Skip to content

feat(authorization): refactor role_assignment resource and implement folder assignment #1058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
h3adex wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(authorization): refactor role_assignment resource and implement folder assignment #1058

h3adex wants to merge 3 commits into from

Conversation

@h3adex
Copy link
Contributor

@h3adex h3adex commented Nov 14, 2025
edited
Loading

Description

This PR refactors stackit_authorization_{project,folder,organization}_role_assignment resources to align with our coding standards and adds tests for resource.go and utils.go. It also adds the capability to add role assignments to Folder.

E2E Results:
Screenshot 2025-11-14 at 11 09 06

Required ENV:
TF_ACC=1
TF_ACC_REGION=eu01
TF_ACC_ORGANIZATION_ID=xxxx
STACKIT_SERVICE_ACCOUNT_TOKEN=ey..
TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_EMAIL=terraform-xxxx@sa.stackit.cloud

Manual Tests:

locals {
  org_id      = "xxxx"
  owner_email = "terraform-xxxx@sa.stackit.cloud"
}

resource "stackit_resourcemanager_folder" "folder" {
  parent_container_id = local.org_id
  name                = "e2e-test-folder"
  owner_email         = local.owner_email
}

resource "stackit_resourcemanager_project" "project" {
  parent_container_id = local.org_id
  name                = "e2e-test-folder"
  owner_email         = local.owner_email
}

resource "stackit_authorization_folder_role_assignment" "fra" {
  resource_id = stackit_resourcemanager_folder.folder.folder_id
  role        = "editor"
  subject     = local.owner_email
}

resource "stackit_authorization_folder_role_assignment" "fra_duplicate" {
  resource_id = stackit_resourcemanager_folder.folder.folder_id
  role        = "editor"
  subject     = local.owner_email
}

resource "stackit_authorization_project_role_assignment" "pra" {
  resource_id = stackit_resourcemanager_project.project.project_id
  role        = "reader"
  subject     = local.owner_email
}

resource "stackit_authorization_organization_role_assignment" "ora" {
  resource_id = local.org_id
  role        = "iaas.project.admin"
  subject     = local.owner_email
}

Checklist

  • Issue was linked above
  • Code format was applied: make fmt
  • Examples were added / adjusted (see examples/ directory)
  • Docs are up-to-date: make generate-docs (will be checked by CI)
  • Unit tests got implemented or updated
  • Acceptance tests got implemented or updated (see e.g. here)
  • Unit tests are passing: make test (will be checked by CI)
  • No linter issues: make lint (will be checked by CI)

@h3adex h3adex requested a review from a team as a code owner November 14, 2025 10:18
@h3adex h3adex changed the title feat(authorization): implement folder_role_assignment resource feat(authorization): refactor and implement folder for role_assignment resource Nov 14, 2025
@h3adex h3adex force-pushed the feat/implement-folder-role-assignments branch 3 times, most recently from e8415a6 to 5634558 Compare November 14, 2025 11:27
@h3adex h3adex changed the title feat(authorization): refactor and implement folder for role_assignment resource feat(authorization): refactor role_assignment resource and implement folder assignment Nov 14, 2025
@h3adex h3adex mentioned this pull request Nov 20, 2025
Open
@github-actions
Copy link

github-actions bot commented Nov 25, 2025

This PR was marked as stale after 7 days of inactivity and will be closed after another 7 days of further inactivity. If this PR should be kept open, just add a comment, remove the stale label or push new commits to it.

@github-actions github-actions bot added the Stale PR is marked as stale due to inactivity. label Nov 25, 2025
@rubenhoenle rubenhoenle removed the Stale PR is marked as stale due to inactivity. label Nov 25, 2025
@h3adex h3adex force-pushed the feat/implement-folder-role-assignments branch from 5634558 to 977ef73 Compare December 2, 2025 07:52
@h3adex h3adex mentioned this pull request Dec 3, 2025
Open
8 tasks
This was referenced Dec 9, 2025
Open
Open
@github-actions
Copy link

github-actions bot commented Dec 10, 2025

This PR was marked as stale after 7 days of inactivity and will be closed after another 7 days of further inactivity. If this PR should be kept open, just add a comment, remove the stale label or push new commits to it.

@github-actions github-actions bot added the Stale PR is marked as stale due to inactivity. label Dec 10, 2025
@rubenhoenle rubenhoenle removed the Stale PR is marked as stale due to inactivity. label Dec 16, 2025
@h3adex
feat(authorization): implement folder_role_assignment resource
b8991b7 
Signed-off-by: Mauritz Uphoff <mauritz.uphoff@stackit.cloud>
@h3adex h3adex force-pushed the feat/implement-folder-role-assignments branch from 977ef73 to 8307a83 Compare January 21, 2026 12:33
@h3adex h3adex requested a review from GokceGK January 21, 2026 12:39
h3adex
h3adex commented Jan 21, 2026
View reviewed changes
stackit/internal/services/authorization/roleassignments/resource.go
return errRoleAssignmentNotFound
}

// Prevent creating duplicate <resource_id, role, subject> assignments.
Copy link
Contributor Author

@h3adex h3adex Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrote a comment above the function to keep everyone aware working on this resource

@h3adex
review changes
cad266e 
Signed-off-by: Mauritz Uphoff <mauritz.uphoff@stackit.cloud>
@h3adex h3adex force-pushed the feat/implement-folder-role-assignments branch from 8307a83 to cad266e Compare January 21, 2026 12:41
@h3adex
use helper func
2b60ff8 
Signed-off-by: Mauritz Uphoff <mauritz.uphoff@stackit.cloud>
@h3adex h3adex force-pushed the feat/implement-folder-role-assignments branch from 9078ee6 to 2b60ff8 Compare January 21, 2026 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GokceGK GokceGK Awaiting requested review from GokceGK

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

has internal tracking issue ignore-stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@h3adex @GokceGK @rubenhoenle @marceljk