Merge pull request #105 from jfrog/add-project-repository-resource

Add 'project_repository' resource
jfrog · Mar 13, 2024 · 3b47132 · 3b47132
2 parents 5bfc412 + 9f4e7d2
commit 3b47132
Show file tree

Hide file tree

Showing 35 changed files with 937 additions and 470 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,16 @@
+## 1.5.0 (March 13, 2024)
+
+FEATURES:
+
+* **New Resource:** `project_repository` - Separate resource to manage project repositories.
+* resource/project: Add `use_project_repository_resource` attribute to toggle if `project` resource should use its `repos` attribute or not to manage project repositories. Should be set to `false` to continue using existing `repos` attribute.
+
+IMPROVEMENTS:
+
+* resource/project, resource/project_environment, resource/project_role: Fix documentation for `project_key` attribute to match validation. Issue: [#103](https://github.com/jfrog/terraform-provider-project/issues/103)
+
+PR: [#105](https://github.com/jfrog/terraform-provider-project/pull/105)
+
 ## 1.4.0 (March 4, 2024)
 
 FEATURES:

diff --git a/docs/index.md b/docs/index.md
@@ -37,11 +37,11 @@ terraform {
   required_providers {
     artifactory = {
       source  = "registry.terraform.io/jfrog/artifactory"
-      version = "2.20.0"
+      version = "10.3.0"
     }
     project = {
       source  = "registry.terraform.io/jfrog/project"
-      version = "1.0.3"
+      version = "1.5.0"
     }
   }
 }
@@ -124,53 +124,61 @@ resource "project" "myproject" {
   max_storage_in_gibibytes   = 10
   block_deployments_on_limit = false
   email_notification         = true
+}
 
-  member {
-    name  = "user1"
-    roles = ["Developer", "Project Admin"]
-  }
+resource "project_user" "user1" {
+  project_key = project.myproject.key
+  name        = "user1"
+  roles       = ["developer","project admin"]
+}
 
-  member {
-    name  = "user2"
-    roles = ["Developer"]
-  }
+resource "project_user" "user2" {
+  project_key = project.myproject.key
+  name        = "user2"
+  roles       = ["developer"]
+}
 
-  group {
-    name  = "qa"
-    roles = ["qa"]
-  }
+resource "project_group" "qa" {
+  project_key = project.myproject.key
+  name        = "qa"
+  roles       = ["qa"]
+}
 
-  group {
-    name  = "release"
-    roles = ["Release Manager"]
-  }
+resource "project_group" "release" {
+  project_key = project.myproject.key
+  name        = "release"
+  roles       = ["release manager"]
+}
 
-  role {
-    name         = "qa"
-    description  = "QA role"
-    type         = "CUSTOM"
-    environments = ["DEV"]
-    actions      = var.qa_roles
-  }
+resource "project_role" "qa" {
+  project_key  = project.myproject.key
+  name         = "qa"
+  type         = "CUSTOM"
+  environments = ["DEV"]
+  actions      = var.qa_roles
+}
 
-  role {
-    name         = "devop"
-    description  = "DevOp role"
-    type         = "CUSTOM"
-    environments = ["DEV", "PROD"]
-    actions      = var.devop_roles
-  }
+resource "project_role" "devop" {
+  project_key  = project.myproject.key
+  name         = "devop"
+  type         = "CUSTOM"
+  environments = ["DEV", "PROD"]
+  actions      = var.devop_roles
+}
+
+resource "project_repository" "docker-local" {
+  project_key = project.myproject.key
+  key         = "docker-local"
+}
 
-  repos = ["docker-local", "npm-remote"]
+resource "project_repository" "npm-local" {
+  project_key = project.myproject.key
+  key         = "npm-local"
+}
 
