AthenZ · havetisyan · Dec 3, 2024 · Nov 21, 2024
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,8 @@
+v1.0.46 Release / Nov 21, 2024
+------------------------------
+- Support notifyDetails attribute for athenz_role and athenz_group resources
+- Support slackChannel attribute for athenz_domain resource
+
 v1.0.45 Release / Nov 08, 2024
 ------------------------------
 - Update athenz_role and athenz_group resources to correctly update last-reviewed timestamp

diff --git a/athenz/data_source_all_domain_details.go b/athenz/data_source_all_domain_details.go
@@ -101,6 +101,11 @@ func DataSourceAllDomainDetails() *schema.Resource {
 				Description: "associated business service with domain",
 				Optional:    true,
 			},
+			"slack_channel": {
+				Type:        schema.TypeString,
+				Description: "associated slack channel for notifications",
+				Optional:    true,
+			},
 			"environment": {
 				Type:        schema.TypeString,
 				Description: "string specifying the environment this domain is used in (production, staging, etc.)",
@@ -219,6 +224,9 @@ func dataSourceAllDomainDetailsRead(ctx context.Context, d *schema.ResourceData,
 	if domain.BusinessService != "" {
 		d.Set("business_service", domain.BusinessService)
 	}
+	if domain.SlackChannel != "" {
+		d.Set("slack_channel", domain.SlackChannel)
+	}
 	if domain.Environment != "" {
 		d.Set("environment", domain.Environment)
 	}

diff --git a/athenz/data_source_group.go b/athenz/data_source_group.go
@@ -112,6 +112,11 @@ func DataSourceGroup() *schema.Resource {
 				Optional: true,
 				Default:  "",
 			},
+			"notify_details": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "",
+			},
 			"last_reviewed_date": {
 				Type:        schema.TypeString,
 				Description: "Last reviewed date for the group",
@@ -217,6 +222,11 @@ func dataSourceGroupRead(_ context.Context, d *schema.ResourceData, meta interfa
 			return diag.FromErr(err)
 		}
 	}
+	if group.NotifyDetails != "" {
+		if err = d.Set("notify_details", group.NotifyDetails); err != nil {
+			return diag.FromErr(err)
+		}
+	}
 	if group.LastReviewedDate != nil {
 		if err = d.Set("last_reviewed_date", timestampToString(group.LastReviewedDate)); err != nil {
 			return diag.FromErr(err)

diff --git a/athenz/data_source_role.go b/athenz/data_source_role.go
@@ -136,6 +136,11 @@ func dataSourceRoleRead(_ context.Context, d *schema.ResourceData, meta interfac
 			return diag.FromErr(err)
 		}
 	}
+	if role.NotifyDetails != "" {
+		if err = d.Set("notify_details", role.NotifyDetails); err != nil {
+			return diag.FromErr(err)
+		}
+	}
 	if role.Trust != "" {
 		if err = d.Set("trust", string(role.Trust)); err != nil {
 			return diag.FromErr(err)

