Merge pull request #254 from dbt-labs/release-0.3.3

CHANGELOG.md

@@ -2,9 +2,15 @@
 
 All notable changes to this project will be documented in this file.
 
-## [Unreleased](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.1...HEAD)
+## [Unreleased](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.3...HEAD)
 
-## [0.3.1](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.0...v0.3.1)
+## [0.3.3](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.2...v0.3.3)
+
+## Changes
+
+- [#250](https://github.com/dbt-labs/terraform-provider-dbtcloud/issues/250) - [Experimental] Create a new resource called `dbtcloud_group_partial_permissions` to manage permissions of a single group from different resources which can be set across different Terraform projects/workspaces. The dbt Cloud API doesn't provide endpoints for adding/removing single permissions, so the logic in the provider is more complex than other resources. If the resource works as expected for the provider users we could create similar ones for "partial" notifications and "partial" license mappings.
+
+## [0.3.2](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.0...v0.3.2)
 
 ## Changes
 

Makefile

@@ -15,7 +15,7 @@ install: build
 	mv ./$(BINARY) $(HOME)/.terraform.d/plugins/$(BINARY)
 
 doc:
-	go generate ./... && rm docs/resources/dbt_cloud_* && rm docs/data-sources/dbt_cloud_* && cp -r guides docs/
+	go generate ./... && cp -r guides docs/
 
 test: deps
 	go test -mod=readonly -count=1 ./...

docs/resources/group_partial_permissions.md

@@ -0,0 +1,96 @@
+---
+page_title: "dbtcloud_group_partial_permissions Resource - dbtcloud"
+subcategory: ""
+description: |-
+  Provide a partial set of permissions for a group. This is different from dbt_cloud_group as it allows to have multiple resources updating the same dbt Cloud group and is useful for companies managing a single dbt Cloud Account configuration from different Terraform projects/workspaces.
+  If a company uses only one Terraform project/workspace to manage all their dbt Cloud Account config, it is recommended to use dbt_cloud_group instead of dbt_cloud_group_partial_permissions.
+  ~> This is currently an experimental resource and any feedback is welcome in the GitHub repository.
+  The current behavior of the resource is the following:
+  when using dbt_cloud_group_partial_permissions, don't use dbt_cloud_group for the same group in any other project/workspace. Otherwise, the behavior is undefined and partial permissions might be removed.when defining a new dbt_cloud_group_partial_permissions
+  
+  if the group doesn't exist with the given name, it will be createdif a group exists with the given name, permissions will be added in the dbt Cloud group if they are not present yetin a given Terraform project/workspace, avoid having different ~~dbtcloudgrouppartialpermissions` for the same group name to prevent sync issues. Add all the permissions in the same resource.all resources for the same group name need to have the same values for assign_by_default and sso_mapping_groups. Those fields are not considered "partial". (Please raise feedback in GitHub if you think that sso_mapping_groups should be "partial" as well)when a resource is updated, the dbt Cloud group will be updated accordingly, removing and adding permissionswhen the resource is deleted/destroyed, if the resulting permission sets is empty, the group will be deleted ; otherwise, the group will be updated, removing the permissions from the deleted resource
+---
+
+# dbtcloud_group_partial_permissions (Resource)
+
+
+Provide a partial set of permissions for a group. This is different from `dbt_cloud_group` as it allows to have multiple resources updating the same dbt Cloud group and is useful for companies managing a single dbt Cloud Account configuration from different Terraform projects/workspaces.
+
+If a company uses only one Terraform project/workspace to manage all their dbt Cloud Account config, it is recommended to use `dbt_cloud_group` instead of `dbt_cloud_group_partial_permissions`.
+
+~> This is currently an experimental resource and any feedback is welcome in the GitHub repository.
+
+The current behavior of the resource is the following:
+
+- when using `dbt_cloud_group_partial_permissions`, don't use `dbt_cloud_group` for the same group in any other project/workspace. Otherwise, the behavior is undefined and partial permissions might be removed.
+- when defining a new `dbt_cloud_group_partial_permissions`
+  - if the group doesn't exist with the given `name`, it will be created
+  - if a group exists with the given `name`, permissions will be added in the dbt Cloud group if they are not present yet
+- in a given Terraform project/workspace, avoid having different ~~dbt_cloud_group_partial_permissions` for the same group name to prevent sync issues. Add all the permissions in the same resource. 
+- all resources for the same group name need to have the same values for `assign_by_default` and `sso_mapping_groups`. Those fields are not considered "partial". (Please raise feedback in GitHub if you think that `sso_mapping_groups` should be "partial" as well)
+- when a resource is updated, the dbt Cloud group will be updated accordingly, removing and adding permissions
+- when the resource is deleted/destroyed, if the resulting permission sets is empty, the group will be deleted ; otherwise, the group will be updated, removing the permissions from the deleted resource
+
+## Example Usage
+
+```terraform
+// we add some permissions to the group "TF Group 1" (existing or not) to  a new project 
+resource "dbtcloud_group_partial_permissions" "tf_group_1" {
+	name  				= "TF Group 1"
+	group_permissions = [
+		{
+			permission_set 	= "developer"
+			project_id    	= dbtcloud_project.dbt_project.id
+			all_projects  	= false
+		},
+		{
+			permission_set 	= "git_admin"
+			project_id    	= dbtcloud_project.dbt_project.id
+			all_projects  	= false
+		}
+	]
+}
+
+// we add Admin permissions to the group "TF Group 2" (existing or not) to  a new project 
+// it is possible to add more permissions to the same group name in other Terraform projects/workspaces, using another `dbtcloud_group_partial_permissions` resource
+resource "dbtcloud_group_partial_permissions" "tf_group_2" {
+	name  				= "TF Group 2"
+	sso_mapping_groups 	= ["group2"]
+	group_permissions = [
+		{
+			permission_set 	= "admin"
+			project_id    	= dbtcloud_project.dbt_project.id
+			all_projects  	= false
+		}
+	]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the group. This is used to identify an existing group
+
+### Optional
+
+- `assign_by_default` (Boolean) Whether the group will be assigned by default to users. The value needs to be the same for all partial permissions for the same group.
+- `group_permissions` (Attributes Set) Partial permissions for the group. Those permissions will be added/removed when config is added/removed. (see [below for nested schema](#nestedatt--group_permissions))
+- `sso_mapping_groups` (Set of String) Mapping groups from the IdP. At the moment the complete list needs to be provided in each partial permission for the same group.
+
+### Read-Only
+
+- `id` (Number) The ID of the group
+
+<a id="nestedatt--group_permissions"></a>
+### Nested Schema for `group_permissions`
+
+Required:
+
+- `all_projects` (Boolean) Whether access should be provided for all projects or not.
+- `permission_set` (String) Set of permissions to apply. The permissions allowed are the same as the ones for the `dbtcloud_group` resource.
+
+Optional:
+
+- `project_id` (Number) Project ID to apply this permission to for this group.

