Skip to content

feat(permission_set_saas): create resource, datasource, example, docs #286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
semyonmor merged 1 commit into from
Feb 2, 2025
Merged

feat(permission_set_saas): create resource, datasource, example, docs #286

semyonmor merged 1 commit into from
Feb 2, 2025

Conversation

@ErmanShani
Copy link
Collaborator

@ErmanShani ErmanShani commented Jan 26, 2025
edited by semyonmor
Loading

[SLK-88696]

This change implements comprehensive support for RBAC v3 Permission Sets in Aqua SaaS environments through:

Core Components:

  • New resource aquasec_permission_set_saas with full CRUD capabilities
  • New data source aquasec_permissions_sets_saas for querying permission sets
  • Client package implementing Permission Sets API operations
  • Integration with RBAC v3 API endpoints

Client Package Changes:

  • Added saasUrl constant for SaaS environment API endpoints
  • New validateSaasEnv helper function to enforce SaaS-only operations:
  • Validates operations against clientType (Saas/SaasDev)
  • Returns descriptive errors for non-SaaS environments
  • Used across all SaaS permission set operations

Resource Implementation Details:

  • Configurable attributes:
  • name (required, forces new resource)
  • description (optional)
  • ui_access (optional, defaults to true)
  • is_super (optional, defaults to false)
  • actions (optional list of allowed actions)
  • Import functionality for existing permission sets
  • State management with proper ID handling
  • External modification detection and reconciliation
  • Proper cleanup on resource deletion

Data Source Implementation:

  • Lists all available permission sets
  • Supports filtering by name and ui_access
  • Returns full permission set details including actions
  • Random ID generation for empty result sets

API Client Layer:

  • Complete CRUD operation support
  • Rate limiting implementation
  • Proper error handling and status code validation
  • Request authentication via Bearer tokens
  • Validation for SaaS environment compatibility

Testing Coverage:

  • Unit tests for resource CRUD operations
  • Data source retrieval tests
  • Error handling scenarios:
  • Invalid configurations
  • API failures
  • External modifications
  • Missing resources
  • Permission validation
  • Import/export functionality verification
  • Edge cases for name lengths and action lists
  • Test coverage exceeding 80%

Migration Support:

  • Warning message for legacy resource users
  • Documentation for migration path
  • Backwards compatibility considerations
  • Example configurations provided

Documentation:

  • Resource and data source usage examples
  • Attribute descriptions and constraints
  • Import/export instructions
  • Migration guide from legacy resource
  • API endpoint references

This implementation provides:

  1. Complete coverage of SaaS platform permissions beyond workload protection
  2. Cleaner API interface through RBAC v3
  3. Improved validation and error handling
  4. Comprehensive testing coverage
  5. Clear migration path from legacy implementations

Breaking Changes:

  • SaaS customers should migrate from aquasec_permissions_sets to aquasec_permission_set_saas
  • Legacy resource will display warning message for SaaS environments

Tested in SaaS environment with various permission configurations and external modification scenarios.

@CLAassistant
Copy link

CLAassistant commented Jan 26, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Shani Erman seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch 2 times, most recently from 4352b00 to d4215b2 Compare January 26, 2025 11:22
@semyonm0r semyonm0r changed the title feat(provider): Add RBAC v3 Permission Sets support for Aqua SaaS [SL… feat(permission_set_saas): Add RBAC v3 Permission Sets support Jan 26, 2025
@semyonm0r semyonm0r changed the title feat(permission_set_saas): Add RBAC v3 Permission Sets support feat(permission_set_saas): create resource, datasource, example, docs Jan 26, 2025
@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch from 34cd61e to 11f2f60 Compare January 26, 2025 14:42
@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch 2 times, most recently from 5b18edc to fd03f7b Compare January 26, 2025 15:27
@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch from fd03f7b to 44c331c Compare January 27, 2025 14:45
@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch from 44c331c to 5add5ec Compare January 28, 2025 11:56
@semyonmor semyonmor self-requested a review January 28, 2025 11:58
@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch from 4838c7b to 920f7c3 Compare January 28, 2025 15:20
@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch 4 times, most recently from 376cb7d to 814fe34 Compare January 30, 2025 14:17
@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch from 53956a9 to 0311396 Compare February 2, 2025 11:00
feat(provider): Add RBAC v3 Permission Sets support for Aqua SaaS [SL…
569d506 
…K-88696]

This change implements comprehensive support for RBAC v3 Permission Sets in Aqua SaaS environments through:

Core Components:
- New resource `aquasec_permission_set_saas` with full CRUD capabilities
- New data source `aquasec_permissions_sets_saas` for querying permission sets
- Client package implementing Permission Sets API operations
- Integration with RBAC v3 API endpoints

Client Package Changes:
- Added saasUrl constant for SaaS environment API endpoints
- New validateSaasEnv helper function to enforce SaaS-only operations:
 * Validates operations against clientType (Saas/SaasDev)
 * Returns descriptive errors for non-SaaS environments
 * Used across all SaaS permission set operations

Resource Implementation Details:
- Configurable attributes:
 * name (required, forces new resource)
 * description (optional)
 * ui_access (optional, defaults to true)
 * is_super (optional, defaults to false)
 * actions (optional list of allowed actions)
- Import functionality for existing permission sets
- State management with proper ID handling
- External modification detection and reconciliation
- Proper cleanup on resource deletion

Data Source Implementation:
- Lists all available permission sets
- Supports filtering by name and ui_access
- Returns full permission set details including actions
- Random ID generation for empty result sets

API Client Layer:
- Complete CRUD operation support
- Rate limiting implementation
- Proper error handling and status code validation
- Request authentication via Bearer tokens
- Validation for SaaS environment compatibility

Testing Coverage:
- Unit tests for resource CRUD operations
- Data source retrieval tests
- Error handling scenarios:
 * Invalid configurations
 * API failures
 * External modifications
 * Missing resources
 * Permission validation
- Import/export functionality verification
- Edge cases for name lengths and action lists
- Test coverage exceeding 80%

Migration Support:
- Warning message for legacy resource users
- Documentation for migration path
- Backwards compatibility considerations
- Example configurations provided

Documentation:
- Resource and data source usage examples
- Attribute descriptions and constraints
- Import/export instructions
- Migration guide from legacy resource
- API endpoint references

This implementation provides:
1. Complete coverage of SaaS platform permissions beyond workload protection
2. Cleaner API interface through RBAC v3
3. Improved validation and error handling
4. Comprehensive testing coverage
5. Clear migration path from legacy implementations

Breaking Changes:
- SaaS customers should migrate from aquasec_permissions_sets to aquasec_permission_set_saas
- Legacy resource will display warning message for SaaS environments

Tested in SaaS environment with various permission configurations and external modification scenarios.
@ErmanShani ErmanShani force-pushed the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch from 0311396 to 569d506 Compare February 2, 2025 12:22
@semyonmor semyonmor merged commit 7dc16ba into main Feb 2, 2025
5 of 7 checks passed
@semyonmor semyonmor deleted the SLK-88696-tp-add-support-for-rbac-v-3-permission-sets branch February 2, 2025 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@semyonmor semyonmor semyonmor approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ErmanShani @CLAassistant @semyonmor @semyonm0r