Merge pull request #32 from sandrogattuso/feature/debug-permission

Add support for debug permission
codefresh-io · Feb 16, 2021 · 7c53585 · 7c53585
2 parents 568a170 + e4857b9
commit 7c53585
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 4 deletions.
diff --git a/codefresh/resource_permission.go b/codefresh/resource_permission.go
@@ -2,9 +2,10 @@ package codefresh
 
 import (
 	"fmt"
+	"log"
+
 	cfClient "github.com/codefresh-io/terraform-provider-codefresh/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"log"
 )
 
 func resourcePermission() *schema.Resource {
@@ -42,8 +43,8 @@ func resourcePermission() *schema.Resource {
 				Required: true,
 				ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) {
 					v := val.(string)
-					if v != "create" && v != "read" && v != "update" && v != "delete" && v != "run" && v != "approve" {
-						errs = append(errs, fmt.Errorf("%q must be between one of create,read,update,delete,approve, got: %s", key, v))
+					if v != "create" && v != "read" && v != "update" && v != "delete" && v != "run" && v != "approve" && v != "debug" {
+						errs = append(errs, fmt.Errorf("%q must be between one of create,read,update,delete,approve,debug got: %s", key, v))
 					}
 					return
 				},

diff --git a/docs/resources/permissions.md b/docs/resources/permissions.md
@@ -1,6 +1,49 @@
 # resource codefresh_permission
+Permission are used to setup access control and allow to define which teams have access to which clusters and pipelines based on tags
+See the [documentation](https://codefresh.io/docs/docs/administration/access-control/).
 
+## Example usage
+
+```hcl
+resource "codefresh_team" "developers" {
+  name = "developers"
+
+  users = [
+      "5efc3cb6355c6647041b6e49",
+      "59009221c102763beda7cf04"
+    ]
+}
+
+resource "codefresh_permission" "developers" {
+
+  team = codefresh_team.developers.id
+  resource = "pipeline"
+  action = "run"
+  tags = [
+      "demo",
+      "test"
+    ]
+}
 ```
 
+## Argument Reference
+
+- `action` - (Required) Action to be allowed. Possible values:
+  - __create__
+  - __read__
+  - __update__
+  - __delete__
+  - __run__ (Only valid for `pipeline` resource)
+  - __approve__ (Only valid for `pipeline` resource)
+  - __debug__ (Only valid for `pipeline` resource)
+- `resource` - (Required) The type of resource the permission applies to. Possible values:
+  - __pipeline__
+  - __cluster__
+- `team` - (Required) The Id of the team the permissions apply to.
+- `tags` - (Optional) The effective tags to apply the permission. It supports 2 custom tags:
+  - __untagged__ is a “tag” which refers to all clusters that don’t have any tag.
+  - __*__ (the star character) means all tags.
+
+## Attributes Reference
 
-```
+- `id` - The permission ID.