Support org admin tokens. (#168)

- Add an `admin` inout property to OrgAccessToken - Fix existing output properties for OrgAccessToken
pulumi · Sep 12, 2023 · 1cf19e3 · 1cf19e3
1 parent f881a4d
commit 1cf19e3
Show file tree

Hide file tree

Showing 10 changed files with 175 additions and 10 deletions.
diff --git a/provider/cmd/pulumi-resource-pulumiservice/schema.json b/provider/cmd/pulumi-resource-pulumiservice/schema.json
@@ -600,6 +600,10 @@
           "description": "The organization's name.",
           "type": "string"
         },
+        "admin": {
+          "description": "Optional. True if this is an admin token.",
+          "type": "boolean"
+        },
         "value": {
           "description": "The token's value.",
           "type": "string",
@@ -618,6 +622,10 @@
         "organizationName": {
           "description": "The organization's name.",
           "type": "string"
+        },
+        "admin": {
+          "description": "Optional. True if this is an admin token.",
+          "type": "boolean"
         }
       },
       "requiredInputs": [

diff --git a/provider/pkg/internal/pulumiapi/orgtokens.go b/provider/pkg/internal/pulumiapi/orgtokens.go
@@ -34,10 +34,11 @@ type createOrgTokenResponse struct {
 
 type createOrgTokenRequest struct {
 	Description string `json:"description"`
-	Name       string `json:"name"`
+	Name        string `json:"name"`
+	Admin       bool   `json:"admin"`
 }
 
-func (c *Client) CreateOrgAccessToken(ctx context.Context, name string, orgName string, description string) (*AccessToken, error) {
+func (c *Client) CreateOrgAccessToken(ctx context.Context, name string, orgName string, description string, admin bool) (*AccessToken, error) {
 
 	if len(orgName) == 0 {
 		return nil, errors.New("empty orgName")
@@ -50,8 +51,9 @@ func (c *Client) CreateOrgAccessToken(ctx context.Context, name string, orgName
 	apiPath := path.Join("orgs", orgName, "tokens")
 
 	createReq := createOrgTokenRequest{
-		Name: name,
+		Name:        name,
 		Description: description,
+		Admin:       admin,
 	}
 
 	var createRes createOrgTokenResponse

diff --git a/provider/pkg/internal/pulumiapi/orgtokens_test.go b/provider/pkg/internal/pulumiapi/orgtokens_test.go
@@ -46,6 +46,7 @@ func TestCreateOrgAccessToken(t *testing.T) {
 	orgName := "anOrg"
 	name := "anOrgToken"
 	desc := "token description"
+
 	t.Run("Happy Path", func(t *testing.T) {
 		resp := createTokenResponse{
 			ID:         "token_id",
@@ -62,7 +63,33 @@ func TestCreateOrgAccessToken(t *testing.T) {
 			ResponseBody:    resp,
 		})
 		defer cleanup()
-		token, err := c.CreateOrgAccessToken(teamCtx, name, orgName, desc)
+		token, err := c.CreateOrgAccessToken(teamCtx, name, orgName, desc, false)
+		assert.NoError(t, err)
+		assert.Equal(t, &AccessToken{
+			ID:          resp.ID,
+			TokenValue:  resp.TokenValue,
+			Description: desc,
+		}, token)
+	})
+
+	t.Run("Admin token", func(t *testing.T) {
+		resp := createTokenResponse{
+			ID:         "token_id",
+			TokenValue: "secret",
+		}
+		c, cleanup := startTestServer(t, testServerConfig{
+			ExpectedReqMethod: http.MethodPost,
+			ExpectedReqBody: createOrgTokenRequest{
+				Description: desc,
+				Name:        name,
+				Admin:       true,
+			},
+			ExpectedReqPath: "/api/orgs/anOrg/tokens",
+			ResponseCode:    201,
+			ResponseBody:    resp,
+		})
+		defer cleanup()
+		token, err := c.CreateOrgAccessToken(teamCtx, name, orgName, desc, true)
 		assert.NoError(t, err)
 		assert.Equal(t, &AccessToken{
 			ID:          resp.ID,
@@ -77,7 +104,7 @@ func TestCreateOrgAccessToken(t *testing.T) {
 			ExpectedReqPath:   "/api/orgs/anOrg/tokens",
 			ExpectedReqBody: createOrgTokenRequest{
 				Description: desc,
-				Name: name,
+				Name:        name,
 			},
 			ResponseCode: 401,
 			ResponseBody: errorResponse{
@@ -86,7 +113,7 @@ func TestCreateOrgAccessToken(t *testing.T) {
 			},
 		})
 		defer cleanup()
-		token, err := c.CreateOrgAccessToken(teamCtx, name, orgName, desc)
+		token, err := c.CreateOrgAccessToken(teamCtx, name, orgName, desc, false)
 		assert.Nil(t, token, "token should be nil")
 		assert.EqualError(t,
 			err,

