d

Author: Shani Erman

aquasec/data_permissions_sets_saas.go

@@ -38,16 +38,6 @@ func dataSourcePermissionsSetsSaas() *schema.Resource {
                                 Type: schema.TypeString,
                             },
                         },
-                        "ui_access": {
-                            Type:        schema.TypeBool,
-                            Description: "Whether UI access is allowed",
-                            Computed:    true,
-                        },
-                        "is_super": {
-                            Type:        schema.TypeBool,
-                            Description: "Whether this is a super admin permission set",
-                            Computed:    true,
-                        },
                     },
                 },
             },
@@ -71,8 +61,6 @@ func dataPermissionsSetsSaasRead(ctx context.Context, d *schema.ResourceData, m
         p["name"] = permissionsSet.Name
         p["description"] = permissionsSet.Description
         p["actions"] = permissionsSet.Actions
-        p["ui_access"] = permissionsSet.UiAccess
-        p["is_super"] = permissionsSet.IsSuper
         ps[i] = p
     }
 

aquasec/resource_permission_set_saas.go

@@ -31,18 +31,6 @@ func resourcePermissionSetSaas() *schema.Resource {
 				Description: "Description of the permission set",
 				Optional:    true,
 			},
-			"ui_access": {
-				Type:        schema.TypeBool,
-				Description: "Whether to allow UI access for users with this permission set",
-				Optional:    true,
-				Default:     true,
-			},
-			"is_super": {
-				Type:        schema.TypeBool,
-				Description: "Give the permission set full access",
-				Optional:    true,
-				Default:     false,
-			},
 			"actions": {
 				Type:        schema.TypeList,
 				Description: "List of allowed actions for the permission set",
@@ -56,8 +44,6 @@ func resourcePermissionSetSaas() *schema.Resource {
 }
 
 func resourcePermissionSetSaasCreate(d *schema.ResourceData, m interface{}) error {
-	result := isSaasEnv()
-	log.Printf("SHANI-OUTPUT %v", result)
 	ac := m.(*client.Client)
 	name := d.Get("name").(string)
 
@@ -74,7 +60,7 @@ func resourcePermissionSetSaasCreate(d *schema.ResourceData, m interface{}) erro
 func resourcePermissionSetSaasUpdate(d *schema.ResourceData, m interface{}) error {
 	ac := m.(*client.Client)
 
-	if d.HasChanges("description", "ui_access", "is_super", "actions") {
+	if d.HasChanges("description", "actions") {
 		permSet := expandPermissionSetSaas(d)
 		err := ac.UpdatePermissionSetSaas(permSet)
 		if err != nil {
@@ -99,8 +85,6 @@ func resourcePermissionSetSaasRead(d *schema.ResourceData, m interface{}) error
 
 	d.Set("name", permSet.Name)
 	d.Set("description", permSet.Description)
-	d.Set("ui_access", permSet.UiAccess)
-	d.Set("is_super", permSet.IsSuper)
 	d.Set("actions", permSet.Actions)
 
 	return nil
@@ -123,8 +107,6 @@ func expandPermissionSetSaas(d *schema.ResourceData) *client.PermissionSetSaas {
 	permSet := client.PermissionSetSaas{
 		Name:        d.Get("name").(string),
 		Description: d.Get("description").(string),
-		UiAccess:    d.Get("ui_access").(bool),
-		IsSuper:     d.Get("is_super").(bool),
 	}
 
 	if v, ok := d.GetOk("actions"); ok {
@@ -137,4 +119,4 @@ func expandPermissionSetSaas(d *schema.ResourceData) *client.PermissionSetSaas {
 	}
 
 	return &permSet
-}
+}

aquasec/resource_permission_set_saas_test.go

@@ -30,7 +30,6 @@ var extendedTestActions = []string{
    "cnapp.dashboards.read",
 }
 
-
 var invalidConfigTestCases = []struct {
    name     string
    config   string
@@ -70,8 +69,6 @@ func testAccCheckAquasecPermissionSetSaas(name, description string, actions []st
    resource "aquasec_permission_set_saas" "new" {
        name        = "%s"
        description = "%s"
-       ui_access   = false
-       is_super    = false
        actions     = [%s]
    }`, name, description, actionsStr)
 }
@@ -232,7 +229,6 @@ func TestAquasecPermissionSetSaasWithExternalChanges(t *testing.T) {
    })
 }
 