-  depends_on = [
-    artifactory_user.user1,
-    artifactory_user.user2,
-    artifactory_group.qa-group,
-    artifactory_group.release-group,
-    artifactory_local_docker_v2_repository.docker-local,
-    artifactory_remote_npm_repository.npm-remote,
-  ]
+resource "project_environment" "myenv" {
+  project_key = project.myproj.key
+  name        = "myenv"
 }
 ```
 

diff --git a/docs/resources/environment.md b/docs/resources/environment.md
@@ -28,7 +28,7 @@ resource "project_environment" "myenv" {
 ### Required
 
 - `name` (String) Environment name. Must start with a letter and can contain letters, digits and `-` character.
-- `project_key` (String) Project key for this environment. This field supports only 2 - 20 lowercase alphanumeric and hyphen characters. Must begin with a letter.
+- `project_key` (String) Project key for this environment. This field supports only 2 - 32 lowercase alphanumeric and hyphen characters. Must begin with a letter.
 
 ### Read-Only
 

diff --git a/docs/resources/project.md b/docs/resources/project.md
@@ -59,29 +59,6 @@ resource "project" "myproject" {
   max_storage_in_gibibytes   = 10
   block_deployments_on_limit = false
   email_notification         = true
-  use_project_role_resource  = true
-
-  member {
-    name  = "user1"
-    roles = ["developer","project admin"]
-  }
-
-  member {
-    name  = "user2"
-    roles = ["developer"]
-  }
-
-  group {
-    name = "dev-group"
-    roles = ["developer"]
-  }
-
-  group {
-    name = "release-group"
-    roles = ["release manager"]
-  }
-
-  repos = ["docker-local", "rpm-local"]
 }
 ```
 
@@ -92,7 +69,7 @@ resource "project" "myproject" {
 
 - `admin_privileges` (Block Set, Min: 1) (see [below for nested schema](#nestedblock--admin_privileges))
 - `display_name` (String) Also known as project name on the UI
-- `key` (String) The Project Key is added as a prefix to resources created within a Project. This field is mandatory and supports only 2 - 20 lowercase alphanumeric and hyphen characters. Must begin with a letter. For example: `us1a-test`.
+- `key` (String) The Project Key is added as a prefix to resources created within a Project. This field is mandatory and supports only 2 - 32 lowercase alphanumeric and hyphen characters. Must begin with a letter. For example: `us1a-test`.
 
 ### Optional
 
@@ -104,7 +81,7 @@ resource "project" "myproject" {
 - `group` (Block Set, Deprecated) Project group. Element has one to one mapping with the [JFrog Project Groups API](https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API#ArtifactoryRESTAPI-UpdateGroupinProject) (see [below for nested schema](#nestedblock--group))
 - `max_storage_in_gibibytes` (Number) Storage quota in GiB. Must be 1 or larger. Set to -1 for unlimited storage. This is translated to binary bytes for Artifactory API. So for a 1TB quota, this should be set to 1024 (vs 1000) which will translate to 1099511627776 bytes for the API.
 - `member` (Block Set, Deprecated) Member of the project. Element has one to one mapping with the [JFrog Project Users API](https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API#ArtifactoryRESTAPI-UpdateUserinProject). (see [below for nested schema](#nestedblock--member))
-- `repos` (Set of String) (Optional) List of existing repo keys to be assigned to the project. **Note** We *strongly* recommend using this attribute to manage the list of repositories. If you wish to use the alternate method of setting `project_key` attribute in each `artifactory_*_repository` resource in the `artifactory` provider, you will need to use `lifecycle.ignore_changes` in the `project` resource to avoid state drift.
+- `repos` (Set of String, Deprecated) (Optional) List of existing repo keys to be assigned to the project. **Note** We *strongly* recommend using this attribute to manage the list of repositories. If you wish to use the alternate method of setting `project_key` attribute in each `artifactory_*_repository` resource in the `artifactory` provider, you will need to use `lifecycle.ignore_changes` in the `project` resource to avoid state drift.
 
 ```hcl
 lifecycle {
@@ -115,6 +92,7 @@ lifecycle {
 ```
 - `role` (Block Set, Deprecated) Project role. Element has one to one mapping with the [JFrog Project Roles API](https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API#ArtifactoryRESTAPI-AddaNewRole) (see [below for nested schema](#nestedblock--role))
 - `use_project_group_resource` (Boolean) When set to true, this resource will ignore the `group` attributes and allow users to be managed by `project_group` resource instead. Default to `true`.
+- `use_project_repository_resource` (Boolean) When set to true, this resource will ignore the `repos` attributes and allow repository to be managed by `project_repository` resource instead. Default to `true`.
 - `use_project_role_resource` (Boolean) When set to true, this resource will ignore the `roles` attributes and allow roles to be managed by `project_role` resource instead. Default to `true`.
 - `use_project_user_resource` (Boolean) When set to true, this resource will ignore the `member` attributes and allow users to be managed by `project_user` resource instead. Default to `true`.
 

