resource/pagerduty_team_membership: Support team member's role #151
Conversation
$ GO111MODULE=on go get -u github.com/heimweh/go-pagerduty/pagerduty $ GO111MODULE=on go mod vendor
ghost
added
|
Could anybody take a look...? |
| Type: schema.TypeString, | ||
| Optional: true, | ||
| Computed: true, | ||
| ForceNew: true, |
There was a problem hiding this comment.
This is not explicitely documented, but it is not required to recreate the team membership resource when only the role changes.
That is, invoking PUT https://api.pagerduty.com/teams/***/users/*** with AddUserWithRole on an already existing team member works:
# curl -s -X GET --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Authorization: Token token=******' 'https://api.pagerduty.com/teams/P4*****/members' | jq '.members[] | select(.user.id=="P2*****")'
{
"user": {
"id": "P2*****",
"type": "user_reference",
"summary": "User Name",
"self": "https://api.pagerduty.com/users/P2*****",
"html_url": "https://claranet.pagerduty.com/users/P2*****"
},
"role": "manager"
}
# curl -i -X PUT --header 'Content-Type: application/json' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Authorization: Token token=******' -d '{
"role": "observer"
}' 'https://api.pagerduty.com/teams/P4*****/users/P2*****' |& grep HTTP
HTTP/2 204
# curl -s -X GET --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Authorization: Token token=******' 'https://api.pagerduty.com/teams/P4*****/members' | jq '.members[] | select(.user.id=="P2*****")'
{
"user": {
"id": "P2*****",
"type": "user_reference",
"summary": "User Name",
"self": "https://api.pagerduty.com/users/P2*****",
"html_url": "https://claranet.pagerduty.com/users/P2*****"
},
"role": "observer"
}
Not recreating the team membership avoids the user loosing the role even for a very short period.
That will require introducing a resourcePagerDutyTeamMembershipUpdate function.
There was a problem hiding this comment.
Thanks. I added resourcePagerDutyTeamMembershipUpdate with the same logic of resourcePagerDutyTeamMembershipCreate. (hashicorp@3a0aaca) It worked fine.
# pagerduty_team_membership.dtan4 will be updated in-place
~ resource "pagerduty_team_membership" "dtan4" {
id = "PPPPPPP:PQQQQQQ"
~ role = "manager" -> "observer"
team_id = "PPPPPPP"
user_id = "PQQQQQQ"
}
| @@ -30,6 +30,12 @@ func resourcePagerDutyTeamMembership() *schema.Resource { | |||
| Required: true, | |||
| ForceNew: true, | |||
| }, | |||
| "role": { | |||
| Type: schema.TypeString, | |||
| Optional: true, | |||
There was a problem hiding this comment.
I remember there are issues when Optional and Computed are used together, not sure if it applies here.
This probably needs more attention.
hashicorp/terraform-provider-google#3477 (comment)
hashicorp/terraform#20505 (comment)
hashicorp/terraform-provider-google#4326
There was a problem hiding this comment.
Changed to Optional only, as developers can set value by themselves or use the default value.
hashicorp@003ba6c
| @@ -11,14 +11,15 @@ import ( | |||
| func TestAccPagerDutyTeamMembership_import(t *testing.T) { | |||
| user := fmt.Sprintf("tf-%s", acctest.RandString(5)) | |||
| team := fmt.Sprintf("tf-%s", acctest.RandString(5)) | |||
| role := "manager" | |||
There was a problem hiding this comment.
I think the original test should probably be left untouched to ensure no regression is introduced.
Maybe a new TestAccPagerDutyTeamMembership_importWithRole test should be introduced.
There was a problem hiding this comment.
Thanks. Created a new testcase for withRole.
hashicorp@6ce1d0c
| @@ -13,14 +13,15 @@ import ( | |||
| func TestAccPagerDutyTeamMembership_Basic(t *testing.T) { | |||
| user := fmt.Sprintf("tf-%s", acctest.RandString(5)) | |||
| team := fmt.Sprintf("tf-%s", acctest.RandString(5)) | |||
| role := "manager" | |||
There was a problem hiding this comment.
I think the original test should probably be left untouched to ensure no regression is introduced.
Maybe a new TestAccPagerDutyTeamMembership_WithRole test should be introduced.
There was a problem hiding this comment.
Thanks. Created a new testcase for withRole.
hashicorp@89b0e5f
| @@ -30,6 +30,12 @@ func resourcePagerDutyTeamMembership() *schema.Resource { | |||
| Required: true, | |||
| ForceNew: true, | |||
| }, | |||
| "role": { | |||
There was a problem hiding this comment.
Validation could probably be added:
The role of the user on the team.
Can beobserver,responderormanager
https://api-reference.pagerduty.com/#!/Teams/put_teams_id_users_user_id
There was a problem hiding this comment.
Added! hashicorp@8521226
|
|
||
| retryErr := resource.Retry(2*time.Minute, func() *resource.RetryError { | ||
| if _, err := client.Teams.AddUser(teamID, userID); err != nil { | ||
| if _, err := client.Teams.AddUserWithRole(teamID, userID, role); err != nil { |
There was a problem hiding this comment.
What if the role is empty? Shouldn't client.Teams.AddUser(teamID, userID) be used instead?
There was a problem hiding this comment.
I defined a default value for role to be the same as the current API behavior, calling AddUser API without role.
hashicorp@a560e09
With validation implemented at hashicorp@8521226, this resource guarantees a valid value is set in role at every time. So I think it's okay to use AddUserWithRole at every time too.
| d.Set("role", "") | ||
|
|
||
| if isTeamMember(user, teamID) { | ||
| resp, _, err := client.Teams.GetMembers(teamID, &pagerduty.GetMembersOptions{}) |
There was a problem hiding this comment.
Shouldn't client.Teams.GetMembers become the main API to query for resourcePagerDutyTeamMembershipRead instead of calling client.Users.Get?
This could probably simplify things a bit, isn't it?
There was a problem hiding this comment.
Instead of using client.Users.Get, I could simplify the logic with client.Teams.GetMembers only.
hashicorp@1f71c0c
How about this?
|
@pdecat Thank you for reviewing! I added some more changes you pointed out. Could you take another look? |
|
Is there any chance to merge this...? 👀 |
|
Subbed - this just hit us and we had to fall back to the legacy |
|
Any updates on this? Is there any way I can help out? |
|
@stmcallister any chance on getting this reviewed/merged for the next release? |
|
Sorry for the delay! What are you getting for your test results? I'm getting the following failures. |
|
@stmcallister Sorry for the late reply, When I submitted this Pull Request, this However, the behavior changed (reverted?) recently; this API assigns I modified the default membership role to Could you review again? Thanks! |
|
@dtan4 looks great! thank you! |
WHAT
Add
rolefield topagerduty_team_membershipresource to specify team member's roleWHY
A few months ago, we can add users to team with "manager" role by this resource.
However, a new member is assigned with "observer" role recently. This behavior is unexpected for us. We'd like to give each team members permission to manage their on-call schedule by themselves, but "observer" role doesn't allow it.
PagerDuty API has a field to specify member role when we create a new membership.
https://api-reference.pagerduty.com/#!/Teams/put_teams_id_users_user_id
We'd like to specify the role at the creation time.
UPDATE 2020-03-09:
Now this API assigns
managerrole by default, but I think this change can still be helpful to manage memberships in detail.See https://github.com/terraform-providers/terraform-provider-pagerduty/pull/151#issuecomment-596463829 for details.