Merge pull request #268 from dbt-labs/release-0.3.7

CHANGELOG.md

@@ -2,7 +2,23 @@
 
 All notable changes to this project will be documented in this file.
 
-## [Unreleased](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.6...HEAD)
+## [Unreleased](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.7...HEAD)
+
+## [0.3.7](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.6...v0.3.7)
+
+### Changes
+
+- [#266](https://github.com/dbt-labs/terraform-provider-dbtcloud/issues/266) Add env level permissions for `dbtcloud_group` and `dbtcloud_group_partial_permissions`. As of June 5 this feature is not yet active for all customers.
+
+### Docs
+
+- Fix description of fields for some datasources
+
+### Internals
+
+- Move the `dbcloud_group` resource and datasource from the SDKv2 to the Framework
+- Create new helpers for comparing Go structs
+- Update all SDKv2 tests to run on the muxed provider to work when some resources have moved to the Plugin Framework
 
 ## [0.3.6](https://github.com/dbt-labs/terraform-provider-dbtcloud/compare/v0.3.5...v0.3.6)
 

docs/data-sources/environment.md

@@ -23,10 +23,10 @@ Retrieve data for a single environment
 ### Read-Only
 
 - `credentials_id` (Number) The project ID to which the environment belong
-- `custom_branch` (String) The type of deployment environment (currently 'production', 'staging' or empty)
-- `dbt_version` (String) Version number of dbt to use in this environment, usually in the format 1.2.0-latest rather than core versions
-- `deployment_type` (String) The name of the environment
+- `custom_branch` (String) The custom branch name to use
+- `dbt_version` (String) Version number of dbt to use in this environment.
+- `deployment_type` (String) The type of deployment environment (currently 'production', 'staging' or empty)
 - `extended_attributes_id` (Number) The ID of the extended attributes applied
 - `name` (String) The name of the environment
-- `type` (String) The name of the environment
+- `type` (String) The type of environment (must be either development or deployment)
 - `use_custom_branch` (Boolean) Whether to use a custom git branch in this environment

docs/data-sources/environments.md

@@ -28,13 +28,13 @@ Retrieve data for multiple environments
 
 Read-Only:
 
-- `credentials_id` (Number) The project ID to which the environment belong
-- `custom_branch` (String) The type of deployment environment (currently 'production', 'staging' or empty)
-- `dbt_version` (String) Version number of dbt to use in this environment, usually in the format 1.2.0-latest rather than core versions
-- `deployment_type` (String) The name of the environment
+- `credentials_id` (Number) Credential ID to create the environment with. A credential is not required for development environments but is required for deployment environments
+- `custom_branch` (String) The custom branch name to use
+- `dbt_version` (String) Version number of dbt to use in this environment.
+- `deployment_type` (String) The type of deployment environment (currently 'production', 'staging' or empty)
 - `environment_id` (Number) The ID of the environment
 - `extended_attributes_id` (Number) The ID of the extended attributes applied
 - `name` (String) The name of the environment
 - `project_id` (Number) The project ID to which the environment belong
-- `type` (String) The name of the environment
+- `type` (String) The type of environment (must be either development or deployment)
 - `use_custom_branch` (Boolean) Whether to use a custom git branch in this environment

docs/data-sources/group.md

@@ -3,12 +3,12 @@
 page_title: "dbtcloud_group Data Source - dbtcloud"
 subcategory: ""
 description: |-
-  
+  Retrieve group details
 ---
 
 # dbtcloud_group (Data Source)
 
-
+Retrieve group details
 
 
 
@@ -17,12 +17,22 @@ description: |-
 
 ### Required
 
-- `group_id` (Number) ID of the group
+- `group_id` (Number) The ID of the group
 
