Merge branch 'main' into chore-add-examples-#754

client/api_client.go

@@ -22,6 +22,7 @@ type ApiClientInterface interface {
 	OrganizationId() (string, error)
 	OrganizationPolicyUpdate(OrganizationPolicyUpdatePayload) (*Organization, error)
 	OrganizationUserUpdateRole(userId string, roleId string) error
+	OidcSub() (string, error)
 	Policy(projectId string) (Policy, error)
 	PolicyUpdate(payload PolicyUpdatePayload) (Policy, error)
 	Projects() ([]Project, error)

client/api_key.go

@@ -63,3 +63,17 @@ func (client *ApiClient) ApiKeys() ([]ApiKey, error) {
 
 	return result, err
 }
+
+func (client *ApiClient) OidcSub() (string, error) {
+	organizationId, err := client.OrganizationId()
+	if err != nil {
+		return "", err
+	}
+
+	var result string
+	if err := client.http.Get("/api-keys/oidc-sub", map[string]string{"organizationId": organizationId}, &result); err != nil {
+		return "", err
+	}
+
+	return result, nil
+}

client/api_key_test.go

@@ -94,4 +94,36 @@ var _ = Describe("ApiKey Client", func() {
 			httpCall.Times(1)
 		})
 	})
+
+	Describe("Get Oidc Sub", func() {
+		var returnedOidcSub string
+		var err error
+		mockedOidcSub := "oidc sub 1234"
+
+		BeforeEach(func() {
+			mockOrganizationIdCall(organizationId)
+			httpCall = mockHttpClient.EXPECT().
+				Get("/api-keys/oidc-sub", map[string]string{"organizationId": organizationId}, gomock.Any()).
+				Do(func(path string, request interface{}, response *string) {
+					*response = mockedOidcSub
+				})
+			returnedOidcSub, err = apiClient.OidcSub()
+		})
+
+		It("Should get organization id", func() {
+			organizationIdCall.Times(1)
+		})
+
+		It("Should send GET request", func() {
+			httpCall.Times(1)
+		})
+
+		It("Should return Oidc sub", func() {
+			Expect(returnedOidcSub).To(Equal(mockedOidcSub))
+		})
+
+		It("Should not return error", func() {
+			Expect(err).To(BeNil())
+		})
+	})
 })

client/configuration_variable.go

@@ -85,16 +85,6 @@ func (client *ApiClient) ConfigurationVariablesById(id string) (ConfigurationVar
 	return result, nil
 }
 
-func filterOutConfigurationVariables(variables []ConfigurationVariable, scope Scope) []ConfigurationVariable {
-	filteredVariables := []ConfigurationVariable{}
-	for _, variable := range variables {
-		if variable.Scope != scope {
-			filteredVariables = append(filteredVariables, variable)
-		}
-	}
-	return filteredVariables
-}
-
 func (client *ApiClient) ConfigurationVariablesByScope(scope Scope, scopeId string) ([]ConfigurationVariable, error) {
 	organizationId, err := client.OrganizationId()
 	if err != nil {
@@ -120,15 +110,15 @@ func (client *ApiClient) ConfigurationVariablesByScope(scope Scope, scopeId stri
 		return []ConfigurationVariable{}, err
 	}
 
-	// The API returns global and template scopes for environment (and other) scopes. Filter them out.
-	if scope != ScopeGlobal {
-		result = filterOutConfigurationVariables(result, ScopeGlobal)
-		if scope != ScopeTemplate {
-			result = filterOutConfigurationVariables(result, ScopeTemplate)
+	// The API returns variables of upper scopes. Filter them out.
+	var filteredVariables []ConfigurationVariable
+	for _, variable := range result {
+		if scopeId == variable.ScopeId && scope == variable.Scope {
+			filteredVariables = append(filteredVariables, variable)
 		}
 	}
 
-	return result, nil
+	return filteredVariables, nil
 }
 
 func (client *ApiClient) ConfigurationVariableCreate(params ConfigurationVariableCreateParams) (ConfigurationVariable, error) {

client/configuration_variable_test.go

@@ -38,30 +38,14 @@ var _ = Describe("Configuration Variable", func() {
 		Regex:          "regex",
 	}
 
