feat(workspack): add application group authorization resource

docs/resources/workspace_app_group_authorization.md

@@ -0,0 +1,80 @@
+---
+subcategory: "Workspace"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_workspace_app_group_authorization"
+description: |-
+  Manages an APP group authorization resource within HuaweiCloud.
+---
+
+# huaweicloud_workspace_app_group_authorization
+
+Manages an APP group authorization resource within HuaweiCloud.
+
+-> Deleting this resource will revoke authorization for the users or user groups.
+
+## Example Usage
+
+```hcl
+variable "app_group_id" {}
+variable "user_groups" {
+  type = list(object({
+    id   = string
+    name = string
+  }))
+}
+
+resource "huaweicloud_workspace_app_group_authorization" "test" {
+  app_group_id = var.app_group_id
+
+  dynamic "accounts" {
+    for_each = var.user_groups
+
+    content {
+      id      = accounts.value.id
+      account = accounts.value.name
+      type    = "USER_GROUP"
+    }
+  }
+}
+
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
+  If omitted, the provider-level region will be used.
+  Changing this creates a new resource.
+
+* `app_group_id` - (Required, String, ForceNew) Specifies the ID of the application group.
+  Changing this creates a new resource.
+
+* `accounts` - (Required, List, ForceNew) Specifies the list of the accounts to be authorized. The maximum length is `50`.
+  Changing this creates a new resource.  
+  The [accounts](#app_group_auth_accounts) structure is documented below.
+
+  -> If the parameter contains non-existent objects, the resource creation will fail, but the remaining existing objects
+     will be authorized successfully.
+
+<a name="app_group_auth_accounts"></a>
+The `accounts` block supports:
+
+* `id` - (Optional, String, ForceNew) Specifies the ID of the user (group).
+  Changing this creates a new resource.  
+  This parameter is required when `type` is set to **USER_GROUP**.
+
+* `account` - (Required, String, ForceNew) Specifies the name of the user (group).
+  Changing this creates a new resource.
+
+* `type` - (Required, String, ForceNew) Specifies the type of the object to be authorized.
+  Changing this creates a new resource.  
+  The valid values are as follows:
+  + **USER**:
+  + **USER_GROUP**:
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID (also `app_group_id`).

huaweicloud/provider.go

@@ -2025,17 +2025,18 @@ func Provider() *schema.Provider {
 			"huaweicloud_waf_instance_group_associate":            waf.ResourceWafInstGroupAssociate(),
 			"huaweicloud_waf_reference_table":                     waf.ResourceWafReferenceTableV1(),
 
-			"huaweicloud_workspace_app_group":         workspace.ResourceWorkspaceAppGroup(),
-			"huaweicloud_workspace_app_publishment":   workspace.ResourceAppPublishment(),
-			"huaweicloud_workspace_user_group":        workspace.ResourceUserGroup(),
-			"huaweicloud_workspace_access_policy":     workspace.ResourceAccessPolicy(),
-			"huaweicloud_workspace_desktop_name_rule": workspace.ResourceDesktopNameRule(),
-			"huaweicloud_workspace_desktop":           workspace.ResourceDesktop(),
-			"huaweicloud_workspace_policy_group":      workspace.ResourcePolicyGroup(),
-			"huaweicloud_workspace_service":           workspace.ResourceService(),
-			"huaweicloud_workspace_terminal_binding":  workspace.ResourceTerminalBinding(),
-			"huaweicloud_workspace_user":              workspace.ResourceUser(),
-			"huaweicloud_workspace_eip_associate":     workspace.ResourceEipAssociate(),
+			"huaweicloud_workspace_app_group_authorization": workspace.ResourceAppGroupAuthorization(),
+			"huaweicloud_workspace_app_group":               workspace.ResourceWorkspaceAppGroup(),
+			"huaweicloud_workspace_app_publishment":         workspace.ResourceAppPublishment(),
+			"huaweicloud_workspace_user_group":              workspace.ResourceUserGroup(),
+			"huaweicloud_workspace_access_policy":           workspace.ResourceAccessPolicy(),
+			"huaweicloud_workspace_desktop_name_rule":       workspace.ResourceDesktopNameRule(),
+			"huaweicloud_workspace_desktop":                 workspace.ResourceDesktop(),
+			"huaweicloud_workspace_policy_group":            workspace.ResourcePolicyGroup(),
+			"huaweicloud_workspace_service":                 workspace.ResourceService(),
+			"huaweicloud_workspace_terminal_binding":        workspace.ResourceTerminalBinding(),
+			"huaweicloud_workspace_user":                    workspace.ResourceUser(),
+			"huaweicloud_workspace_eip_associate":           workspace.ResourceEipAssociate(),
 
 			"huaweicloud_cpts_project": cpts.ResourceProject(),
 			"huaweicloud_cpts_task":    cpts.ResourceTask(),

huaweicloud/services/acceptance/workspace/resource_huaweicloud_workspace_app_group_authorization_test.go

@@ -0,0 +1,118 @@
+package workspace
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccResourceAppGroupAuthorization_basic(t *testing.T) {
+	name := acceptance.RandomAccResourceName()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckWorkspaceAppServerGroupId(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      nil,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAppGroupAuthorization_basic(name),
+			},
+		},
+	})
+}
+
+func testAccAppGroupAuthorization_base(name string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+resource "huaweicloud_workspace_user" "test" {
+  name  = "%[2]s"
+  email = "[email protected]"
+}
+
+resource "huaweicloud_workspace_user_group" "test" {
+  count = 2
+  name  = "%[2]s${count.index}"
+  type  = "LOCAL"
+}
+`, testResourceWorkspaceAppGroup_basic_step1(name), name)
+}
+
+func testAccAppGroupAuthorization_basic(name string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+resource "huaweicloud_workspace_app_group_authorization" "test" {
+  app_group_id = huaweicloud_workspace_app_group.test.id
+
+  accounts {
+    account = huaweicloud_workspace_user.test.name
+    type    = "USER"
+  }
+
+  dynamic "accounts" {
+    for_each = huaweicloud_workspace_user_group.test[*]
+
+    content {
+      id      = accounts.value.id
+      account = accounts.value.name
+      type    = "USER_GROUP"
+    }
+  }
+}
+`, testAccAppGroupAuthorization_base(name))
+}
+
+func TestAccResourceAppGroupAuthorization_expectErr(t *testing.T) {
+	name := acceptance.RandomAccResourceName()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckWorkspaceAppServerGroupId(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      nil,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccAppGroupAuthorization_expectErr(name),
+				ExpectError: regexp.MustCompile(`unable to authorize for some accounts: not_exist_user_group_tf | USER`),
+			},
+		},
+	})
+}
+
+func testAccAppGroupAuthorization_expectErr(name string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+resource "huaweicloud_workspace_user" "test" {
+  count = 2
+  name  = "%[2]s${count.index}"
+  email = "[email protected]"
+}
+
+resource "huaweicloud_workspace_app_group_authorization" "test" {
+  app_group_id = huaweicloud_workspace_app_group.test.id
+
+  dynamic "accounts" {
+    for_each = huaweicloud_workspace_user.test[*]
+  
+    content {
+      account = accounts.value.name
+      type    = "USER"
+    }
+  }
+
+  accounts {
+    account = "not_exist_user_group_tf"
+    type    = "USER"
+  }
+}
+`, testResourceWorkspaceAppGroup_basic_step1(name), name)
+}