 ### Read-Only
 
-- `assign_by_default` (Boolean) Whether or not to assign this group to users by default
-- `id` (String) The ID of this resource.
-- `is_active` (Boolean) Whether the group is active
+- `assign_by_default` (Boolean) Whether the group will be assigned by default to users. The value needs to be the same for all partial permissions for the same group.
+- `group_permissions` (Attributes Set) Partial permissions for the group. Those permissions will be added/removed when config is added/removed. (see [below for nested schema](#nestedatt--group_permissions))
+- `id` (Number) The ID of this resource
 - `name` (String) Group name
-- `sso_mapping_groups` (List of String) SSO mapping group names for this group
+- `sso_mapping_groups` (Set of String) SSO mapping group names for this group
+
+<a id="nestedatt--group_permissions"></a>
+### Nested Schema for `group_permissions`
+
+Read-Only:
+
+- `all_projects` (Boolean) Whether access should be provided for all projects or not.
+- `permission_set` (String) Set of permissions to apply. The permissions allowed are the same as the ones for the `dbtcloud_group` resource.
+- `project_id` (Number) Project ID to apply this permission to for this group.
+- `writable_environment_categories` (Set of String) What types of environments to apply Write permissions to.

docs/resources/group.md

@@ -2,7 +2,8 @@
 page_title: "dbtcloud_group Resource - dbtcloud"
 subcategory: ""
 description: |-
-  
+  Provide a complete set of permissions for a group. This is different from dbt_cloud_partial_group_permissions.
+  With this resource type only one resource can be used to manage the permissions for a given group.
 ---
 
 # dbtcloud_group (Resource)
@@ -34,7 +35,9 @@ The mapping of permission names [from the docs](https://docs.getdbt.com/docs/clo
 |Webhooks Only | webhooks_only|
 
 
+Provide a complete set of permissions for a group. This is different from `dbt_cloud_partial_group_permissions`.
 
+With this resource type only one resource can be used to manage the permissions for a given group.
 
 ## Example Usage
 
@@ -58,30 +61,34 @@ resource "dbtcloud_group" "tf_group_1" {
 
 ### Required
 
-- `name` (String) Group name
+- `name` (String) The name of the group. This is used to identify an existing group
 
 ### Optional
 
-- `assign_by_default` (Boolean) Whether or not to assign this group to users by default
-- `group_permissions` (Block Set) (see [below for nested schema](#nestedblock--group_permissions))
-- `is_active` (Boolean) Whether the group is active
-- `sso_mapping_groups` (List of String) SSO mapping group names for this group
+- `assign_by_default` (Boolean) Whether the group will be assigned by default to users. The value needs to be the same for all partial permissions for the same group.
+- `group_permissions` (Block Set) Partial permissions for the group. Those permissions will be added/removed when config is added/removed. (see [below for nested schema](#nestedblock--group_permissions))
+- `sso_mapping_groups` (Set of String) Mapping groups from the IdP. At the moment the complete list needs to be provided in each partial permission for the same group.
 
 ### Read-Only
 
-- `id` (String) The ID of this resource.
+- `id` (Number) The ID of the group
 
 <a id="nestedblock--group_permissions"></a>
 ### Nested Schema for `group_permissions`
 
 Required:
 
-- `all_projects` (Boolean) Whether or not to apply this permission to all projects for this group
-- `permission_set` (String) Set of permissions to apply
+- `all_projects` (Boolean) Whether access should be provided for all projects or not.
+- `permission_set` (String) Set of permissions to apply. The permissions allowed are the same as the ones for the `dbtcloud_group` resource.
 
 Optional:
 
-- `project_id` (Number) Project ID to apply this permission to for this group
+- `project_id` (Number) Project ID to apply this permission to for this group.
+- `writable_environment_categories` (Set of String) What types of environments to apply Write permissions to. 
+Even if Write access is restricted to some environment types, the permission set will have Read access to all environments. 
+The values allowed are `all`, `development`, `staging`, `production` and `other`. 
+Not setting a value is the same as selecting `all`. 
+Not all permission sets support environment level write settings, only `analyst`, `database_admin`, `developer`, `git_admin` and `team_admin`.
 