-	mockGlobalConfigurationVariable := ConfigurationVariable{
-		Id:             "config-var-id-789",
-		Name:           "configName",
-		Description:    "configDescription",
-		Value:          "configValue",
-		OrganizationId: organizationId,
-		IsSensitive:    &isSensitive,
-		Scope:          ScopeGlobal,
-		Type:           &varType,
-		ScopeId:        "project-123",
-		UserId:         "user|123",
-		Schema:         &schema,
-		IsReadOnly:     &isReadOnly,
-		IsRequired:     &isRequired,
-		Regex:          "regex",
-	}
-
 	mockTemplateConfigurationVariable := ConfigurationVariable{
 		Id:             "config-var-id-1111",
 		Name:           "ignore",
 		Description:    "ignore",
 		Value:          "ignore",
 		OrganizationId: organizationId,
 		Scope:          ScopeTemplate,
+		ScopeId:        "scope-id",
 	}
 
 	Describe("ConfigurationVariable", func() {
@@ -277,9 +261,11 @@ var _ = Describe("Configuration Variable", func() {
 	})
 
 	Describe("ConfigurationVariablesByScope", func() {
+		scopeId := mockTemplateConfigurationVariable.ScopeId
+
 		var returnedVariables []ConfigurationVariable
-		mockVariables := []ConfigurationVariable{mockConfigurationVariable, mockGlobalConfigurationVariable, mockTemplateConfigurationVariable}
-		expectedParams := map[string]string{"organizationId": organizationId}
+		mockVariables := []ConfigurationVariable{mockTemplateConfigurationVariable}
+		expectedParams := map[string]string{"organizationId": organizationId, "blueprintId": scopeId}
 
 		BeforeEach(func() {
 			mockOrganizationIdCall(organizationId)
@@ -289,7 +275,7 @@ var _ = Describe("Configuration Variable", func() {
 				Do(func(path string, request interface{}, response *[]ConfigurationVariable) {
 					*response = mockVariables
 				})
-			returnedVariables, _ = apiClient.ConfigurationVariablesByScope(ScopeGlobal, "")
+			returnedVariables, _ = apiClient.ConfigurationVariablesByScope(ScopeTemplate, scopeId)
 		})
 
 		It("Should send GET request with expected params", func() {
@@ -303,32 +289,5 @@ var _ = Describe("Configuration Variable", func() {
 		It("Should return variables", func() {
 			Expect(returnedVariables).To(Equal(mockVariables))
 		})
-
-		DescribeTable("Different Scopes",
-			func(scope string, expectedFieldName string) {
-				scopeId := expectedFieldName + "-id"
-				expectedParams := map[string]string{
-					"organizationId":  organizationId,
-					expectedFieldName: scopeId,
-				}
-
-				httpCall = mockHttpClient.EXPECT().
-					Get("/configuration", expectedParams, gomock.Any()).
-					Do(func(path string, request interface{}, response *[]ConfigurationVariable) {
-						*response = mockVariables
-					})
-				returnedVariables, _ = apiClient.ConfigurationVariablesByScope(Scope(scope), scopeId)
-				if scope == string(ScopeTemplate) {
-					Expect(returnedVariables).To((Equal([]ConfigurationVariable{mockConfigurationVariable, mockTemplateConfigurationVariable})))
-				} else {
-					Expect(returnedVariables).To((Equal([]ConfigurationVariable{mockConfigurationVariable})))
-				}
-				httpCall.Times(1)
-			},
-			Entry("Template Scope", string(ScopeTemplate), "blueprintId"),
-			Entry("Project Scope", string(ScopeProject), "projectId"),
-			Entry("Environment Scope", string(ScopeEnvironment), "environmentId"),
-			Entry("Project Scope", string(ScopeDeploymentLog), "deploymentLogId"),
-		)
 	})
 })

client/environment.go

@@ -118,6 +118,7 @@ type Environment struct {
 	BlueprintId                 string        `json:"blueprintId" tfschema:"-"`
 	IsRemoteBackend             *bool         `json:"isRemoteBackend" tfschema:"-"`
 	IsArchived                  *bool         `json:"isArchived" tfschema:"-"`
+	IsRemoteApplyEnabled        bool          `json:"isRemoteApplyEnabled"`
 }
 
