diff --git a/README.md b/README.md index 376679f..ddc60b3 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,10 @@ Creates a new cloud.gov space, such as when creating an egress space, and output `managers`, `developers`, and `deployers` are all optional, but you probably want to set at least one of them, depending on your use case. +* `managers` are granted the [Space Manager](https://docs.cloudfoundry.org/concepts/roles.html#activeroles) role +* `developers` are granted the [Space Developer](https://docs.cloudfoundry.org/concepts/roles.html#activeroles) role +* `deployers` are granted both manager and developer roles + ``` module "egress_space" { source = "github.com/18f/terraform-cloudgov//cg_space?ref=v1.0.0" diff --git a/cg_space/tests/creation.tftest.hcl b/cg_space/tests/creation.tftest.hcl new file mode 100644 index 0000000..50a961a --- /dev/null +++ b/cg_space/tests/creation.tftest.hcl @@ -0,0 +1,87 @@ +mock_provider "cloudfoundry" { + override_data { + target = data.cloudfoundry_user.managers["user.manager@gsa.gov"] + values = { + id = "1e5143a4-aa47-483c-8352-557988d5cc7a" + } + } + override_data { + target = data.cloudfoundry_user.deployers["user.manager@gsa.gov"] + values = { + id = "1e5143a4-aa47-483c-8352-557988d5cc7a" + } + } + override_data { + target = data.cloudfoundry_user.developers["user.developer@gsa.gov"] + values = { + id = "2c945842-13ee-4383-84ad-34ecbcde5ce6" + } + } +} + +variables { + cf_org_name = "gsa-tts-devtools-prototyping" + cf_space_name = "terraform-cloudgov-ci-tests-egress" +} + +run "test_space_creation" { + assert { + condition = cloudfoundry_space.space.id == output.space_id + error_message = "Space ID output must match the new space" + } + + assert { + condition = cloudfoundry_space.space.name == var.cf_space_name + error_message = "Space name should match the cf_space_name variable" + } +} + +run "test_manager_only" { + variables { + managers = ["user.manager@gsa.gov"] + } + + assert { + condition = cloudfoundry_space_users.space_permissions.managers == toset(["1e5143a4-aa47-483c-8352-557988d5cc7a"]) + error_message = "Should be able to set Space Managers" + } + + assert { + condition = length(cloudfoundry_space_users.space_permissions.developers) == 0 + error_message = "Should not have set any Space Developers" + } +} + +run "test_individual_permissions" { + variables { + managers = ["user.manager@gsa.gov"] + developers = ["user.developer@gsa.gov"] + } + + assert { + condition = cloudfoundry_space_users.space_permissions.managers == toset(["1e5143a4-aa47-483c-8352-557988d5cc7a"]) + error_message = "Should be able to set Space Managers" + } + + assert { + condition = cloudfoundry_space_users.space_permissions.developers == toset(["2c945842-13ee-4383-84ad-34ecbcde5ce6"]) + error_message = "Should be able to set Space Developers" + } +} + +run "test_deployer_permissions" { + variables { + developers = ["user.developer@gsa.gov"] + deployers = ["user.manager@gsa.gov"] + } + + assert { + condition = cloudfoundry_space_users.space_permissions.managers == toset(["1e5143a4-aa47-483c-8352-557988d5cc7a"]) + error_message = "Should be able to set Space Managers via var.deployers" + } + + assert { + condition = cloudfoundry_space_users.space_permissions.developers == toset(["2c945842-13ee-4383-84ad-34ecbcde5ce6", "1e5143a4-aa47-483c-8352-557988d5cc7a"]) + error_message = "Should set Space Developers to var.developers + var.deployers" + } +}