 ## Import
 

docs/resources/group_partial_permissions.md

@@ -96,3 +96,8 @@ Required:
 Optional:
 
 - `project_id` (Number) Project ID to apply this permission to for this group.
+- `writable_environment_categories` (Set of String) What types of environments to apply Write permissions to. 
+Even if Write access is restricted to some environment types, the permission set will have Read access to all environments. 
+The values allowed are `all`, `development`, `staging`, `production` and `other`. 
+Not setting a value is the same as selecting `all`. 
+Not all permission sets support environment level write settings, only `analyst`, `database_admin`, `developer`, `git_admin` and `team_admin`.

pkg/dbt_cloud/group.go

@@ -9,14 +9,15 @@ import (
 )
 
 type GroupPermission struct {
-	ID          *int   `json:"id,omitempty"`
-	AccountID   int    `json:"account_id"`
-	GroupID     int    `json:"group_id"`
-	ProjectID   int    `json:"project_id,omitempty"`
-	AllProjects bool   `json:"all_projects"`
-	State       int    `json:"state,omitempty"`
-	Set         string `json:"permission_set,omitempty"`
-	Level       string `json:"permission_level,omitempty"`
+	ID                            *int     `json:"id,omitempty"`
+	AccountID                     int      `json:"account_id"`
+	GroupID                       int      `json:"group_id"`
+	ProjectID                     int      `json:"project_id,omitempty"`
+	AllProjects                   bool     `json:"all_projects"`
+	State                         int      `json:"state,omitempty"`
+	Set                           string   `json:"permission_set,omitempty"`
+	Level                         string   `json:"permission_level,omitempty"`
+	WritableEnvironmentCategories []string `json:"writable_environment_categories,omitempty"`
 }
 
 type Group struct {

pkg/framework/objects/environment/schema.go

@@ -33,23 +33,23 @@ func (r *environmentDataSource) Schema(
 			},
 			"dbt_version": schema.StringAttribute{
 				Computed:    true,
-				Description: "Version number of dbt to use in this environment, usually in the format 1.2.0-latest rather than core versions",
+				Description: "Version number of dbt to use in this environment.",
 			},
 			"type": schema.StringAttribute{
 				Computed:    true,
-				Description: "The name of the environment",
+				Description: "The type of environment (must be either development or deployment)",
 			},
 			"use_custom_branch": schema.BoolAttribute{
 				Computed:    true,
 				Description: "Whether to use a custom git branch in this environment",
 			},
 			"custom_branch": schema.StringAttribute{
 				Computed:    true,
-				Description: "The type of deployment environment (currently 'production', 'staging' or empty)",
+				Description: "The custom branch name to use",
 			},
 			"deployment_type": schema.StringAttribute{
 				Computed:    true,
-				Description: "The name of the environment",
+				Description: "The type of deployment environment (currently 'production', 'staging' or empty)",
 			},
 			"extended_attributes_id": schema.Int64Attribute{
 				Computed:    true,
@@ -86,31 +86,31 @@ func (r *environmentsDataSources) Schema(
 						},
 						"credentials_id": schema.Int64Attribute{
 							Computed:    true,
-							Description: "The project ID to which the environment belong",
+							Description: "Credential ID to create the environment with. A credential is not required for development environments but is required for deployment environments",
 						},
 						"name": schema.StringAttribute{
 							Computed:    true,
 							Description: "The name of the environment",
 						},
 						"dbt_version": schema.StringAttribute{
 							Computed:    true,
-							Description: "Version number of dbt to use in this environment, usually in the format 1.2.0-latest rather than core versions",
+							Description: "Version number of dbt to use in this environment.",
 						},
 						"type": schema.StringAttribute{
 							Computed:    true,
-							Description: "The name of the environment",
+							Description: "The type of environment (must be either development or deployment)",
 						},
 						"use_custom_branch": schema.BoolAttribute{
 							Computed:    true,
 							Description: "Whether to use a custom git branch in this environment",
 						},
 						"custom_branch": schema.StringAttribute{
 							Computed:    true,
-							Description: "The type of deployment environment (currently 'production', 'staging' or empty)",
+							Description: "The custom branch name to use",
 						},
 						"deployment_type": schema.StringAttribute{
 							Computed:    true,
-							Description: "The name of the environment",
+							Description: "The type of deployment environment (currently 'production', 'staging' or empty)",
 						},
 						"extended_attributes_id": schema.Int64Attribute{
 							Computed:    true,