docs/resources/job.md

@@ -36,8 +36,8 @@ resource "dbtcloud_job" "daily_job" {
   run_generate_sources = true
   target_name          = "default"
   triggers = {
-    "github_webhook" : false,
-    "git_provider_webhook" : false,
+    "github_webhook" : false
+    "git_provider_webhook" : false
     "schedule" : true
     "on_merge" : false
   }
@@ -62,8 +62,8 @@ resource "dbtcloud_job" "ci_job" {
   project_id               = dbtcloud_project.dbt_project.id
   run_generate_sources     = false
   triggers = {
-    "github_webhook" : true,
-    "git_provider_webhook" : true,
+    "github_webhook" : true
+    "git_provider_webhook" : true
     "schedule" : false
     "on_merge" : false
   }
@@ -86,8 +86,8 @@ resource "dbtcloud_job" "downstream_job" {
   project_id               = dbtcloud_project.dbt_project2.id
   run_generate_sources     = true
   triggers = {
-    "github_webhook" : false,
-    "git_provider_webhook" : false,
+    "github_webhook" : false
+    "git_provider_webhook" : false
     "schedule" : false
     "on_merge" : false
   }

examples/resources/dbtcloud_group_partial_permissions/resource.tf

@@ -0,0 +1,30 @@
+// we add some permissions to the group "TF Group 1" (existing or not) to  a new project 
+resource "dbtcloud_group_partial_permissions" "tf_group_1" {
+	name  				= "TF Group 1"
+	group_permissions = [
+		{
+			permission_set 	= "developer"
+			project_id    	= dbtcloud_project.dbt_project.id
+			all_projects  	= false
+		},
+		{
+			permission_set 	= "git_admin"
+			project_id    	= dbtcloud_project.dbt_project.id
+			all_projects  	= false
+		}
+	]
+}
+
+// we add Admin permissions to the group "TF Group 2" (existing or not) to  a new project 
+// it is possible to add more permissions to the same group name in other Terraform projects/workspaces, using another `dbtcloud_group_partial_permissions` resource
+resource "dbtcloud_group_partial_permissions" "tf_group_2" {
+	name  				= "TF Group 2"
+	sso_mapping_groups 	= ["group2"]
+	group_permissions = [
+		{
+			permission_set 	= "admin"
+			project_id    	= dbtcloud_project.dbt_project.id
+			all_projects  	= false
+		}
+	]
+}

examples/resources/dbtcloud_job/resource.tf

@@ -13,8 +13,8 @@ resource "dbtcloud_job" "daily_job" {
   run_generate_sources = true
   target_name          = "default"
   triggers = {
-    "github_webhook" : false,
-    "git_provider_webhook" : false,
+    "github_webhook" : false
+    "git_provider_webhook" : false
     "schedule" : true
     "on_merge" : false
   }
@@ -39,8 +39,8 @@ resource "dbtcloud_job" "ci_job" {
   project_id               = dbtcloud_project.dbt_project.id
   run_generate_sources     = false
   triggers = {
-    "github_webhook" : true,
-    "git_provider_webhook" : true,
+    "github_webhook" : true
+    "git_provider_webhook" : true
     "schedule" : false
     "on_merge" : false
   }
@@ -63,8 +63,8 @@ resource "dbtcloud_job" "downstream_job" {
   project_id               = dbtcloud_project.dbt_project2.id
   run_generate_sources     = true
   triggers = {
-    "github_webhook" : false,
-    "git_provider_webhook" : false,
+    "github_webhook" : false
+    "git_provider_webhook" : false
     "schedule" : false
     "on_merge" : false
   }

go.mod

@@ -1,6 +1,8 @@
 module github.com/dbt-labs/terraform-provider-dbtcloud
 
-go 1.21
+go 1.21.0
+
+toolchain go1.21.4
 
 require (
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
@@ -12,6 +14,7 @@ require (
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0
 	github.com/hashicorp/terraform-plugin-testing v1.7.0
 	github.com/samber/lo v1.39.0
+	github.com/sirupsen/logrus v1.9.3
 )
 
 require (
@@ -59,7 +62,8 @@ require (
 	github.com/posener/complete v1.2.3 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
+	github.com/stretchr/testify v1.8.4 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect

go.sum

@@ -37,8 +37,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
-github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
-github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
+github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
@@ -130,8 +130,8 @@ github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gav
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -172,8 +172,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
@@ -183,18 +183,22 @@ github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNX
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ=
 github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
+github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
@@ -241,6 +245,7 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=