diff --git a/athenz/resource_domain_meta.go b/athenz/resource_domain_meta.go
@@ -90,6 +90,11 @@ func ResourceDomainMeta() *schema.Resource {
 				Description: "associated business service with domain",
 				Optional:    true,
 			},
+			"slack_channel": {
+				Type:        schema.TypeString,
+				Description: "associated slack channel for notifications",
+				Optional:    true,
+			},
 			"environment": {
 				Type:        schema.TypeString,
 				Description: "string specifying the environment this domain is used in (production, staging, etc.)",
@@ -183,6 +188,9 @@ func resourceDomainMetaRead(_ context.Context, d *schema.ResourceData, meta inte
 	if err = d.Set("business_service", domain.BusinessService); err != nil {
 		return diag.FromErr(err)
 	}
+	if err = d.Set("slack_channel", domain.SlackChannel); err != nil {
+		return diag.FromErr(err)
+	}
 	if err = d.Set("environment", domain.Environment); err != nil {
 		return diag.FromErr(err)
 	}
@@ -221,6 +229,7 @@ func resourceDomainMetaDelete(_ context.Context, d *schema.ResourceData, meta in
 		MemberPurgeExpiryDays: &zero,
 		UserAuthorityFilter:   "",
 		BusinessService:       "",
+		SlackChannel:          "",
 		Tags:                  make(map[zms.TagKey]*zms.TagValueList),
 		Contacts:              make(map[zms.SimpleName]string),
 	}
@@ -259,13 +268,15 @@ func updateDomainMeta(zmsClient client.ZmsClient, dn string, d *schema.ResourceD
 		MemberPurgeExpiryDays: domain.MemberPurgeExpiryDays,
 		UserAuthorityFilter:   domain.UserAuthorityFilter,
 		BusinessService:       domain.BusinessService,
+		SlackChannel:          domain.SlackChannel,
 		Tags:                  domain.Tags,
 		Contacts:              domain.Contacts,
 	}
 	domainMeta.Description = d.Get("description").(string)
 	domainMeta.ApplicationId = d.Get("application_id").(string)
 	domainMeta.UserAuthorityFilter = d.Get("user_authority_filter").(string)
 	domainMeta.BusinessService = d.Get("business_service").(string)
+	domainMeta.SlackChannel = d.Get("slack_channel").(string)
 	domainMeta.Environment = d.Get("environment").(string)
 	if d.HasChange("user_expiry_days") {
 		memberExpiryDays := int32(d.Get("user_expiry_days").(int))

diff --git a/athenz/resource_domain_meta_test.go b/athenz/resource_domain_meta_test.go
@@ -42,6 +42,7 @@ func TestAccGroupDomainMetaBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "service_cert_expiry_mins", "10"),
 					resource.TestCheckResourceAttr(resourceName, "member_purge_expiry_days", "25"),
 					resource.TestCheckResourceAttr(resourceName, "business_service", "test-service"),
+					resource.TestCheckResourceAttr(resourceName, "slack_channel", "athenz"),
 					resource.TestCheckResourceAttr(resourceName, "environment", "production"),
 					resource.TestCheckResourceAttr(resourceName, "contacts.security-contact", "user.joe"),
 					resource.TestCheckResourceAttr(resourceName, "contacts.pe-contact", "user.jack"),
@@ -71,6 +72,7 @@ func cleanAccTestDomainMeta(domainName string) {
 			MemberPurgeExpiryDays: &zero,
 			UserAuthorityFilter:   "",
 			BusinessService:       "",
+			SlackChannel:          "",
 			Tags:                  make(map[zms.TagKey]*zms.TagValueList),
 			Contacts:              make(map[zms.SimpleName]string),
 		}
@@ -132,6 +134,7 @@ resource "athenz_domain_meta" "test_domain_meta" {
   service_cert_expiry_mins = 10
   member_purge_expiry_days = 25
   business_service = "test-service"
+  slack_channel = "athenz"
   environment = "production"
   contacts = {
     "security-contact" = "user.joe",

diff --git a/athenz/resource_group.go b/athenz/resource_group.go
@@ -147,6 +147,10 @@ func ResourceGroup() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"notify_details": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"tags": {
 				Type:     schema.TypeMap,
 				Optional: true,
@@ -206,6 +210,7 @@ func resourceGroupCreate(ctx context.Context, d *schema.ResourceData, meta inter
 			reviewEnabled := d.Get("review_enabled").(bool)
 			group.ReviewEnabled = &reviewEnabled
 			group.NotifyRoles = d.Get("notify_roles").(string)
+			group.NotifyDetails = d.Get("notify_details").(string)
 			group.PrincipalDomainFilter = d.Get("principal_domain_filter").(string)
 			group.UserAuthorityFilter = d.Get("user_authority_filter").(string)
 			group.UserAuthorityExpiration = d.Get("user_authority_expiration").(string)
@@ -336,6 +341,9 @@ func resourceGroupRead(_ context.Context, d *schema.ResourceData, meta interface
 	if err = d.Set("notify_roles", group.NotifyRoles); err != nil {
 		return diag.FromErr(err)
 	}
+	if err = d.Set("notify_details", group.NotifyDetails); err != nil {
+		return diag.FromErr(err)
+	}
 	if err = d.Set("principal_domain_filter", group.PrincipalDomainFilter); err != nil {
 		return diag.FromErr(err)
 	}
@@ -422,6 +430,9 @@ func resourceGroupUpdate(ctx context.Context, d *schema.ResourceData, meta inter
 	if d.HasChange("notify_roles") {
 		group.NotifyRoles = d.Get("notify_roles").(string)
 	}
+	if d.HasChange("notify_details") {
+		group.NotifyDetails = d.Get("notify_details").(string)
+	}
 	if d.HasChange("user_authority_filter") {
 		group.UserAuthorityFilter = d.Get("user_authority_filter").(string)
 	}

