add support for ruletype in permission

Author: ilia-medvedev-codefresh

codefresh/cfclient/permission.go

@@ -12,6 +12,7 @@ type Permission struct {
 	RelatedResource string   `json:"relatedResource,omitempty"`
 	Action          string   `json:"action,omitempty"`
 	Account         string   `json:"account,omitempty"`
+	RuleType        string   `json:"ruleType,omitempty"`
 	Tags            []string `json:"attributes,omitempty"`
 }
 
@@ -23,6 +24,7 @@ type NewPermission struct {
 	RelatedResource string   `json:"relatedResource,omitempty"`
 	Action          string   `json:"action,omitempty"`
 	Account         string   `json:"account,omitempty"`
+	RuleType        string   `json:"ruleType,omitempty"`
 	Tags            []string `json:"tags,omitempty"`
 }
 
@@ -93,6 +95,7 @@ func (client *Client) CreatePermission(permission *Permission) (*Permission, err
 		RelatedResource: permission.RelatedResource,
 		Action:          permission.Action,
 		Account:         permission.Account,
+		RuleType:        permission.RuleType,
 		Tags:            permission.Tags,
 	}
 

codefresh/resource_permission.go

@@ -84,6 +84,13 @@ Action to be allowed. Possible values:
 					"debug",
 				}, false),
 			},
+			"rule_type": {
+				Description: "Rule type - can be either `all` or `any`. If all is specified the rule will apply on resources that have all the tags. If any is specified the rule will apply on resources that have any of the tags. If not specified, deafult behavior is `any`.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				//Default:      "any",
+				ValidateFunc: validation.StringInSlice([]string{"all", "any"}, false),
+			},
 			"tags": {
 				Description: `
 The tags for which to apply the permission. Supports two custom tags:
@@ -163,7 +170,7 @@ func resourcePermissionUpdate(d *schema.ResourceData, meta interface{}) error {
 	permission := *mapResourceToPermission(d)
 
 	// In case team, action or relatedResource or resource have changed - a new permission needs to be created (but without recreating the terraform resource as destruction of resources is alarming for end users)
-	if d.HasChanges("team", "action", "related_resource", "resource") {
+	if d.HasChanges("team", "action", "related_resource", "resource", "rule_type") {
 		deleteErr := resourcePermissionDelete(d, meta)
 
 		if deleteErr != nil {
@@ -231,6 +238,11 @@ func mapPermissionToResource(permission *cfclient.Permission, d *schema.Resource
 		return err
 	}
 
+	err = d.Set("rule_type", permission.RuleType)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -249,6 +261,7 @@ func mapResourceToPermission(d *schema.ResourceData) *cfclient.Permission {
 		Action:          d.Get("action").(string),
 		Resource:        d.Get("resource").(string),
 		RelatedResource: d.Get("related_resource").(string),
+		RuleType:        d.Get("rule_type").(string),
 		Tags:            tags,
 	}
 

docs/resources/permission.md

@@ -59,6 +59,7 @@ resource "codefresh_permission" "developers" {
 - `_id` (String) The permission ID.
 - `related_resource` (String) Specifies the resource to use when evaluating the tags. Possible values:
 	* project
+- `rule_type` (String) Rule type - can be either `all` or `any`. If all is specified the rule will apply on resources that have all the tags. If any is specified the rule will apply on resources that have any of the tags. If not specified, deafult behavior is `any`.
 - `tags` (Set of String) The tags for which to apply the permission. Supports two custom tags:
 	* untagged:  Apply to all resources without tags
   * (asterisk): Apply to all resources with any tag