Merge pull request #218 from dbt-labs/update-permissions

Update permissions for groups and tokens
dbt-labs · Nov 14, 2023 · d5b9484 · d5b9484
2 parents d4909df + 89b60b4
commit d5b9484
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 15 deletions.
diff --git a/pkg/resources/group.go b/pkg/resources/group.go
@@ -16,6 +16,8 @@ var (
 		"owner",
 		"member",
 		"account_admin",
+		"security_admin",
+		"billing_admin",
 		"admin",
 		"database_admin",
 		"git_admin",
@@ -29,6 +31,7 @@ var (
 		"project_creator",
 		"account_viewer",
 		"metadata_only",
+		"semantic_layer_only",
 		"webhooks_only",
 	}
 )
@@ -98,7 +101,11 @@ func ResourceGroup() *schema.Resource {
 	}
 }
 
-func resourceGroupCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+func resourceGroupCreate(
+	ctx context.Context,
+	d *schema.ResourceData,
+	m interface{},
+) diag.Diagnostics {
 	c := m.(*dbt_cloud.Client)
 
 	var diags diag.Diagnostics
@@ -142,7 +149,11 @@ func resourceGroupCreate(ctx context.Context, d *schema.ResourceData, m interfac
 	return diags
 }
 
-func resourceGroupRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+func resourceGroupRead(
+	ctx context.Context,
+	d *schema.ResourceData,
+	m interface{},
+) diag.Diagnostics {
 	c := m.(*dbt_cloud.Client)
 
 	var diags diag.Diagnostics
@@ -188,15 +199,21 @@ func resourceGroupRead(ctx context.Context, d *schema.ResourceData, m interface{
 	return diags
 }
 
-func resourceGroupUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+func resourceGroupUpdate(
+	ctx context.Context,
+	d *schema.ResourceData,
+	m interface{},
+) diag.Diagnostics {
 	c := m.(*dbt_cloud.Client)
 
 	groupID, err := strconv.Atoi(d.Id())
 	if err != nil {
 		return diag.FromErr(err)
 	}
 
-	if d.HasChange("name") || d.HasChange("assign_by_default") || d.HasChange("sso_mapping_groups") {
+	if d.HasChange("name") ||
+		d.HasChange("assign_by_default") ||
+		d.HasChange("sso_mapping_groups") {
 		group, err := c.GetGroup(groupID)
 		if err != nil {
 			return diag.FromErr(err)
@@ -247,7 +264,11 @@ func resourceGroupUpdate(ctx context.Context, d *schema.ResourceData, m interfac
 	return resourceGroupRead(ctx, d, m)
 }
 
-func resourceGroupDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+func resourceGroupDelete(
+	ctx context.Context,
+	d *schema.ResourceData,
+	m interface{},
+) diag.Diagnostics {
 	c := m.(*dbt_cloud.Client)
 
 	groupID, err := strconv.Atoi(d.Id())

diff --git a/pkg/resources/service_token.go b/pkg/resources/service_token.go
@@ -13,7 +13,11 @@ import (
 
 var (
 	servicetokenPermissionSets = []string{
+		"owner",
+		"member",
 		"account_admin",
+		"security_admin",
+		"billing_admin",
 		"admin",
 		"database_admin",
 		"git_admin",
@@ -27,6 +31,8 @@ var (
 		"project_creator",
 		"account_viewer",
 		"metadata_only",
+		"semantic_layer_only",
+		"webhooks_only",
 	}
 )
 
@@ -68,10 +74,13 @@ func ResourceServiceToken() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"permission_set": {
-							Type:         schema.TypeString,
-							Required:     true,
-							Description:  "Set of permissions to apply",
-							ValidateFunc: validation.StringInSlice(servicetokenPermissionSets, false),
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: "Set of permissions to apply",
+							ValidateFunc: validation.StringInSlice(
+								servicetokenPermissionSets,
+								false,
+							),
 						},
 						"project_id": {
 							Type:        schema.TypeInt,
@@ -94,7 +103,11 @@ func ResourceServiceToken() *schema.Resource {
 	}
 }
 
-func resourceServiceTokenCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+func resourceServiceTokenCreate(
+	ctx context.Context,
+	d *schema.ResourceData,
+	m interface{},
+) diag.Diagnostics {
 	c := m.(*dbt_cloud.Client)
 
 	var diags diag.Diagnostics
@@ -108,7 +121,10 @@ func resourceServiceTokenCreate(ctx context.Context, d *schema.ResourceData, m i
 	}
 
 	serviceTokenPermissionsRaw := d.Get("service_token_permissions").(*schema.Set).List()
-	serviceTokenPermissions := make([]dbt_cloud.ServiceTokenPermission, len(serviceTokenPermissionsRaw))
+	serviceTokenPermissions := make(
+		[]dbt_cloud.ServiceTokenPermission,
+		len(serviceTokenPermissionsRaw),
+	)
 	for i, p := range serviceTokenPermissionsRaw {
 		permission := p.(map[string]interface{})
 		serviceTokenPermission := dbt_cloud.ServiceTokenPermission{
@@ -136,7 +152,11 @@ func resourceServiceTokenCreate(ctx context.Context, d *schema.ResourceData, m i
 	return diags
 }
 
-func resourceServiceTokenRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+func resourceServiceTokenRead(
+	ctx context.Context,
+	d *schema.ResourceData,
+	m interface{},
+) diag.Diagnostics {
 	c := m.(*dbt_cloud.Client)
 
 	var diags diag.Diagnostics
@@ -185,7 +205,11 @@ func resourceServiceTokenRead(ctx context.Context, d *schema.ResourceData, m int
 	return diags
 }
 
-func resourceServiceTokenUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+func resourceServiceTokenUpdate(
+	ctx context.Context,
+	d *schema.ResourceData,
+	m interface{},
+) diag.Diagnostics {
 	c := m.(*dbt_cloud.Client)
 
 	serviceTokenID, err := strconv.Atoi(d.Id())
@@ -221,7 +245,10 @@ func resourceServiceTokenUpdate(ctx context.Context, d *schema.ResourceData, m i
 
 	if d.HasChange("service_token_permissions") {
 		serviceTokenPermissionsRaw := d.Get("service_token_permissions").(*schema.Set).List()
-		serviceTokenPermissions := make([]dbt_cloud.ServiceTokenPermission, len(serviceTokenPermissionsRaw))
+		serviceTokenPermissions := make(
+			[]dbt_cloud.ServiceTokenPermission,
+			len(serviceTokenPermissionsRaw),
+		)
 		for i, p := range serviceTokenPermissionsRaw {
 			permission := p.(map[string]interface{})
 			serviceTokenPermission := dbt_cloud.ServiceTokenPermission{
@@ -242,7 +269,11 @@ func resourceServiceTokenUpdate(ctx context.Context, d *schema.ResourceData, m i
 	return resourceServiceTokenRead(ctx, d, m)
 }
 
-func resourceServiceTokenDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+func resourceServiceTokenDelete(
+	ctx context.Context,
+	d *schema.ResourceData,
+	m interface{},
+) diag.Diagnostics {
 	c := m.(*dbt_cloud.Client)
 
 	var diags diag.Diagnostics