diff --git a/athenz/resource_group_meta.go b/athenz/resource_group_meta.go
@@ -94,6 +94,10 @@ func ResourceGroupMeta() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"notify_details": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"audit_ref": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -176,6 +180,7 @@ func updateGroupMeta(zmsClient client.ZmsClient, dn, gn string, d *schema.Resour
 		ServiceExpiryDays:       group.ServiceExpiryDays,
 		ReviewEnabled:           group.ReviewEnabled,
 		NotifyRoles:             group.NotifyRoles,
+		NotifyDetails:           group.NotifyDetails,
 		UserAuthorityFilter:     group.UserAuthorityFilter,
 		UserAuthorityExpiration: group.UserAuthorityExpiration,
 		Tags:                    group.Tags,
@@ -198,6 +203,7 @@ func updateGroupMeta(zmsClient client.ZmsClient, dn, gn string, d *schema.Resour
 	reviewEnabled := d.Get("review_enabled").(bool)
 	groupMeta.ReviewEnabled = &reviewEnabled
 	groupMeta.NotifyRoles = d.Get("notify_roles").(string)
+	groupMeta.NotifyDetails = d.Get("notify_details").(string)
 	groupMeta.PrincipalDomainFilter = d.Get("principal_domain_filter").(string)
 	groupMeta.UserAuthorityFilter = d.Get("user_authority_filter").(string)
 	groupMeta.UserAuthorityExpiration = d.Get("user_authority_expiration").(string)
@@ -253,6 +259,9 @@ func resourceGroupMetaRead(_ context.Context, d *schema.ResourceData, meta inter
 	if err = d.Set("notify_roles", group.NotifyRoles); err != nil {
 		return diag.FromErr(err)
 	}
+	if err = d.Set("notify_details", group.NotifyDetails); err != nil {
+		return diag.FromErr(err)
+	}
 	if err = d.Set("principal_domain_filter", group.PrincipalDomainFilter); err != nil {
 		return diag.FromErr(err)
 	}
@@ -325,6 +334,7 @@ func resourceGroupMetaDelete(_ context.Context, d *schema.ResourceData, meta int
 			ServiceExpiryDays:       &zero,
 			ReviewEnabled:           &disabled,
 			NotifyRoles:             "",
+			NotifyDetails:           "",
 			UserAuthorityFilter:     "",
 			UserAuthorityExpiration: "",
 			Tags:                    make(map[zms.TagKey]*zms.TagValueList),

