Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom roles in env0_api_key #1009

Open
PawelTopors opened this issue Jan 31, 2025 · 3 comments · May be fixed by #1010
Open

Support custom roles in env0_api_key #1009

PawelTopors opened this issue Jan 31, 2025 · 3 comments · May be fixed by #1010
Assignees
@TomerHeber
Labels
enhancement New feature or request

Comments

@PawelTopors
Copy link

PawelTopors commented Jan 31, 2025
edited
Loading

Is your feature request related to a problem? Please describe.
env0_api_key resource allows defining only Admin or User roles under [organization_role] ((https://registry.terraform.io/providers/env0/env0/latest/docs/resources/api_key#organization_role-2), implementation. The API also supports custom roles and assignment of the token to the projects with permissions parameter.

We would like to request support of using env0_custom_role under organization_role and project permissions in the new block.

Describe the solution you'd like
env0_api_key should accept the same parameters as API and could look like this:

resource "env0_api_key" "this" {
  name              = "name"
  organization_role = "" # Admin, User or any custom role

  project_permissions {
      project_role = "Viewer" # Can be Viewer, Planner, Deployer, Admin
      project_id     = data.env0_project.project1.id
  }
  project_permissions {
      project_role = "Viewer"
      project_id     = data.env0_project..project2.id
  }
}

We want to use it in the following way:

resource "env0_custom_role" "this" {
  name = "Name"
  permissions = [...]
}

resource "env0_api_key" "this" {
  name              = "name"
  organization_role = env0_custom_role.this.id

  project_permissions {
      project_role = "Viewer"
      project_id     = data.env0_project.project1.id
  }
  project_permissions {
      project_role = "Viewer"
      project_id     = data.env0_project..project2.id
  }
}

Important, when organization_role is not Admin or User, at least one project_permissions block is required.

Describe alternatives you've considered

Additional context
@PawelTopors PawelTopors added the enhancement New feature or request label Jan 31, 2025
@TomerHeber TomerHeber self-assigned this Feb 4, 2025
@TomerHeber
Copy link
Collaborator

Hi @PawelTopors - thank you for reporting this.
I will review and pick this up.

@TomerHeber
Copy link
Collaborator

@PawelTopors

Important, when organization_role is not Admin or User, at least one project_permissions block is required.

This is not enforced in the UI. I prefer to align with the UI experience.
Please let me know if you have any concerns.

@TomerHeber TomerHeber linked a pull request Feb 8, 2025 that will close this issue
Open
@PawelTopors
Copy link
Author

@PawelTopors

Important, when organization_role is not Admin or User, at least one project_permissions block is required.

This is not enforced in the UI. I prefer to align with the UI experience. Please let me know if you have any concerns.

I am okay with that 👌 Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TomerHeber TomerHeber

Labels
enhancement New feature or request
Projects
Ongoing Issues
Status: To do
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat: support custom roles in env0_api_key env0/terraform-provider-env0
2 participants
@TomerHeber @PawelTopors