fix resource update

ilia-medvedev-codefresh · ilia-medvedev-codefresh · commit 0716c8b6d2f4 · 2024-07-10T18:10:19.000+03:00
diff --git a/codefresh/cfclient/permission.go b/codefresh/cfclient/permission.go
@@ -142,3 +142,24 @@ func (client *Client) DeletePermission(id string) error {
 
 	return nil
 }
+
+func (client *Client) UpdatePermissionTags(permission *Permission) error {
+
+	fullPath := fmt.Sprintf("/abac/tags/rule/%s", permission.ID)
+
+	body, _ := EncodeToJSON(permission.Tags)
+
+	opts := RequestOptions{
+		Path:   fullPath,
+		Method: "POST",
+		Body:   body,
+	}
+
+	_, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/codefresh/resource_permission.go b/codefresh/resource_permission.go
@@ -99,9 +99,6 @@ The tags for which to apply the permission. Supports two custom tags:
 		},
 		CustomizeDiff: customdiff.All(
 			resourcePermissionCustomDiff,
-			customdiff.ForceNewIfChange("related_resource", func(ctx context.Context, oldValue, newValue, meta interface{}) bool {
-				return true
-			}),
 		),
 	}
 }
@@ -163,18 +160,30 @@ func resourcePermissionRead(d *schema.ResourceData, meta interface{}) error {
 
 func resourcePermissionUpdate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*cfclient.Client)
-
 	permission := *mapResourceToPermission(d)
-	resp, err := client.CreatePermission(&permission)
-	if err != nil {
-		return err
-	}
 
-	deleteErr := resourcePermissionDelete(d, meta)
-	if deleteErr != nil {
-		log.Printf("[WARN] failed to delete permission %v: %v", permission, deleteErr)
+	// In case team, action or relatedResource or resource have changed - a new permission needs to be created (but without recreating the terraform resource as destruction of resources is alarming for end users)
+	if d.HasChanges("team", "action", "related_resource", "resource") {
+		deleteErr := resourcePermissionDelete(d, meta)
+
+		if deleteErr != nil {
+			log.Printf("[WARN] failed to delete permission %v: %v", permission, deleteErr)
+		}
+
+		resp, err := client.CreatePermission(&permission)
+
+		if err != nil {
+			return err
+		}
+
+		d.SetId(resp.ID)
+		// Only tags can be updated
+	} else if d.HasChange("tags") {
+		err := client.UpdatePermissionTags(&permission)
+		if err != nil {
+			return err
+		}
 	}
-	d.SetId(resp.ID)
 
 	return resourcePermissionRead(d, meta)
 }
diff --git a/codefresh/resource_permission_test.go b/codefresh/resource_permission_test.go
@@ -27,7 +27,7 @@ func TestAccCodefreshPermissionConfig(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "action", "create"),
 					resource.TestCheckResourceAttr(resourceName, "resource", "pipeline"),
 					resource.TestCheckResourceAttr(resourceName, "tags.0", "*"),
-					resource.TestCheckResourceAttr(resourceName, "related_resource",""),
+					resource.TestCheckResourceAttr(resourceName, "related_resource", ""),
 					resource.TestCheckResourceAttr(resourceName, "tags.1", "production"),
 				),
 			},