diff --git a/athenz/resource_group_meta_test.go b/athenz/resource_group_meta_test.go
@@ -47,6 +47,7 @@ func TestAccGroupMetaBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "delete_protection", "true"),
 					resource.TestCheckResourceAttr(resourceName, "review_enabled", "true"),
 					resource.TestCheckResourceAttr(resourceName, "notify_roles", "admin,security"),
+					resource.TestCheckResourceAttr(resourceName, "notify_details", "notify details"),
 					resource.TestCheckResourceAttr(resourceName, "principal_domain_filter", "user,sys.auth"),
 					resource.TestCheckResourceAttr(resourceName, "tags.zms.DisableExpirationNotifications", "4"),
 					resource.TestCheckResourceAttr(resourceName, "audit_ref", "test audit ref"),
@@ -69,6 +70,7 @@ func cleanAccTestGroupMeta(domainName, groupName string) {
 			ServiceExpiryDays:       &zero,
 			ReviewEnabled:           &disabled,
 			NotifyRoles:             "",
+			NotifyDetails:           "",
 			UserAuthorityFilter:     "",
 			UserAuthorityExpiration: "",
 			Tags:                    make(map[zms.TagKey]*zms.TagValueList),
@@ -107,6 +109,9 @@ func testAccCheckGroupMetaExists(resource string) resource.TestCheckFunc {
 		if group.NotifyRoles == "" {
 			return fmt.Errorf("does not have notify roles set")
 		}
+		if group.NotifyDetails == "" {
+			return fmt.Errorf("does not have notify details set")
+		}
 		return nil
 	}
 }
@@ -127,7 +132,10 @@ func testAccCheckGroupMetaDestroy(s *terraform.State) error {
 			return err
 		}
 		if group.NotifyRoles != "" {
-			return fmt.Errorf("athenz group meta still exists")
+			return fmt.Errorf("athenz group meta notify roles still exists")
+		}
+		if group.NotifyDetails != "" {
+			return fmt.Errorf("athenz group meta notify details still exists")
 		}
 		_ = zmsClient.DeleteGroup(dn, gn, AUDIT_REF)
 	}
@@ -149,6 +157,7 @@ resource "athenz_group_meta" "test_group_meta" {
   delete_protection = true
   review_enabled = true
   notify_roles = "admin,security"
+  notify_details = "notify details"
   principal_domain_filter = "user,sys.auth"
   tags = {
     "zms.DisableExpirationNotifications" = "4"
@@ -191,6 +200,7 @@ func TestAccGroupMetaResourceStateDelete(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "delete_protection", "true"),
 					resource.TestCheckResourceAttr(resourceName, "review_enabled", "true"),
 					resource.TestCheckResourceAttr(resourceName, "notify_roles", "admin,security"),
+					resource.TestCheckResourceAttr(resourceName, "notify_details", "notify details"),
 					resource.TestCheckResourceAttr(resourceName, "principal_domain_filter", "user"),
 					resource.TestCheckResourceAttr(resourceName, "tags.zms.DisableExpirationNotifications", "4"),
 					resource.TestCheckResourceAttr(resourceName, "audit_ref", "test audit ref"),
@@ -244,6 +254,7 @@ resource "athenz_group_meta" "test_group_meta_delete" {
   delete_protection = true
   review_enabled = true
   notify_roles = "admin,security"
+  notify_details = "notify details"
   principal_domain_filter = "user"
   tags = {
     "zms.DisableExpirationNotifications" = "4"