 type EnvironmentCreate struct {
@@ -186,6 +187,7 @@ type EnvironmentUpdate struct {
 	AutoDeployOnPathChangesOnly *bool  `json:"autoDeployOnPathChangesOnly,omitempty" tfschema:"-"`
 	IsRemoteBackend             *bool  `json:"isRemoteBackend,omitempty" tfschema:"-"`
 	IsArchived                  *bool  `json:"isArchived,omitempty" tfschema:"-"`
+	IsRemoteApplyEnabled        bool   `json:"isRemoteApplyEnabled"`
 }
 
 type EnvironmentDeployResponse struct {

docs/data-sources/aws_oidc_credentials.md

@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "env0_aws_oidc_credentials Data Source - terraform-provider-env0"
+subcategory: ""
+description: |-
+  
+---
+
+# env0_aws_oidc_credentials (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+resource "env0_aws_oidc_credentials" "example" {
+  name     = "name"
+  role_arn = "role_arn"
+}
+
+data "env0_aws_oidc_credentials" "by_id" {
+  id = env0_aws_oidc_credentials.example.id
+}
+
+data "env0_aws_oidc_credentials" "by_name" {
+  name = env0_aws_oidc_credentials.example.name
+}
+
+output "oidc_sub" {
+  value = data.env0_aws_oidc_credentials.by_name.oidc_sub
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `id` (String) the id of the aws oidc credentials
+- `name` (String) the name of the aws oidc credentials
+
+### Read-Only
+
+- `oidc_sub` (String) the jwt oidc sub

docs/data-sources/project.md

@@ -16,6 +16,16 @@ description: |-
 data "env0_project" "default_project" {
   name = "Default Organization Project"
 }
+
+data "env0_project" "with_parent_name_filter" {
+  name                = "Default Organization Project"
+  parent_project_name = "parent projet name"
+}
+
+data "env0_project" "with_parent_id_filter" {
+  name              = "Default Organization Project"
+  parent_project_id = "parent-projet-id"
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -25,11 +35,11 @@ data "env0_project" "default_project" {
 
 - `id` (String) id of the project
 - `name` (String) the name of the project
-- `parent_project_name` (String) the name of the parent project. Can be used when there are multiple subprojects with the same name under different parent projects
+- `parent_project_id` (String) the id of the parent project. Can be used as a filter when there are multiple subprojects with the same name under different parent projects
+- `parent_project_name` (String) the name of the parent project. Can be used as a filter when there are multiple subprojects with the same name under different parent projects
 
 ### Read-Only
 
 - `created_by` (String) textual description of the entity who created the project
 - `description` (String) textual description of the project
-- `parent_project_id` (String) if the project is a sub-project, returns the parent of this sub-project
 - `role` (String) role of the authenticated user (through api key) in the project

docs/resources/custom_role.md

@@ -28,7 +28,7 @@ resource "env0_custom_role" "custom_role_example" {
 ### Required
 