diff --git a/docs/resources/repository.md b/docs/resources/repository.md
@@ -0,0 +1,40 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "project_repository Resource - terraform-provider-project"
+subcategory: ""
+description: |-
+  Assign a repository to a project. Requires a user assigned with the 'Administer the Platform' role or Project Admin permissions if admin_privileges.manage_resoures is enabled.
+---
+
+# project_repository (Resource)
+
+Assign a repository to a project. Requires a user assigned with the 'Administer the Platform' role or Project Admin permissions if `admin_privileges.manage_resoures` is enabled.
+
+## Example Usage
+
+```terraform
+resource "project_repository" "myprojectrepo" {
+  project_key = "myproj"
+  key         = "my-generic-local"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `key` (String) The key of the repository.
+- `project_key` (String) The key of the project to which the repository should be assigned to.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import project_repository.myprojectrepo project_key:repository_key
+```
diff --git a/docs/resources/role.md b/docs/resources/role.md
@@ -31,7 +31,7 @@ resource "project_role" "myrole" {
 - `actions` (Set of String) List of pre-defined actions (READ_REPOSITORY, ANNOTATE_REPOSITORY, DEPLOY_CACHE_REPOSITORY, DELETE_OVERWRITE_REPOSITORY, MANAGE_XRAY_MD_REPOSITORY, READ_RELEASE_BUNDLE, ANNOTATE_RELEASE_BUNDLE, CREATE_RELEASE_BUNDLE, DISTRIBUTE_RELEASE_BUNDLE, DELETE_RELEASE_BUNDLE, MANAGE_XRAY_MD_RELEASE_BUNDLE, READ_BUILD, ANNOTATE_BUILD, DEPLOY_BUILD, DELETE_BUILD, MANAGE_XRAY_MD_BUILD, READ_SOURCES_PIPELINE, TRIGGER_PIPELINE, READ_INTEGRATIONS_PIPELINE, READ_POOLS_PIPELINE, MANAGE_INTEGRATIONS_PIPELINE, MANAGE_SOURCES_PIPELINE, MANAGE_POOLS_PIPELINE, TRIGGER_SECURITY, ISSUES_SECURITY, LICENCES_SECURITY, REPORTS_SECURITY, WATCHES_SECURITY, POLICIES_SECURITY, RULES_SECURITY, MANAGE_MEMBERS, MANAGE_RESOURCES)
 - `environments` (Set of String) A repository can be available in different environments. Members with roles defined in the set environment will have access to the repository. List of pre-defined environments (DEV, PROD)
 - `name` (String)
-- `project_key` (String) Project key for this environment. This field supports only 2 - 20 lowercase alphanumeric and hyphen characters. Must begin with a letter.
+- `project_key` (String) Project key for this environment. This field supports only 2 - 32 lowercase alphanumeric and hyphen characters. Must begin with a letter.
 - `type` (String) Type of role. Only "CUSTOM" is supported
 
