Skip to content

feat(authorization): refactor role_assignment resource and implement folder assignment #1058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(authorization): refactor role_assignment resource and implement folder assignment #1058

wants to merge 1 commit into from
+902 −196

Conversation

@h3adex
Copy link
Contributor

@h3adex h3adex commented Nov 14, 2025
edited
Loading

Description

This PR refactors stackit_authorization_{project,folder,organization}_role_assignment resources to align with our coding standards and adds tests for resource.go and utils.go. It also adds the capability to add role assignments to Folder.

E2E Results:
Screenshot 2025-11-14 at 11 09 06

Required ENV:
TF_ACC=1
TF_ACC_REGION=eu01
TF_ACC_ORGANIZATION_ID=xxxx
STACKIT_SERVICE_ACCOUNT_TOKEN=ey..
TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL=terraform-xxxx@sa.stackit.cloud

Manual Tests:

locals {
  org_id      = "xxxx"
  owner_email = "terraform-xxxx@sa.stackit.cloud"
}

resource "stackit_resourcemanager_folder" "folder" {
  parent_container_id = local.org_id
  name                = "e2e-test-folder"
  owner_email         = local.owner_email
}

resource "stackit_resourcemanager_project" "project" {
  parent_container_id = local.org_id
  name                = "e2e-test-folder"
  owner_email         = local.owner_email
}

resource "stackit_authorization_folder_role_assignment" "fra" {
  resource_id = stackit_resourcemanager_folder.folder.folder_id
  role        = "editor"
  subject     = local.owner_email
}

resource "stackit_authorization_folder_role_assignment" "fra_duplicate" {
  resource_id = stackit_resourcemanager_folder.folder.folder_id
  role        = "editor"
  subject     = local.owner_email
}

resource "stackit_authorization_project_role_assignment" "pra" {
  resource_id = stackit_resourcemanager_project.project.project_id
  role        = "reader"
  subject     = local.owner_email
}

resource "stackit_authorization_organization_role_assignment" "ora" {
  resource_id = local.org_id
  role        = "iaas.project.admin"
  subject     = local.owner_email
}

Checklist

  • Issue was linked above
  • Code format was applied: make fmt
  • Examples were added / adjusted (see examples/ directory)
  • Docs are up-to-date: make generate-docs (will be checked by CI)
  • Unit tests got implemented or updated
  • Acceptance tests got implemented or updated (see e.g. here)
  • Unit tests are passing: make test (will be checked by CI)
  • No linter issues: make lint (will be checked by CI)

@h3adex h3adex requested a review from a team as a code owner November 14, 2025 10:18
h3adex
h3adex commented Nov 14, 2025
View reviewed changes
stackit/internal/services/authorization/roleassignments/resource.go
}

// returns an error if duplicate role assignment exists
func (r *roleAssignmentResource) checkDuplicate(ctx context.Context, model Model) error { //nolint:gocritic // A read only copy is required since an api response is parsed into the model and this check should not affect the model parameter
Copy link
Contributor Author

@h3adex h3adex Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed this Func. We don't need to check if a duplicate role assignment exists. This logic is handled by the API itself.

@h3adex h3adex changed the title feat(authorization): implement folder_role_assignment resource feat(authorization): refactor and implement folder for role_assignment resource Nov 14, 2025
@h3adex h3adex force-pushed the feat/implement-folder-role-assignments branch 2 times, most recently from 7946842 to e8415a6 Compare November 14, 2025 10:31
@h3adex
feat(authorization): implement folder_role_assignment resource
5634558 
Signed-off-by: Mauritz Uphoff <mauritz.uphoff@stackit.cloud>
@h3adex h3adex force-pushed the feat/implement-folder-role-assignments branch from e8415a6 to 5634558 Compare November 14, 2025 11:27
@h3adex h3adex changed the title feat(authorization): refactor and implement folder for role_assignment resource feat(authorization): refactor role_assignment resource and implement folder assignment Nov 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

has internal tracking issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@h3adex @rubenhoenle