From f7dd910a2f27e8aedaf014dd8f58786a99ba6aff Mon Sep 17 00:00:00 2001
From: Gavin Bunney <gavin.bunney@gmail.com>
Date: Fri, 11 Oct 2019 08:39:18 -0700
Subject: [PATCH] Added `resource.bitbucketserver_global_permissions_group` and
 `resource.bitbucketserver_global_permissions_user`

---
 README.md                                     | 39 ++++++++
 bitbucket/provider.go                         |  2 +
 .../resource_global_permissions_group.go      | 93 +++++++++++++++++++
 .../resource_global_permissions_group_test.go | 39 ++++++++
 bitbucket/resource_global_permissions_user.go | 93 +++++++++++++++++++
 .../resource_global_permissions_user_test.go  | 41 ++++++++
 6 files changed, 307 insertions(+)
 create mode 100644 bitbucket/resource_global_permissions_group.go
 create mode 100644 bitbucket/resource_global_permissions_group_test.go
 create mode 100644 bitbucket/resource_global_permissions_user.go
 create mode 100644 bitbucket/resource_global_permissions_user_test.go

diff --git a/README.md b/README.md
index 7a60269..7a3fffc 100644
--- a/README.md
+++ b/README.md
@@ -207,6 +207,45 @@ $ terraform import bitbucketserver_user_group.browncoat mreynolds/browncoats
 ```
 
 
+### Assign Global Permissions for Group
+
+```hcl
+resource "bitbucketserver_global_permissions_group" "test" {
+  project = "TEST"
+  group = "stash-users"
+  permission = "ADMIN"
+}
+```
+
+* `group` - Required. Name of the group permissions are for.
+* `permission` - Required. The permission to grant. Available project permissions are: `LICENSED_USER`, `PROJECT_CREATE`, `ADMIN`, `SYS_ADMIN`
+
+#### Import Global Group Permissions
+
+```bash
+$ terraform import bitbucketserver_global_permissions_group.test my-group
+```
+
+
+### Assign Global Permissions for User
+
+```hcl
+resource "bitbucketserver_project_permissions_user" "test" {
+  user = "admin"
+  permission = "ADMIN"
+}
+```
+
+* `user` - Required. Name of the user permissions are for.
+* `permission` - Required. The permission to grant. Available project permissions are: `LICENSED_USER`, `PROJECT_CREATE`, `ADMIN`, `SYS_ADMIN`
+
+#### Import Global Group Permissions
+
+```bash
+$ terraform import bitbucketserver_global_permissions_user.test my-user
+```
+
+
 ### Set Server License
 