diff --git a/provider/pkg/provider/org_access_token.go b/provider/pkg/provider/org_access_token.go
@@ -20,13 +20,15 @@ type PulumiServiceOrgAccessTokenInput struct {
 	OrgName     string
 	Description string
 	Name        string
+	Admin       bool
 }
 
 func (i *PulumiServiceOrgAccessTokenInput) ToPropertyMap() resource.PropertyMap {
 	pm := resource.PropertyMap{}
 	pm["name"] = resource.NewPropertyValue(i.Name)
 	pm["description"] = resource.NewPropertyValue(i.Description)
 	pm["organizationName"] = resource.NewPropertyValue(i.OrgName)
+	pm["admin"] = resource.NewPropertyValue(i.Admin)
 	return pm
 }
 
@@ -45,6 +47,10 @@ func (ot *PulumiServiceOrgAccessTokenResource) ToPulumiServiceOrgAccessTokenInpu
 		input.OrgName = inputMap["organizationName"].StringValue()
 	}
 
+	if inputMap["admin"].HasValue() && inputMap["admin"].IsBool() {
+		input.Admin = inputMap["admin"].BoolValue()
+	}
+
 	return input
 }
 
@@ -70,14 +76,17 @@ func (ot *PulumiServiceOrgAccessTokenResource) Diff(req *pulumirpc.DiffRequest)
 		}, nil
 	}
 
-	changes := pulumirpc.DiffResponse_DIFF_NONE
+	changes, replaces := pulumirpc.DiffResponse_DIFF_NONE, []string(nil)
 	if diffs.Changed("description") {
-		changes = pulumirpc.DiffResponse_DIFF_SOME
+		changes, replaces = pulumirpc.DiffResponse_DIFF_SOME, append(replaces, "description")
+	}
+	if diffs.Changed("admin") {
+		changes, replaces = pulumirpc.DiffResponse_DIFF_SOME, append(replaces, "admin")
 	}
 
 	return &pulumirpc.DiffResponse{
 		Changes:  changes,
-		Replaces: []string{"description"},
+		Replaces: replaces,
 	}, nil
 }
 
@@ -108,6 +117,10 @@ func (ot *PulumiServiceOrgAccessTokenResource) Create(req *pulumirpc.CreateReque
 
 	outputStore := resource.PropertyMap{}
 	outputStore["__inputs"] = resource.NewObjectProperty(inputs)
+	outputStore["name"] = inputs["name"]
+	outputStore["organizationName"] = inputs["organizationName"]
+	outputStore["description"] = inputs["description"]
+	outputStore["admin"] = inputs["admin"]
 	outputStore["value"] = resource.NewPropertyValue(accessToken.TokenValue)
 
 	outputProperties, err := plugin.MarshalProperties(
@@ -148,7 +161,7 @@ func (ot *PulumiServiceOrgAccessTokenResource) Configure(config PulumiServiceCon
 
 func (ot *PulumiServiceOrgAccessTokenResource) createOrgAccessToken(ctx context.Context, input PulumiServiceOrgAccessTokenInput) (*pulumiapi.AccessToken, error) {
 
-	accesstoken, err := ot.client.CreateOrgAccessToken(ctx, input.Name, input.OrgName, input.Description)
+	accesstoken, err := ot.client.CreateOrgAccessToken(ctx, input.Name, input.OrgName, input.Description, input.Admin)
 	if err != nil {
 		return nil, err
 	}

diff --git a/sdk/dotnet/OrgAccessToken.cs b/sdk/dotnet/OrgAccessToken.cs
diff --git a/sdk/go/pulumiservice/orgAccessToken.go b/sdk/go/pulumiservice/orgAccessToken.go
diff --git a/sdk/java/src/main/java/com/pulumi/pulumiservice/OrgAccessToken.java b/sdk/java/src/main/java/com/pulumi/pulumiservice/OrgAccessToken.java
diff --git a/sdk/java/src/main/java/com/pulumi/pulumiservice/OrgAccessTokenArgs.java b/sdk/java/src/main/java/com/pulumi/pulumiservice/OrgAccessTokenArgs.java
diff --git a/sdk/nodejs/orgAccessToken.ts b/sdk/nodejs/orgAccessToken.ts