Add ability to update team accesses

hashicorp · Jun 15, 2020 · 6fda71c · 6fda71c
1 parent caa1df6
commit 6fda71c
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 0 deletions.
diff --git a/team_access.go b/team_access.go
@@ -25,6 +25,9 @@ type TeamAccesses interface {
 	// Read a team access by its ID.
 	Read(ctx context.Context, teamAccessID string) (*TeamAccess, error)
 
+	// Update a team access by its ID.
+	Update(ctx context.Context, teamAccessID string, options TeamAccessUpdateOptions) (*TeamAccess, error)
+
 	// Remove team access from a workspace.
 	Remove(ctx context.Context, teamAccessID string) error
 }
@@ -214,6 +217,47 @@ func (s *teamAccesses) Read(ctx context.Context, teamAccessID string) (*TeamAcce
 	return ta, nil
 }
 
+// TeamAccessUpdateOptions represents the options for updating team access.
+type TeamAccessUpdateOptions struct {
+	// For internal use only!
+	ID string `jsonapi:"primary,team-workspaces"`
+
+	// The type of access to grant.
+	Access *AccessType `jsonapi:"attr,access,omitempty"`
+
+	// Custom workspace access permissions. These can only be edited when Access is 'custom'; otherwise, they are
+	// read-only and reflect the Access level's implicit permissions.
+	Runs             *RunsPermissionType          `jsonapi:"attr,runs,omitempty"`
+	Variables        *VariablesPermissionType     `jsonapi:"attr,variables,omitempty"`
+	StateVersions    *StateVersionsPermissionType `jsonapi:"attr,state-versions,omitempty"`
+	SentinelMocks    *SentinelMocksPermissionType `jsonapi:"attr,sentinel-mocks,omitempty"`
+	WorkspaceLocking *bool                        `jsonapi:"attr,workspace-locking,omitempty"`
+}
+
+// Update team access for a workspace
+func (s *teamAccesses) Update(ctx context.Context, teamAccessID string, options TeamAccessUpdateOptions) (*TeamAccess, error) {
+	if !validStringID(&teamAccessID) {
+		return nil, errors.New("invalid value for team access ID")
+	}
+
+	// Make sure we don't send a user provided ID.
+	options.ID = ""
+
+	u := fmt.Sprintf("team-workspaces/%s", url.QueryEscape(teamAccessID))
+	req, err := s.client.newRequest("PATCH", u, &options)
+	if err != nil {
+		return nil, err
+	}
+
+	ta := &TeamAccess{}
+	err = s.client.do(ctx, req, ta)
+	if err != nil {
+		return nil, err
+	}
+
+	return ta, err
+}
+
 // Remove team access from a workspace.
 func (s *teamAccesses) Remove(ctx context.Context, teamAccessID string) error {
 	if !validStringID(&teamAccessID) {

diff --git a/team_access_test.go b/team_access_test.go
@@ -234,6 +234,36 @@ func TestTeamAccessesRead(t *testing.T) {
 	})
 }
 
+func TestTeamAccessesUpdate(t *testing.T) {
+	client := testClient(t)
+	ctx := context.Background()
+
+	orgTest, orgTestCleanup := createOrganization(t, client)
+	defer orgTestCleanup()
+
+	wTest, wTestCleanup := createWorkspace(t, client, orgTest)
+	defer wTestCleanup()
+
+	tmTest, tmTestCleanup := createTeam(t, client, orgTest)
+	defer tmTestCleanup()
+
+	taTest, taTestCleanup := createTeamAccess(t, client, tmTest, wTest, nil)
+	defer taTestCleanup()
+
+	t.Run("with valid attributes", func(t *testing.T) {
+		options := TeamAccessUpdateOptions{
+			Access: Access(AccessCustom),
+			Runs:   RunsPermission(RunsPermissionPlan),
+		}
+
+		ta, err := client.TeamAccess.Update(ctx, taTest.ID, options)
+		require.NoError(t, err)
+
+		assert.Equal(t, ta.Access, AccessCustom)
+		assert.Equal(t, ta.Runs, RunsPermissionPlan)
+	})
+}
+
 func TestTeamAccessesRemove(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()