 ```hcl
diff --git a/bitbucket/provider.go b/bitbucket/provider.go
index 028ae21..3fd91b6 100644
--- a/bitbucket/provider.go
+++ b/bitbucket/provider.go
@@ -38,6 +38,8 @@ func Provider() terraform.ResourceProvider {
 			"bitbucketserver_project_permissions_users":  dataSourceProjectPermissionsUsers(),
 		},
 		ResourcesMap: map[string]*schema.Resource{
+			"bitbucketserver_global_permissions_group":  resourceGlobalPermissionsGroup(),
+			"bitbucketserver_global_permissions_user":   resourceGlobalPermissionsUser(),
 			"bitbucketserver_group":                     resourceGroup(),
 			"bitbucketserver_license":                   resourceLicense(),
 			"bitbucketserver_mail_server":               resourceMailServer(),
diff --git a/bitbucket/resource_global_permissions_group.go b/bitbucket/resource_global_permissions_group.go
new file mode 100644
index 0000000..bcf0ffd
--- /dev/null
+++ b/bitbucket/resource_global_permissions_group.go
@@ -0,0 +1,93 @@
+package bitbucket
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+	"net/url"
+)
+
+func resourceGlobalPermissionsGroup() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceGlobalPermissionsGroupCreate,
+		Update: resourceGlobalPermissionsGroupUpdate,
+		Read:   resourceGlobalPermissionsGroupRead,
+		Delete: resourceGlobalPermissionsGroupDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"group": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"permission": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringInSlice([]string{"LICENSED_USER", "PROJECT_CREATE", "ADMIN", "SYS_ADMIN"}, false),
+			},
+		},
+	}
+}
+
+func resourceGlobalPermissionsGroupUpdate(d *schema.ResourceData, m interface{}) error {
+	client := m.(*BitbucketClient)
+	_, err := client.Put(fmt.Sprintf("/rest/api/1.0/admin/permissions/groups?permission=%s&name=%s",
+		url.QueryEscape(d.Get("permission").(string)),
+		url.QueryEscape(d.Get("group").(string)),
+	), nil)
+
+	if err != nil {
+		return err
+	}
+
+	return resourceGlobalPermissionsGroupRead(d, m)
+}
+
+func resourceGlobalPermissionsGroupCreate(d *schema.ResourceData, m interface{}) error {
+	err := resourceGlobalPermissionsGroupUpdate(d, m)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(d.Get("group").(string))
+	return resourceGlobalPermissionsGroupRead(d, m)
+}
+
+func resourceGlobalPermissionsGroupRead(d *schema.ResourceData, m interface{}) error {
+	id := d.Id()
+	if id != "" {
+		_ = d.Set("group", id)
+	}
+
+	group := d.Get("group").(string)
+	groups, err := readGlobalPermissionsGroups(m, group)
+	if err != nil {
+		return err
+	}
+
+	// API only filters but we need to find an exact match
+	for _, g := range groups {
+		if g.Name == group {
+			_ = d.Set("permission", g.Permission)
+			break
+		}
+	}
+
+	return nil
+}
+
+func resourceGlobalPermissionsGroupDelete(d *schema.ResourceData, m interface{}) error {
+	client := m.(*BitbucketClient)
+	_, err := client.Delete(fmt.Sprintf("/rest/api/1.0/admin/permissions/groups?name=%s",
+		url.QueryEscape(d.Get("group").(string)),
+	))
+
+	if err != nil {
+		return err
+	}
+
+	return resourceGlobalPermissionsGroupRead(d, m)
+}
diff --git a/bitbucket/resource_global_permissions_group_test.go b/bitbucket/resource_global_permissions_group_test.go
new file mode 100644
index 0000000..15ce113
--- /dev/null
+++ b/bitbucket/resource_global_permissions_group_test.go
@@ -0,0 +1,39 @@
+package bitbucket
+
+import (
+	"fmt"
+	"math/rand"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccBitbucketResourceGlobalPermissionsGroup(t *testing.T) {
+	groupName := fmt.Sprintf("test-group-%v", rand.New(rand.NewSource(time.Now().UnixNano())).Int())
+	config := fmt.Sprintf(`
+		resource "bitbucketserver_group" "test" {
+			name = "%v"
+		}
+
+		resource "bitbucketserver_global_permissions_group" "test" {
+			group = bitbucketserver_group.test.name
+			permission = "ADMIN"
+		}
+	`, groupName)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("bitbucketserver_global_permissions_group.test", "id", groupName),
+					resource.TestCheckResourceAttr("bitbucketserver_global_permissions_group.test", "group", groupName),
+					resource.TestCheckResourceAttr("bitbucketserver_global_permissions_group.test", "permission", "ADMIN"),
+				),
+			},
+		},
+	})
+}
diff --git a/bitbucket/resource_global_permissions_user.go b/bitbucket/resource_global_permissions_user.go
new file mode 100644
index 0000000..70ce761
--- /dev/null
+++ b/bitbucket/resource_global_permissions_user.go
@@ -0,0 +1,93 @@
+package bitbucket
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+	"net/url"
+)
+
+func resourceGlobalPermissionsUser() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceGlobalPermissionsUserCreate,
+		Update: resourceGlobalPermissionsUserUpdate,
+		Read:   resourceGlobalPermissionsUserRead,
+		Delete: resourceGlobalPermissionsUserDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"user": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"permission": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringInSlice([]string{"LICENSED_USER", "PROJECT_CREATE", "ADMIN", "SYS_ADMIN"}, false),
+			},
+		},
+	}
+}
+
+func resourceGlobalPermissionsUserUpdate(d *schema.ResourceData, m interface{}) error {
+	client := m.(*BitbucketClient)
+	_, err := client.Put(fmt.Sprintf("/rest/api/1.0/admin/permissions/users?permission=%s&name=%s",
+		url.QueryEscape(d.Get("permission").(string)),
+		url.QueryEscape(d.Get("user").(string)),
+	), nil)
+
+	if err != nil {
+		return err
+	}
+
+	return resourceGlobalPermissionsUserRead(d, m)
+}
+
+func resourceGlobalPermissionsUserCreate(d *schema.ResourceData, m interface{}) error {
+	err := resourceGlobalPermissionsUserUpdate(d, m)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(d.Get("user").(string))
+	return resourceGlobalPermissionsUserRead(d, m)
+}
+
+func resourceGlobalPermissionsUserRead(d *schema.ResourceData, m interface{}) error {
+	id := d.Id()
+	if id != "" {
+		_ = d.Set("user", id)
+	}
+
+	user := d.Get("user").(string)
+	users, err := readGlobalPermissionsUsers(m, user)
+	if err != nil {
+		return err
+	}
+
+	// API only filters but we need to find an exact match
+	for _, g := range users {
+		if g.Name == user {
+			d.Set("permission", g.Permission)
+			break
+		}
+	}
+
+	return nil
+}
+
+func resourceGlobalPermissionsUserDelete(d *schema.ResourceData, m interface{}) error {
+	client := m.(*BitbucketClient)
+	_, err := client.Delete(fmt.Sprintf("/rest/api/1.0/admin/permissions/users?name=%s",
+		url.QueryEscape(d.Get("user").(string)),
+	))
+
+	if err != nil {
+		return err
+	}
+
+	return resourceGlobalPermissionsUserRead(d, m)
+}
diff --git a/bitbucket/resource_global_permissions_user_test.go b/bitbucket/resource_global_permissions_user_test.go
new file mode 100644
index 0000000..1ed54a9
--- /dev/null
+++ b/bitbucket/resource_global_permissions_user_test.go
@@ -0,0 +1,41 @@
+package bitbucket
+
+import (
+	"fmt"
+	"math/rand"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccBitbucketResourceGlobalPermissionsUser(t *testing.T) {
+	user := fmt.Sprintf("test-%v", rand.New(rand.NewSource(time.Now().UnixNano())).Int())
+	config := fmt.Sprintf(`
+		resource "bitbucketserver_user" "test" {
+		  name          = "%v"
+		  display_name  = "Test User"
+		  email_address = "test@example.com"
+		}
+
+		resource "bitbucketserver_global_permissions_user" "test" {
+			user = bitbucketserver_user.test.name
+			permission = "SYS_ADMIN"
+		}
+	`, user)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("bitbucketserver_global_permissions_user.test", "id", user),
+					resource.TestCheckResourceAttr("bitbucketserver_global_permissions_user.test", "user", user),
+					resource.TestCheckResourceAttr("bitbucketserver_global_permissions_user.test", "permission", "SYS_ADMIN"),
+				),
+			},
+		},
+	})
+}