pkg/framework/objects/group/data_source.go

@@ -0,0 +1,85 @@
+package group
+
+import (
+	"context"
+	"strings"
+
+	"github.com/dbt-labs/terraform-provider-dbtcloud/pkg/dbt_cloud"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var (
+	_ datasource.DataSource              = &groupDataSource{}
+	_ datasource.DataSourceWithConfigure = &groupDataSource{}
+)
+
+func GroupDataSource() datasource.DataSource {
+	return &groupDataSource{}
+}
+
+type groupDataSource struct {
+	client *dbt_cloud.Client
+}
+
+func (d *groupDataSource) Metadata(
+	_ context.Context,
+	req datasource.MetadataRequest,
+	resp *datasource.MetadataResponse,
+) {
+	resp.TypeName = req.ProviderTypeName + "_group"
+}
+
+func (d *groupDataSource) Read(
+	ctx context.Context,
+	req datasource.ReadRequest,
+	resp *datasource.ReadResponse,
+) {
+
+	var data GroupDatasourceModel
+
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+
+	groupID := data.GroupID.ValueInt64()
+	retrievedGroup, err := d.client.GetGroup(int(groupID))
+
+	if err != nil {
+		if strings.HasPrefix(err.Error(), "resource-not-found") {
+			resp.Diagnostics.AddWarning(
+				"Resource not found",
+				"The group was not found and has been removed from the state.",
+			)
+			resp.State.RemoveResource(ctx)
+			return
+		}
+		resp.Diagnostics.AddError("Error getting the group", err.Error())
+		return
+	}
+
+	data.GroupID = types.Int64Value(int64(*retrievedGroup.ID))
+	data.ID = types.Int64Value(int64(*retrievedGroup.ID))
+	data.Name = types.StringValue(retrievedGroup.Name)
+	data.AssignByDefault = types.BoolValue(retrievedGroup.AssignByDefault)
+	data.SSOMappingGroups, _ = types.SetValueFrom(
+		context.Background(),
+		types.StringType,
+		retrievedGroup.SSOMappingGroups,
+	)
+
+	remotePermissions := ConvertGroupPermissionDataToModel(retrievedGroup.Permissions)
+	data.GroupPermissions = remotePermissions
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (d *groupDataSource) Configure(
+	_ context.Context,
+	req datasource.ConfigureRequest,
+	_ *datasource.ConfigureResponse,
+) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	d.client = req.ProviderData.(*dbt_cloud.Client)
+}

pkg/sdkv2/data_sources/group_acceptance_test.go → pkg/framework/objects/group/data_source_acceptance_test.go

@@ -1,9 +1,10 @@
-package data_sources_test
+package group_test
 
 import (
 	"fmt"
 	"testing"
 
+	"github.com/dbt-labs/terraform-provider-dbtcloud/pkg/framework/acctest_helper"
 	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 )
@@ -16,15 +17,14 @@ func TestAccDbtCloudGroupDataSource(t *testing.T) {
 
 	check := resource.ComposeAggregateTestCheckFunc(
 		resource.TestCheckResourceAttr("data.dbtcloud_group.test_group_read", "name", groupName),
-		resource.TestCheckResourceAttrSet("data.dbtcloud_group.test_group_read", "is_active"),
 		resource.TestCheckResourceAttrSet(
 			"data.dbtcloud_group.test_group_read",
 			"assign_by_default",
 		),
 	)
 
 	resource.ParallelTest(t, resource.TestCase{
-		Providers: providers(),
+		ProtoV6ProviderFactories: acctest_helper.TestAccProtoV6ProviderFactories,
 		Steps: []resource.TestStep{
 			{
 				Config: config,