TF-5569 add support for custom project permissions (#983)

* Add customizable project level permissions in dataSourceTFETeamProjectAccess
* Add customizable project level permission in resourceTFETeamProjectAccess

CHANGELOG.md

@@ -9,6 +9,9 @@ FEATURES:
 * `d/tfe_saml_settings`: Add PrivateKey (sensitive), SignatureSigningMethod, and SignatureDigestMethod attributes, by @karvounis-form3 [970](https://github.com/hashicorp/terraform-provider-tfe/pull/970)
 * **New Resource**: `r/tfe_project_policy_set` is a new resource to attach/detach an existing `project` to an existing `policy set`, by @Netra2104 [972](https://github.com/hashicorp/terraform-provider-tfe/pull/972)
 * `d/tfe_policy_set`: Add `project_ids` attribute, by @Netra2104 [974](https://github.com/hashicorp/terraform-provider-tfe/pull/974/files)
+* `r/tfe_team_project_access`: Add a `custom` option to the `access` attribute as well as `project_access` and `workspace_access` attributes with
+various customizable permissions options to apply to a project and all of the workspaces therein, by @rberecka [983](https://github.com/hashicorp/terraform-provider-tfe/pull/983)
+* `d/team_project_access`: Add a `custom` option to the `access` attribute as well as `project_access` and `workspace_access` attributes, by @rberecka [983](https://github.com/hashicorp/terraform-provider-tfe/pull/983)
 
 NOTES:
 * The provider is now using go-tfe [v1.30.0](https://github.com/hashicorp/go-tfe/releases/tag/v1.30.0), by @karvounis-form3 [970](https://github.com/hashicorp/terraform-provider-tfe/pull/970)

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/go-slug v0.12.0
-	github.com/hashicorp/go-tfe v1.31.0
+	github.com/hashicorp/go-tfe v1.32.0
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/hcl v1.0.0
 	github.com/hashicorp/hcl/v2 v2.17.0 // indirect

go.sum

@@ -56,8 +56,8 @@ github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZn
 github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-slug v0.12.0 h1:y1ArGp5RFF85uvD8nq5VZug/bup/kGN5Ft4xFOQ5GPM=
 github.com/hashicorp/go-slug v0.12.0/go.mod h1:JZVtycnZZbiJ4oxpJ/zfhyfBD8XxT4f0uOSyjNLCqFY=
-github.com/hashicorp/go-tfe v1.31.0 h1:R1CokrAVBHxrsvRw1vKes7RQxTRTWcula7gjQK7Jfsk=
-github.com/hashicorp/go-tfe v1.31.0/go.mod h1:vcfy2u52JQ4sYLFi941qcQXQYfUq2RjEW466tZ+m97Y=
+github.com/hashicorp/go-tfe v1.32.0 h1:wyUQJHPrqF5IwD5Y4YJFTlU3A08LXoJ2PLF7x80febU=
+github.com/hashicorp/go-tfe v1.32.0/go.mod h1:vcfy2u52JQ4sYLFi941qcQXQYfUq2RjEW466tZ+m97Y=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=

tfe/data_source_team_project_access.go

@@ -5,6 +5,7 @@ package tfe
 
 import (
 	"context"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 
 	tfe "github.com/hashicorp/go-tfe"
@@ -30,18 +31,88 @@ func dataSourceTFETeamProjectAccess() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+
+			"project_access": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"settings": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"teams": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+
+			"workspace_access": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"create": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"locking": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"move": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"delete": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"run_tasks": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"runs": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"sentinel_mocks": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"state_versions": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"variables": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
 
 func dataSourceTFETeamProjectAccessRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	config := meta.(ConfiguredClient)
-
 	// Get the team ID.
 	teamID := d.Get("team_id").(string)
-
 	// Get the project
 	projectID := d.Get("project_id").(string)
+
 	proj, err := config.Client.Projects.Read(ctx, projectID)
 	if err != nil {
 		return diag.Errorf(

tfe/data_source_team_project_access_test.go

@@ -37,6 +37,55 @@ func TestAccTFETeamProjectAccessDataSource_basic(t *testing.T) {
 	})
 }
 
+func TestAccTFETeamProjectCustomAccessDataSource_basic(t *testing.T) {
+	tfeClient, err := getClientUsingEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	org, orgCleanup := createBusinessOrganization(t, tfeClient)
+	t.Cleanup(orgCleanup)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFETeamProjectCustomAccessDataSourceConfig(org.Name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.tfe_team_project_access.foobar_custom", "id"),
+					resource.TestCheckResourceAttrSet("data.tfe_team_project_access.foobar_custom", "team_id"),
+					resource.TestCheckResourceAttrSet("data.tfe_team_project_access.foobar_custom", "project_id"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "access", "custom"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "project_access.0.settings", "delete"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "project_access.0.teams", "manage"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.state_versions", "write"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.sentinel_mocks", "read"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.runs", "apply"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.variables", "write"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.create", "true"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.locking", "true"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.move", "true"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.delete", "false"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.run_tasks", "false"),
+				),
+			},
+		},
+	})
+}
+
 func testAccTFETeamProjectAccessDataSourceConfig(organization string) string {
 	return fmt.Sprintf(`
 resource "tfe_team" "foobar" {
@@ -61,3 +110,43 @@ data "tfe_team_project_access" "foobar" {
   depends_on = [tfe_team_project_access.foobar]
 }`, organization, organization)
 }
+
+func testAccTFETeamProjectCustomAccessDataSourceConfig(organization string) string {
+	return fmt.Sprintf(`
+resource "tfe_team" "foobar_custom" {
+  name         = "team-test2"
+  organization = "%s"
+}
+
+resource "tfe_project" "foobar_custom" {
+  name         = "projecttest2"
+  organization = "%s"
+}
+
+resource "tfe_team_project_access" "foobar_custom" {
+  access       = "custom"
+  team_id      = tfe_team.foobar_custom.id
+  project_id   = tfe_project.foobar_custom.id
+  project_access {
+    settings = "delete"
+    teams    = "manage"
+  }
+  workspace_access {
+    state_versions = "write"
+    sentinel_mocks = "read"
+		runs					 = "apply"
+    variables      = "write"
+    create         = true
+    locking        = true
+    move           = true
+    delete         = false
+    run_tasks      = false
+  }
+}
+
+data "tfe_team_project_access" "foobar_custom" {
+  team_id      = tfe_team.foobar_custom.id
+  project_id   = tfe_project.foobar_custom.id
+  depends_on   = [tfe_team_project_access.foobar_custom]
+}`, organization, organization)
+}