Add astro team roles resource for workspace/deployment-team memberships (#69)

Co-authored-by: Isaac Chung <69920967+ichung08@users.noreply.github.com>

Author: vandyliu

.github/workflows/testacc.yml

@@ -89,6 +89,7 @@ jobs:
           HYBRID_NODE_POOL_ID: clnp86ly5000301ndzfxz895w
           ASTRO_API_HOST: https://api.astronomer-dev.io
           SKIP_CLUSTER_RESOURCE_TESTS: ${{ env.SKIP_CLUSTER_RESOURCE_TESTS }}
+          HOSTED_TEAM_ID: clwbclrc100bl01ozjj5s4jmq
           TESTARGS: "-failfast"
         run: make testacc
 
@@ -129,6 +130,7 @@ jobs:
           HYBRID_CLUSTER_ID: clqqongl40fmv01m96dvxh2nu
           HYBRID_NODE_POOL_ID: clqqongl40fmu01m94pwp4kct
           ASTRO_API_HOST: https://api.astronomer-stage.io
+          HOSTED_TEAM_ID: clwv0r0x7091n01l0t1fm4vxy
           TESTARGS: "-failfast"
         run: make testacc
 
@@ -169,5 +171,6 @@ jobs:
           HYBRID_CLUSTER_ID: clnp86ly5000401ndagu20g81
           HYBRID_NODE_POOL_ID: clnp86ly5000301ndzfxz895w
           ASTRO_API_HOST: https://api.astronomer-dev.io
+          HOSTED_TEAM_ID: clwbclrc100bl01ozjj5s4jmq
           TESTARGS: "-failfast"
         run: make testacc

docs/resources/team_roles.md

@@ -0,0 +1,97 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "astro_team_roles Resource - astro"
+subcategory: ""
+description: |-
+  Team Roles resource
+---
+
+# astro_team_roles (Resource)
+
+Team Roles resource
+
+## Example Usage
+
+```terraform
+resource "astro_team_roles" "organization_role_only" {
+  team_id           = "clnp86ly5000401ndaga21g81"
+  organization_role = "ORGANIZATION_MEMBER"
+}
+
+resource "astro_team_roles" "workspace_roles" {
+  team_id           = "clnp86ly5000401ndaga21g81"
+  organization_role = "ORGANIZATION_MEMBER"
+  workspace_roles = [
+    {
+      workspace_id = "clwp86ly5000401ndaga21g85"
+      role         = "WORKSPACE_ADMIN"
+    },
+    {
+      workspace_id = "clwp86ly5000401ndaga21g82"
+      role         = "WORKSPACE_MEMBER"
+    }
+  ]
+}
+
+resource "astro_team_roles" "deployment_roles" {
+  team_id           = "clnp86ly5000401ndaga21g81"
+  organization_role = "ORGANIZATION_MEMBER"
+  deployment_roles = [
+    {
+      deployment_id = "cldp86ly5000401ndaga21g86"
+      role          = "DEPLOYMENT_ADMIN"
+    }
+  ]
+}
+
+resource "astro_team_roles" "all_roles" {
+  team_id           = "clnp86ly5000401ndaga21g81"
+  organization_role = "ORGANIZATION_MEMBER"
+  workspace_roles = [
+    {
+      workspace_id = "clwp86ly5000401ndaga21g85"
+      role         = "WORKSPACE_OWNER"
+    },
+    {
+      workspace_id = "clwp86ly5000401ndaga21g82"
+      role         = "WORKSPACE_MEMBER"
+    }
+  ]
+  deployment_roles = [
+    {
+      deployment_id = "cldp86ly5000401ndaga21g86"
+      role          = "my custom role"
+    }
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `organization_role` (String) The role to assign to the organization
+- `team_id` (String) The ID of the team to assign the roles to
+
+### Optional
+
+- `deployment_roles` (Attributes Set) The roles to assign to the deployments (see [below for nested schema](#nestedatt--deployment_roles))
+- `workspace_roles` (Attributes Set) The roles to assign to the workspaces (see [below for nested schema](#nestedatt--workspace_roles))
+
+<a id="nestedatt--deployment_roles"></a>
+### Nested Schema for `deployment_roles`
+
+Required:
+
+- `deployment_id` (String) The ID of the deployment to assign the role to
+- `role` (String) The role to assign to the deployment
+
+
+<a id="nestedatt--workspace_roles"></a>
+### Nested Schema for `workspace_roles`
+
+Required:
+
+- `role` (String) The role to assign to the workspace
+- `workspace_id` (String) The ID of the workspace to assign the role to

