Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add run_tasks permission to Team Access #487

Merged
merged 1 commit into from
Jun 20, 2022
Merged

Add run_tasks permission to Team Access #487

merged 1 commit into from
Jun 20, 2022

Conversation

glennsarti
Copy link
Contributor

@glennsarti glennsarti commented May 5, 2022
edited
Loading

Description

Run Tasks has added a new run_tasks custom permission to Team
Workspace access. This commit adds this new permission to the
Team Access object (both resource and data) and adds acceptance
tests for both objects.

Testing plan

N/A Added acceptance tests

External links

Output from acceptance tests

N/A It'll be in the CI tests

@glennsarti glennsarti self-assigned this May 5, 2022
@glennsarti
Copy link
Contributor Author

This is a breaking change because custom access permissions will require the run_tasks parameter

e.g.

resource "tfe_team_access" "foobar" {
  permissions {
    runs = "apply"
    variables = "read"
    state_versions = "read-outputs"
    sentinel_mocks = "none"
    workspace_locking = false
    run_tasks = false           <------ THIS IS NOW REQUIRED
  }

@glennsarti glennsarti requested a review from a team May 5, 2022 06:59
sebasslash
sebasslash previously requested changes Jun 13, 2022
View reviewed changes
Copy link
Contributor

@sebasslash sebasslash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, missing the provider documentation + Wondering how our docs should reflect this breaking change? Would a simple -> **Note** suffice?

@glennsarti
Add run_tasks permission to Team Access
4bc5ff4 
Run Tasks has added a new `run_tasks` custom permission to Team
Workspace access.  This commit adds this new permission to the
Team Access object (both resource and data) and adds acceptance
tests for both objects.
@glennsarti glennsarti force-pushed the gs/add-runtask-team-access-perm branch from 50a77fc to 4bc5ff4 Compare June 16, 2022 03:06
@glennsarti
Copy link
Contributor Author

@sebasslash I've updated the docs and changelog. I have no idea how to surface the breaking changen-ess besides bumping a major version number.

@brandonc
Copy link
Collaborator

@glennsarti I think we reserve the right to break the API in reasonable ways until release 1.0. The best thing to do is just note it in CHANGELOG, as you've done.

I've already forgotten why we couldn't default this setting, but I'm wondering how to avoid similar breaking changes after 1.0...

@glennsarti
Copy link
Contributor Author

For ref - Private chat about why it is - https://hashicorp.slack.com/archives/C01BR9FR8KZ/p1651525482312299

The problem therein lies: access and permissions behave both as arguments and computed properties, but their behavior depends on whether the other is marked as an argument or as a computed property. The reason for this weird behavior is due to the Team Access API: you cannot set custom permissions unless the access field is set to custom so we can't treat both attributes as arguments because if permissions is set, access is computed to "custom" and if access is set, permissions is computed to whatever values are returned by the API.
Setting default values however breaks this behavior because the intent is muddled, are we using access to set the permissions or the default values of permissions ?

@glennsarti
Copy link
Contributor Author

@sebasslash Re-requesting a review based on the changes I made.

brandonc
brandonc approved these changes Jun 17, 2022
View reviewed changes
Copy link
Collaborator

@brandonc brandonc left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sebasslash is out of the office but I think we are good to go. Thanks for adding context about the required permission arguments!

@glennsarti glennsarti merged commit 31c73a2 into main Jun 20, 2022
@glennsarti glennsarti deleted the gs/add-runtask-team-access-perm branch June 20, 2022 00:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandonc brandonc brandonc approved these changes

@sebasslash sebasslash Awaiting requested review from sebasslash

Assignees

@glennsarti glennsarti

Labels
breaking-change enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@glennsarti @brandonc @sebasslash