt.Sprintf("%[email protected]", username)
+	escalationPolicy := fmt.Sprintf("tf-%s", acctest.RandString(5))
+	service := fmt.Sprintf("tf-%s", acctest.RandString(5))
+	workflow := fmt.Sprintf("tf-%s", acctest.RandString(5))
+	team := fmt.Sprintf("tf-%s", acctest.RandString(5))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPreCheckIncidentWorkflows(t)
+		},
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckPagerDutyIncidentWorkflowTriggerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckPagerDutyIncidentWorkflowTriggerConfigManualWithPermissions(username, email, escalationPolicy, service, team, workflow),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPagerDutyIncidentWorkflowTriggerExists("pagerduty_incident_workflow_trigger.test"),
+					resource.TestCheckResourceAttr(
+						"pagerduty_incident_workflow_trigger.test", "type", "manual"),
+					resource.TestCheckResourceAttr(
+						"pagerduty_incident_workflow_trigger.test", "permissions.0.restricted", "false"),
+				),
+			},
+			{
+				Config: testAccCheckPagerDutyIncidentWorkflowTriggerConfigManualWithPermissionsUpdated(username, email, escalationPolicy, service, team, workflow),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPagerDutyIncidentWorkflowTriggerExists("pagerduty_incident_workflow_trigger.test"),
+					resource.TestCheckResourceAttr(
+						"pagerduty_incident_workflow_trigger.test", "type", "manual"),
+					resource.TestCheckResourceAttr(
+						"pagerduty_incident_workflow_trigger.test", "permissions.0.restricted", "true"),
+					testAccCheckPagerDutyIncidentWorkflowTriggerCheckPermissionsTeamId("pagerduty_incident_workflow_trigger.test", "pagerduty_team.foo"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckPagerDutyIncidentWorkflowTriggerConfigManualWithPermissions(username, email, escalationPolicy, service, workflow, team string) string {
+	return fmt.Sprintf(`
+%s
+
+%s
+
+resource "pagerduty_team" "foo" {
+  name = %q
+}
+
+resource "pagerduty_incident_workflow_trigger" "test" {
+  type                       = "manual"
+  workflow                   = pagerduty_incident_workflow.test.id
+  services                   = [pagerduty_service.foo.id]
+  subscribed_to_all_services = false
+}
+`, testAccCheckPagerDutyServiceConfig(username, email, escalationPolicy, service), testAccCheckPagerDutyIncidentWorkflowConfig(workflow), team)
+}
+
+func testAccCheckPagerDutyIncidentWorkflowTriggerConfigManualWithPermissionsUpdated(username, email, escalationPolicy, service, workflow, team string) string {
+	return fmt.Sprintf(`
+%s
+
+%s
+
+resource "pagerduty_team" "foo" {
+  name = %q
+}
+
+resource "pagerduty_incident_workflow_trigger" "test" {
+  type                       = "manual"
+  workflow                   = pagerduty_incident_workflow.test.id
+  services                   = [pagerduty_service.foo.id]
+  subscribed_to_all_services = false
+  permissions {
+    restricted = true
+    team_id    = pagerduty_team.foo.id
+  }
+}
+`, testAccCheckPagerDutyServiceConfig(username, email, escalationPolicy, service), testAccCheckPagerDutyIncidentWorkflowConfig(workflow), team)
+}
+
+func testAccCheckPagerDutyIncidentWorkflowTriggerCheckPermissionsTeamId(iwtName, teamName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rsIWT, ok := s.RootModule().Resources[iwtName]
+		if !ok {
+			return fmt.Errorf("not found: %s", iwtName)
+		}
+		if rsIWT.Primary.ID == "" {
+			return fmt.Errorf("no incident workflow trigger ID is set")
+		}
+
+		rsTeam, ok := s.RootModule().Resources[teamName]
+		if !ok {
+			return fmt.Errorf("not found: %s", teamName)
+		}
+		if rsTeam.Primary.ID == "" {
+			return fmt.Errorf("no team ID is set")
+		}
+
+		client, _ := testAccProvider.Meta().(*Config).Client()
+
+		found, _, err := client.IncidentWorkflowTriggers.Get(rsIWT.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		if found.Permissions.TeamID != rsTeam.Primary.ID {
+			return fmt.Errorf("incident workflow trigger team restriction wanted %q, but got %q", rsTeam.Primary.ID, found.Permissions.TeamID)
+		}
+
+		return nil
+	}
+}
+
 func TestAccPagerDutyIncidentWorkflowTrigger_ChangeTypeCausesReplace(t *testing.T) {
 	workflow := fmt.Sprintf("tf-%s", acctest.RandString(5))