examples/resources/astro_team_roles/resource.tf

@@ -0,0 +1,51 @@
+resource "astro_team_roles" "organization_role_only" {
+  team_id           = "clnp86ly5000401ndaga21g81"
+  organization_role = "ORGANIZATION_MEMBER"
+}
+
+resource "astro_team_roles" "workspace_roles" {
+  team_id           = "clnp86ly5000401ndaga21g81"
+  organization_role = "ORGANIZATION_MEMBER"
+  workspace_roles = [
+    {
+      workspace_id = "clwp86ly5000401ndaga21g85"
+      role         = "WORKSPACE_ADMIN"
+    },
+    {
+      workspace_id = "clwp86ly5000401ndaga21g82"
+      role         = "WORKSPACE_MEMBER"
+    }
+  ]
+}
+
+resource "astro_team_roles" "deployment_roles" {
+  team_id           = "clnp86ly5000401ndaga21g81"
+  organization_role = "ORGANIZATION_MEMBER"
+  deployment_roles = [
+    {
+      deployment_id = "cldp86ly5000401ndaga21g86"
+      role          = "DEPLOYMENT_ADMIN"
+    }
+  ]
+}
+
+resource "astro_team_roles" "all_roles" {
+  team_id           = "clnp86ly5000401ndaga21g81"
+  organization_role = "ORGANIZATION_MEMBER"
+  workspace_roles = [
+    {
+      workspace_id = "clwp86ly5000401ndaga21g85"
+      role         = "WORKSPACE_OWNER"
+    },
+    {
+      workspace_id = "clwp86ly5000401ndaga21g82"
+      role         = "WORKSPACE_MEMBER"
+    }
+  ]
+  deployment_roles = [
+    {
+      deployment_id = "cldp86ly5000401ndaga21g86"
+      role          = "my custom role"
+    }
+  ]
+}

internal/provider/models/role.go

@@ -0,0 +1,42 @@
+package models
+
+import (
+	"context"
+
+	"github.com/astronomer/terraform-provider-astro/internal/clients/iam"
+	"github.com/astronomer/terraform-provider-astro/internal/provider/schemas"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type WorkspaceRole struct {
+	WorkspaceId types.String `tfsdk:"workspace_id"`
+	Role        types.String `tfsdk:"role"`
+}
+
+func WorkspaceRoleTypesObject(
+	ctx context.Context,
+	role iam.WorkspaceRole,
+) (types.Object, diag.Diagnostics) {
+	obj := WorkspaceRole{
+		WorkspaceId: types.StringValue(role.WorkspaceId),
+		Role:        types.StringValue(string(role.Role)),
+	}
+	return types.ObjectValueFrom(ctx, schemas.WorkspaceRoleAttributeTypes(), obj)
+}
+
+type DeploymentRole struct {
+	DeploymentId types.String `tfsdk:"deployment_id"`
+	Role         types.String `tfsdk:"role"`
+}
+
+func DeploymentRoleTypesObject(
+	ctx context.Context,
+	role iam.DeploymentRole,
+) (types.Object, diag.Diagnostics) {
+	obj := DeploymentRole{
+		DeploymentId: types.StringValue(role.DeploymentId),
+		Role:         types.StringValue(role.Role),
+	}
+	return types.ObjectValueFrom(ctx, schemas.DeploymentRoleAttributeTypes(), obj)
+}

internal/provider/models/team_roles.go

@@ -0,0 +1,38 @@
+package models
+
+import (
+	"context"
+
+	"github.com/astronomer/terraform-provider-astro/internal/clients/iam"
+	"github.com/astronomer/terraform-provider-astro/internal/provider/schemas"
+	"github.com/astronomer/terraform-provider-astro/internal/utils"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+// TeamRoles describes the team_roles resource
+type TeamRoles struct {
+	TeamId           types.String `tfsdk:"team_id"`
+	OrganizationRole types.String `tfsdk:"organization_role"`
+	WorkspaceRoles   types.Set    `tfsdk:"workspace_roles"`
+	DeploymentRoles  types.Set    `tfsdk:"deployment_roles"`
+}
+
+func (data *TeamRoles) ReadFromResponse(
+	ctx context.Context,
+	teamId string,
+	teamRoles *iam.SubjectRoles,
+) diag.Diagnostics {
+	var diags diag.Diagnostics
+	data.TeamId = types.StringValue(teamId)
+	data.OrganizationRole = types.StringPointerValue((*string)(teamRoles.OrganizationRole))
+	data.WorkspaceRoles, diags = utils.ObjectSet(ctx, teamRoles.WorkspaceRoles, schemas.WorkspaceRoleAttributeTypes(), WorkspaceRoleTypesObject)
+	if diags.HasError() {
+		return diags
+	}
+	data.DeploymentRoles, diags = utils.ObjectSet(ctx, teamRoles.DeploymentRoles, schemas.DeploymentRoleAttributeTypes(), DeploymentRoleTypesObject)
+	if diags.HasError() {
+		return diags
+	}
+	return nil
+}

internal/provider/provider.go

@@ -123,6 +123,7 @@ func (p *AstroProvider) Resources(ctx context.Context) []func() resource.Resourc
 		resources.NewWorkspaceResource,
 		resources.NewDeploymentResource,
 		resources.NewClusterResource,
+		resources.NewTeamRolesResource,
 	}
 }
 

internal/provider/provider_test_utils.go

@@ -44,6 +44,9 @@ func TestAccPreCheck(t *testing.T) {
 	if hybridNodePoolId := os.Getenv("HYBRID_NODE_POOL_ID"); len(hybridNodePoolId) == 0 {
 		missingEnvVars = append(missingEnvVars, "HYBRID_NODE_POOL_ID")
 	}
+	if hostedTeamId := os.Getenv("HOSTED_TEAM_ID"); len(hostedTeamId) == 0 {
+		missingEnvVars = append(missingEnvVars, "HOSTED_TEAM_ID")
+	}
 	if len(missingEnvVars) > 0 {
 		t.Fatalf("Pre-check failed: %+v must be set for acceptance tests", strings.Join(missingEnvVars, ", "))
 	}