 - `name` (String) The name of the custom role
-- `permissions` (List of String) A list of permissions assigned to the role. Allowed values: (allowed values: VIEW_ORGANIZATION, EDIT_ORGANIZATION_SETTINGS, CREATE_AND_EDIT_TEMPLATES, CREATE_AND_EDIT_MODULES, CREATE_PROJECT, VIEW_PROJECT, EDIT_PROJECT_SETTINGS, MANAGE_PROJECT_TEMPLATES, EDIT_ENVIRONMENT_SETTINGS, ARCHIVE_ENVIRONMENT, OVERRIDE_MAX_TTL, CREATE_CROSS_PROJECT_ENVIRONMENTS, OVERRIDE_MAX_ENVIRONMENT_PROJECT_LIMITS, RUN_PLAN, RUN_APPLY, ABORT_DEPLOYMENT, RUN_TASK, CREATE_CUSTOM_ROLES, VIEW_DASHBOARD, VIEW_MODULES, READ_STATE, WRITE_STATE, FORCE_UNLOCK_WORKSPACE, MANAGE_BILLING, VIEW_AUDIT_LOGS, MANAGE_ENVIRONMENT_LOCK, CREATE_VCS_ENVIRONMENT, CREATE_AND_EDIT_PROVIDERS, VIEW_PROVIDERS, VIEW_ENVIRONMENT, ASSIGN_ROLE_ON_ENVIRONMENT)
+- `permissions` (List of String) A list of permissions assigned to the role. Allowed values: (allowed values: VIEW_ORGANIZATION, EDIT_ORGANIZATION_SETTINGS, CREATE_AND_EDIT_TEMPLATES, CREATE_AND_EDIT_MODULES, CREATE_PROJECT, VIEW_PROJECT, EDIT_PROJECT_SETTINGS, MANAGE_PROJECT_TEMPLATES, EDIT_ENVIRONMENT_SETTINGS, ARCHIVE_ENVIRONMENT, OVERRIDE_MAX_TTL, CREATE_CROSS_PROJECT_ENVIRONMENTS, OVERRIDE_MAX_ENVIRONMENT_PROJECT_LIMITS, RUN_PLAN, RUN_APPLY, ABORT_DEPLOYMENT, RUN_TASK, CREATE_CUSTOM_ROLES, VIEW_DASHBOARD, VIEW_MODULES, READ_STATE, WRITE_STATE, FORCE_UNLOCK_WORKSPACE, MANAGE_BILLING, VIEW_AUDIT_LOGS, MANAGE_ENVIRONMENT_LOCK, CREATE_VCS_ENVIRONMENT, CREATE_AND_EDIT_PROVIDERS, VIEW_PROVIDERS, VIEW_ENVIRONMENT, ASSIGN_ROLE_ON_ENVIRONMENT, EDIT_ALLOW_REMOTE_APPLY)
 
 ### Optional
 

docs/resources/environment.md

@@ -69,6 +69,7 @@ If true must specify one of the following - 'github_installation_id' if using Gi
 - `force_destroy` (Boolean) Destroy safeguard. Must be enabled before delete/destroy
 - `id` (String) the environment's id
 - `is_inactive` (Boolean) If 'true', it marks the environment as inactive. It can be re-activated by setting it to 'false' or removing this field.
+- `is_remote_apply_enabled` (Boolean) enables remote apply when set to true (defaults to false). Can only be enabled when is_remote_backend and approve_plan_automatically are enabled. Can only enabled for an existing environment
 - `is_remote_backend` (Boolean) should use remote backend
 - `output` (String) the deployment log output. Returns a json string. It can be either a map of key-value, or an array of (in case of Terragrunt run-all) of moduleName and a map of key-value. Note: if the deployment is still in progress returns 'null'
 - `revision` (String) the revision the environment is to be run against

env0/data_aws_oidc_credentials.go

@@ -0,0 +1,66 @@
+package env0
+
+import (
+	"context"
+
+	"github.com/env0/terraform-provider-env0/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataAwsOidcCredentials() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataAwsOidcCredentialRead,
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Description:  "the name of the aws oidc credentials",
+				Optional:     true,
+				ExactlyOneOf: []string{"name", "id"},
+			},
+			"id": {
+				Type:         schema.TypeString,
+				Description:  "the id of the aws oidc credentials",
+				Optional:     true,
+				ExactlyOneOf: []string{"name", "id"},
+			},
+			"oidc_sub": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "the jwt oidc sub",
+			},
+		},
+	}
+}
+
+func dataAwsOidcCredentialRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var credentials client.Credentials
+	var err error
+
+	id, ok := d.GetOk("id")
+	if ok {
+		credentials, err = getCredentialsById(id.(string), credentialsTypeToPrefixList[AWS_OIDC_TYPE], meta)
+	} else {
+		credentials, err = getCredentialsByName(d.Get("name").(string), credentialsTypeToPrefixList[AWS_OIDC_TYPE], meta)
+	}
+
+	if err != nil {
+		return DataGetFailure("aws oidc credentials", id, err)
+	}
+
+	if err := writeResourceData(&credentials, d); err != nil {
+		return diag.Errorf("schema resource data serialization failed: %v", err)
+	}
+
+	apiClient := meta.(client.ApiClientInterface)
+
+	oidcSub, err := apiClient.OidcSub()
+	if err != nil {
+		return diag.Errorf("failed to get oidc sub: %v", err)
+	}
+
+	d.Set("oidc_sub", oidcSub)
+
+	return nil
+}