diff --git a/pagerduty/resource_pagerduty_incident_workflow_trigger.go b/pagerduty/resource_pagerduty_incident_workflow_trigger.go index 8d38aa948..9dececefe 100644 --- a/pagerduty/resource_pagerduty_incident_workflow_trigger.go +++ b/pagerduty/resource_pagerduty_incident_workflow_trigger.go @@ -52,6 +52,24 @@ func resourcePagerDutyIncidentWorkflowTrigger() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "permissions": { + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "restricted": { + Type: schema.TypeBool, + Optional: true, + }, + "team_id": { + Type: schema.TypeString, + Optional: true, + }, + }, + }, + }, }, } } @@ -138,6 +156,23 @@ func validateIncidentWorkflowTrigger(_ context.Context, d *schema.ResourceDiff, return fmt.Errorf("when trigger type conditional is used, condition must be specified") } + permissionsData, hadPermissions := d.GetOk("permissions") + if hadPermissions { + permissions := permissionsData.([]interface{}) + if len(permissions) > 0 { + permission := permissions[0].(map[string]interface{}) + if triggerType != "manual" && permission["restricted"].(bool) { + return fmt.Errorf("restricted can only be true when trigger type is manual") + } + if !permission["restricted"].(bool) && permission["team_id"].(string) != "" { + return fmt.Errorf("team_id not allowed when restricted is false") + } + if permission["restricted"].(bool) && permission["team_id"].(string) == "" { + return fmt.Errorf("team_id must be specified when restricted is true") + } + } + } + s, hadServices := d.GetOk("services") all := d.Get("subscribed_to_all_services").(bool) if all && hadServices && len(s.([]interface{})) > 0 { @@ -186,6 +221,14 @@ func flattenIncidentWorkflowTrigger(d *schema.ResourceData, t *pagerduty.Inciden if t.Condition != nil { d.Set("condition", t.Condition) } + if t.Permissions != nil { + d.Set("permissions", []map[string]interface{}{ + { + "restricted": t.Permissions.Restricted, + "team_id": t.Permissions.TeamID, + }, + }) + } return nil } @@ -219,6 +262,10 @@ func buildIncidentWorkflowTriggerStruct(d *schema.ResourceData, forUpdate bool) iwt.Condition = &condStr } + if permissions, ok := d.GetOk("permissions"); ok { + iwt.Permissions = expandIncidentWorkflowTriggerPermissions(permissions) + } + return &iwt, nil } @@ -232,3 +279,18 @@ func buildIncidentWorkflowTriggerServices(s interface{}) []*pagerduty.ServiceRef } return newServices } + +func expandIncidentWorkflowTriggerPermissions(v interface{}) *pagerduty.IncidentWorkflowTriggerPermissions { + var permissions *pagerduty.IncidentWorkflowTriggerPermissions + + permissionsData, ok := v.([]interface{}) + if ok && len(permissionsData) > 0 { + p := permissionsData[0].(map[string]interface{}) + permissions = &pagerduty.IncidentWorkflowTriggerPermissions{ + Restricted: p["restricted"].(bool), + TeamID: p["team_id"].(string), + } + } + + return permissions +} diff --git a/pagerduty/resource_pagerduty_incident_workflow_trigger_test.go b/pagerduty/resource_pagerduty_incident_workflow_trigger_test.go index f11484eef..a9bac13a4 100644 --- a/pagerduty/resource_pagerduty_incident_workflow_trigger_test.go +++ b/pagerduty/resource_pagerduty_incident_workflow_trigger_test.go @@ -228,6 +228,122 @@ func TestAccPagerDutyIncidentWorkflowTrigger_BasicConditionalAllServices(t *test }) } +func TestAccPagerDutyIncidentWorkflowTrigger_ManualWithTeamPermissions(t *testing.T) { + username := fmt.Sprintf("tf-%s", acctest.RandString(5)) + email := fmt.Sprintf("%s@foo.test", username) + escalationPolicy := fmt.Sprintf("tf-%s", acctest.RandString(5)) + service := fmt.Sprintf("tf-%s", acctest.RandString(5)) + workflow := fmt.Sprintf("tf-%s", acctest.RandString(5)) + team := fmt.Sprintf("tf-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckIncidentWorkflows(t) + }, + ProviderFactories: testAccProviderFactories, + CheckDestroy: testAccCheckPagerDutyIncidentWorkflowTriggerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckPagerDutyIncidentWorkflowTriggerConfigManualWithPermissions(username, email, escalationPolicy, service, team, workflow), + Check: resource.ComposeTestCheckFunc( + testAccCheckPagerDutyIncidentWorkflowTriggerExists("pagerduty_incident_workflow_trigger.test"), + resource.TestCheckResourceAttr( + "pagerduty_incident_workflow_trigger.test", "type", "manual"), + resource.TestCheckResourceAttr( + "pagerduty_incident_workflow_trigger.test", "permissions.0.restricted", "false"), + ), + }, + { + Config: testAccCheckPagerDutyIncidentWorkflowTriggerConfigManualWithPermissionsUpdated(username, email, escalationPolicy, service, team, workflow), + Check: resource.ComposeTestCheckFunc( + testAccCheckPagerDutyIncidentWorkflowTriggerExists("pagerduty_incident_workflow_trigger.test"), + resource.TestCheckResourceAttr( + "pagerduty_incident_workflow_trigger.test", "type", "manual"), + resource.TestCheckResourceAttr( + "pagerduty_incident_workflow_trigger.test", "permissions.0.restricted", "true"), + testAccCheckPagerDutyIncidentWorkflowTriggerCheckPermissionsTeamId("pagerduty_incident_workflow_trigger.test", "pagerduty_team.foo"), + ), + }, + }, + }) +} + +func testAccCheckPagerDutyIncidentWorkflowTriggerConfigManualWithPermissions(username, email, escalationPolicy, service, workflow, team string) string { + return fmt.Sprintf(` +%s + +%s + +resource "pagerduty_team" "foo" { + name = %q +} + +resource "pagerduty_incident_workflow_trigger" "test" { + type = "manual" + workflow = pagerduty_incident_workflow.test.id + services = [pagerduty_service.foo.id] + subscribed_to_all_services = false +} +`, testAccCheckPagerDutyServiceConfig(username, email, escalationPolicy, service), testAccCheckPagerDutyIncidentWorkflowConfig(workflow), team) +} + +func testAccCheckPagerDutyIncidentWorkflowTriggerConfigManualWithPermissionsUpdated(username, email, escalationPolicy, service, workflow, team string) string { + return fmt.Sprintf(` +%s + +%s + +resource "pagerduty_team" "foo" { + name = %q +} + +resource "pagerduty_incident_workflow_trigger" "test" { + type = "manual" + workflow = pagerduty_incident_workflow.test.id + services = [pagerduty_service.foo.id] + subscribed_to_all_services = false + permissions { + restricted = true + team_id = pagerduty_team.foo.id + } +} +`, testAccCheckPagerDutyServiceConfig(username, email, escalationPolicy, service), testAccCheckPagerDutyIncidentWorkflowConfig(workflow), team) +} + +func testAccCheckPagerDutyIncidentWorkflowTriggerCheckPermissionsTeamId(iwtName, teamName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rsIWT, ok := s.RootModule().Resources[iwtName] + if !ok { + return fmt.Errorf("not found: %s", iwtName) + } + if rsIWT.Primary.ID == "" { + return fmt.Errorf("no incident workflow trigger ID is set") + } + + rsTeam, ok := s.RootModule().Resources[teamName] + if !ok { + return fmt.Errorf("not found: %s", teamName) + } + if rsTeam.Primary.ID == "" { + return fmt.Errorf("no team ID is set") + } + + client, _ := testAccProvider.Meta().(*Config).Client() + + found, _, err := client.IncidentWorkflowTriggers.Get(rsIWT.Primary.ID) + if err != nil { + return err + } + + if found.Permissions.TeamID != rsTeam.Primary.ID { + return fmt.Errorf("incident workflow trigger team restriction wanted %q, but got %q", rsTeam.Primary.ID, found.Permissions.TeamID) + } + + return nil + } +} + func TestAccPagerDutyIncidentWorkflowTrigger_ChangeTypeCausesReplace(t *testing.T) { workflow := fmt.Sprintf("tf-%s", acctest.RandString(5))