diff --git a/athenz/resource_group_test.go b/athenz/resource_group_test.go
@@ -283,6 +283,7 @@ func TestAccGroupAllAttributes(t *testing.T) {
 					resource.TestCheckResourceAttr(resName, "delete_protection", "true"),
 					resource.TestCheckResourceAttr(resName, "review_enabled", "false"),
 					resource.TestCheckResourceAttr(resName, "notify_roles", "admin"),
+					resource.TestCheckResourceAttr(resName, "notify_details", "notify details"),
 					testAccCheckCorrectGroupSettings(resName, map[string]string{"user_expiry_days": "20", "max_members": "30"}),
 				),
 			},
@@ -302,6 +303,7 @@ func TestAccGroupAllAttributes(t *testing.T) {
 					resource.TestCheckResourceAttr(resName, "delete_protection", "false"),
 					resource.TestCheckResourceAttr(resName, "review_enabled", "false"),
 					resource.TestCheckResourceAttr(resName, "notify_roles", "admin"),
+					resource.TestCheckResourceAttr(resName, "notify_details", "notify details"),
 					testAccCheckCorrectGroupSettings(resName, map[string]string{"user_expiry_days": "15", "max_members": "20"}),
 				),
 			},
@@ -318,6 +320,7 @@ func TestAccGroupAllAttributes(t *testing.T) {
 					resource.TestCheckResourceAttr(resName, "delete_protection", "true"),
 					resource.TestCheckResourceAttr(resName, "review_enabled", "false"),
 					resource.TestCheckResourceAttr(resName, "notify_roles", ""),
+					resource.TestCheckResourceAttr(resName, "notify_details", ""),
 					resource.TestCheckResourceAttr(resName, "settings.#", "0"),
 				),
 			},
@@ -336,6 +339,7 @@ func TestAccGroupAllAttributes(t *testing.T) {
 					resource.TestCheckResourceAttr(resName, "delete_protection", "true"),
 					resource.TestCheckResourceAttr(resName, "review_enabled", "false"),
 					resource.TestCheckResourceAttr(resName, "notify_roles", ""),
+					resource.TestCheckResourceAttr(resName, "notify_details", ""),
 					resource.TestCheckResourceAttr(resName, "settings.#", "0"),
 				),
 			},
@@ -379,6 +383,7 @@ func TestAccGroupReviewEnabled(t *testing.T) {
 					resource.TestCheckResourceAttr(resName, "audit_ref", AUDIT_REF),
 					resource.TestCheckResourceAttr(resName, "review_enabled", "true"),
 					resource.TestCheckResourceAttr(resName, "notify_roles", "admin"),
+					resource.TestCheckResourceAttr(resName, "notify_details", "notify details"),
 				),
 			},
 		},
@@ -774,6 +779,7 @@ resource "athenz_group" "groupTest" {
   domain = "%s"
   review_enabled = true
   notify_roles = "admin"
+  notify_details = "notify details"
 }
 `, name, domain)
 }
@@ -801,6 +807,7 @@ resource "athenz_group" "groupTest" {
   delete_protection = true
   review_enabled = false
   notify_roles = "admin"
+  notify_details = "notify details"
 }
 `, name, domain, member1, domain)
 }
@@ -828,6 +835,7 @@ resource "athenz_group" "groupTest" {
   delete_protection = false
   review_enabled = false
   notify_roles = "admin"
+  notify_details = "notify details"
   audit_ref = "done by someone"
 }
 `, name, domain, member1, domain)

diff --git a/athenz/resource_role.go b/athenz/resource_role.go
@@ -184,6 +184,10 @@ func ResourceRole() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"notify_details": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"sign_algorithm": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -289,6 +293,7 @@ func resourceRoleCreate(ctx context.Context, d *schema.ResourceData, meta interf
 			reviewEnabled := d.Get("review_enabled").(bool)
 			role.ReviewEnabled = &reviewEnabled
 			role.NotifyRoles = d.Get("notify_roles").(string)
+			role.NotifyDetails = d.Get("notify_details").(string)
 			role.UserAuthorityFilter = d.Get("user_authority_filter").(string)
 			role.UserAuthorityExpiration = d.Get("user_authority_expiration").(string)
 			role.Description = d.Get("description").(string)
@@ -452,6 +457,9 @@ func resourceRoleRead(_ context.Context, d *schema.ResourceData, meta interface{
 	if err = d.Set("notify_roles", role.NotifyRoles); err != nil {
 		return diag.FromErr(err)
 	}
+	if err = d.Set("notify_details", role.NotifyDetails); err != nil {
+		return diag.FromErr(err)
+	}
 	if err = d.Set("principal_domain_filter", role.PrincipalDomainFilter); err != nil {
 		return diag.FromErr(err)
 	}
@@ -595,6 +603,9 @@ func resourceRoleUpdate(ctx context.Context, d *schema.ResourceData, meta interf
 	if d.HasChange("notify_roles") {
 		role.NotifyRoles = d.Get("notify_roles").(string)
 	}
+	if d.HasChange("notify_details") {
+		role.NotifyDetails = d.Get("notify_details").(string)
+	}
 	if d.HasChange("user_authority_filter") {
 		role.UserAuthorityFilter = d.Get("user_authority_filter").(string)
 	}