-
 func TestAquasecPermissionSetSaasReadErrorHandling(t *testing.T) {
 	if !isSaasEnv() {
 		t.Skip("Skipping permission set test - not a SaaS environment")
@@ -283,3 +279,43 @@ func TestAquasecPermissionSetSaasUpdateErrorHandling(t *testing.T) {
 		},
 	})
 }
+
+
+func TestAquasecPermissionSetSaasValues(t *testing.T) {
+    if !isSaasEnv() {
+        t.Skip("Skipping permission set test - not a SaaS environment")
+    }
+
+    name := acctest.RandomWithPrefix("tf-test")[:maxNameLength]
+    description := "Created using Terraform"
+    resourceName := "aquasec_permission_set_saas.new"
+
+    resource.Test(t, resource.TestCase{
+        PreCheck:     func() { testAccPreCheck(t) },
+        Providers:    testAccProviders,
+        CheckDestroy: testAccPermissionSetSaasDestroy,
+        Steps: []resource.TestStep{
+            {
+                Config: testAccCheckAquasecPermissionSetSaas(name, description, extendedTestActions),
+                Check: resource.ComposeTestCheckFunc(
+                    testAccCheckAquasecPermissionSetSaasExists(resourceName),
+                    // Verify all attributes match exactly what was set
+                    resource.TestCheckResourceAttr(resourceName, "name", name),
+                    resource.TestCheckResourceAttr(resourceName, "description", description),
+                    // Verify each action in the actions list
+                    resource.TestCheckResourceAttr(resourceName, "actions.#", fmt.Sprintf("%d", len(extendedTestActions))),
+                    resource.TestCheckResourceAttr(resourceName, "actions.0", extendedTestActions[0]),
+                    resource.TestCheckResourceAttr(resourceName, "actions.1", extendedTestActions[1]),
+                    resource.TestCheckResourceAttr(resourceName, "actions.2", extendedTestActions[2]),
+                    resource.TestCheckResourceAttr(resourceName, "actions.3", extendedTestActions[3]),
+                    resource.TestCheckResourceAttr(resourceName, "actions.4", extendedTestActions[4]),
+                ),
+            },
+            {
+                ResourceName:      resourceName,
+                ImportState:       true,
+                ImportStateVerify: true,
+            },
+        },
+    })
+}

client/permission_sets_saas.go

@@ -36,8 +36,6 @@ type PermissionSetSaas struct {
 	Name        string   `json:"name"`
 	Description string   `json:"description,omitempty"`
 	Actions     []string `json:"actions,omitempty"`
-	UiAccess    bool     `json:"ui_access"`
-	IsSuper     bool     `json:"is_super"`
 }
 
 func unmarshalResponse(body string, target interface{}) error {

docs/data-sources/permissions_sets_saas.md

@@ -37,6 +37,4 @@ Read-Only:
 
 - `actions` (List of String)
 - `description` (String)
-- `is_super` (Boolean)
-- `name` (String)
-- `ui_access` (Boolean)
+- `name` (String)

docs/resources/permissions_sets_saas.md

@@ -15,8 +15,6 @@ The `aquasec_permission_set_saas` resource manages your Permission Set within Aq
 resource "aquasec_permission_set_saas" "example" {
   name        = "my_saas_perm_set"
   description = "Test Permissions Sets for SaaS"
-  ui_access   = false
-  is_super    = false
   actions = [
     "account_mgmt.groups.read",
     "cspm.cloud_accounts.read",
@@ -36,8 +34,6 @@ resource "aquasec_permission_set_saas" "example" {
 ## Optional
 
 - `description` (String) Description of the permission set
-- `ui_access` (Boolean) Whether UI access is allowed
-- `is_super` (Boolean) Whether this is a super admin permission set
 
 ## Read-Only
 

examples/resources/aquasec_permission_set_saas/resource.tf

@@ -1,8 +1,6 @@
 resource "aquasec_permission_set_saas" "example" {
   name        = "saas_permission_set"
   description = "SaaS Permission Set created by Terraform"
-  ui_access   = false
-  is_super    = false
   actions = [
     ###################
     # Account Management