 ### Read-Only

diff --git a/examples/full.tf b/examples/full.tf
@@ -3,11 +3,11 @@ terraform {
   required_providers {
     artifactory = {
       source  = "registry.terraform.io/jfrog/artifactory"
-      version = "2.20.0"
+      version = "10.3.0"
     }
     project = {
       source  = "registry.terraform.io/jfrog/project"
-      version = "1.0.3"
+      version = "1.5.0"
     }
   }
 }
@@ -90,51 +90,59 @@ resource "project" "myproject" {
   max_storage_in_gibibytes   = 10
   block_deployments_on_limit = false
   email_notification         = true
+}
 
-  member {
-    name  = "user1"
-    roles = ["Developer", "Project Admin"]
-  }
+resource "project_user" "user1" {
+  project_key = project.myproject.key
+  name        = "user1"
+  roles       = ["developer","project admin"]
+}
 
-  member {
-    name  = "user2"
-    roles = ["Developer"]
-  }
+resource "project_user" "user2" {
+  project_key = project.myproject.key
+  name        = "user2"
+  roles       = ["developer"]
+}
 
-  group {
-    name  = "qa"
-    roles = ["qa"]
-  }
+resource "project_group" "qa" {
+  project_key = project.myproject.key
+  name        = "qa"
+  roles       = ["qa"]
+}
 
-  group {
-    name  = "release"
-    roles = ["Release Manager"]
-  }
+resource "project_group" "release" {
+  project_key = project.myproject.key
+  name        = "release"
+  roles       = ["release manager"]
+}
 
-  role {
-    name         = "qa"
-    description  = "QA role"
-    type         = "CUSTOM"
-    environments = ["DEV"]
-    actions      = var.qa_roles
-  }
+resource "project_role" "qa" {
+  project_key  = project.myproject.key
+  name         = "qa"
+  type         = "CUSTOM"
+  environments = ["DEV"]
+  actions      = var.qa_roles
+}
 
-  role {
-    name         = "devop"
-    description  = "DevOp role"
-    type         = "CUSTOM"
-    environments = ["DEV", "PROD"]
-    actions      = var.devop_roles
-  }
+resource "project_role" "devop" {
+  project_key  = project.myproject.key
+  name         = "devop"
+  type         = "CUSTOM"
+  environments = ["DEV", "PROD"]
+  actions      = var.devop_roles
+}
+
+resource "project_repository" "docker-local" {
+  project_key = project.myproject.key
+  key         = "docker-local"
+}
 
-  repos = ["docker-local", "npm-remote"]
+resource "project_repository" "npm-local" {
+  project_key = project.myproject.key
+  key         = "npm-local"
+}
 
-  depends_on = [
-    artifactory_user.user1,
-    artifactory_user.user2,
-    artifactory_group.qa-group,
-    artifactory_group.release-group,
-    artifactory_local_docker_v2_repository.docker-local,
-    artifactory_remote_npm_repository.npm-remote,
-  ]
+resource "project_environment" "myenv" {
+  project_key = project.myproj.key
+  name        = "myenv"
 }
diff --git a/examples/resources/project/resource.tf b/examples/resources/project/resource.tf
@@ -10,27 +10,4 @@ resource "project" "myproject" {
   max_storage_in_gibibytes   = 10
   block_deployments_on_limit = false
   email_notification         = true
-  use_project_role_resource  = true
-
-  member {
-    name  = "user1"
-    roles = ["developer","project admin"]
-  }
-
-  member {
-    name  = "user2"
-    roles = ["developer"]
-  }
-
-  group {
-    name = "dev-group"
-    roles = ["developer"]
-  }
-
-  group {
-    name = "release-group"
-    roles = ["release manager"]
-  }
-
-  repos = ["docker-local", "rpm-local"]
 }
diff --git a/examples/resources/project_repository/import.sh b/examples/resources/project_repository/import.sh
@@ -0,0 +1 @@
+terraform import project_repository.myprojectrepo project_key:repository_key
diff --git a/examples/resources/project_repository/resource.tf b/examples/resources/project_repository/resource.tf
@@ -0,0 +1,4 @@
+resource "project_repository" "myprojectrepo" {
+  project_key = "myproj"
+  key         = "my-generic-local"
+}