Add new expiry reasons (#131)

* update workflow resource to include new expiry fields * changeset * Generate documentation * fix merge * Generate documentation * update sdk * Go mod tidy --------- Co-authored-by: meyerjrr <[email protected]> Co-authored-by: JoshuaWilkes <[email protected]>
common-fate · Oct 14, 2024 · 703a0f9 · 703a0f9
1 parent 5359b09
commit 703a0f9
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 58 deletions.
diff --git a/.changeset/twenty-ghosts-fly.md b/.changeset/twenty-ghosts-fly.md
@@ -0,0 +1,5 @@
+---
+"@common-fate/terraform-provider-commonfate": minor
+---
+
+add workflow expiry options for closing requests
diff --git a/docs/resources/access_workflow.md b/docs/resources/access_workflow.md
@@ -45,12 +45,14 @@ resource "commonfate-access_workflow" "workflow-demo" {
 
 ### Optional
 
-- `activation_expiry` (Number) The amount of time after access is activated before the request will be expired
+- `activation_expiry` (Number) The amount of time after access is approved to be activated before the request will be expired
 - `approval_steps` (Attributes List) Define the requirements for grant approval, each step must be completed by a distict principal, steps can be completed in any order. (see [below for nested schema](#nestedatt--approval_steps))
 - `default_duration_seconds` (Number) The default duration of the access workflow
 - `extension_conditions` (Attributes) Configuration for extending access (see [below for nested schema](#nestedatt--extension_conditions))
 - `name` (String) A unique name for the workflow so you know how to identify it.
 - `priority` (Number) The priority that governs whether the policy will be used. If a different policy with a higher priority and the same role exists that one will be used over another.
+- `requested_to_activate_expiry` (Number) The amount of time after a request is made and activated before the request will be expired
+- `requested_to_approved_expiry` (Number) The amount of time after a request is made and approved before the request will be expired
 - `try_extend_after_seconds` (Number, Deprecated) The amount of time after access is activated that extending access can be attempted. As a starting point we recommend setting this to half of the `access_duration_seconds`.
 - `validation` (Attributes) Validation requirements to be set with this workflow (see [below for nested schema](#nestedatt--validation))
 

diff --git a/go.sum b/go.sum
@@ -40,52 +40,6 @@ github.com/common-fate/clio v1.2.3 h1:hHwUYZjn66qGYDpgANl0EB/92hyi/Jsnd07qB09rvn
 github.com/common-fate/clio v1.2.3/go.mod h1:NkozaS15SA+6Y9zb+82eIj1i41aWShorTqA01GKQ7A8=
 github.com/common-fate/grab v1.1.0 h1:HLZPtltdHScYu6qtt/UC78rvwylCTWuyoZoiQXV4QHc=
 github.com/common-fate/grab v1.1.0/go.mod h1:L0qa03RwqOMZz9PrrWw9eI145i5FQRf+iLtNSJypQvY=
-github.com/common-fate/sdk v1.51.1 h1:0WE0tfEEGfA5resUpBY/KBnsuUGkPLVoOoGL2iLwiWs=
-github.com/common-fate/sdk v1.51.1/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.53.1-0.20240822020014-0bee568afd66 h1:Bu0xMCnyp/SK1q4Z0saj+2FJ13VthvpiI37yBZFqODU=
-github.com/common-fate/sdk v1.53.1-0.20240822020014-0bee568afd66/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.53.1-0.20240822023037-d4708eba49f6 h1:yKV+GCc3Ez3zy6RjGzP7KboUuBZikUYiGHB3wKd94tE=
-github.com/common-fate/sdk v1.53.1-0.20240822023037-d4708eba49f6/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.53.1-0.20240822041759-bb95fe9aff9d h1:5Flsg4c7vK5CNONiZs0CBDbNRSs9XCB2/eCU5Us2ntQ=
-github.com/common-fate/sdk v1.53.1-0.20240822041759-bb95fe9aff9d/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.53.1-0.20240822054155-e80ba28b4d72 h1:Y5oqxiaCHRa6RLAbUwJ2VrBHDYN3FDL2mKil70jL9lk=
-github.com/common-fate/sdk v1.53.1-0.20240822054155-e80ba28b4d72/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.54.2-0.20240826012638-d07038aece4e h1:BppsM3+Mjhe4DWFyLC5f+1x05GOh0tRWKx+hLm2bSSQ=
-github.com/common-fate/sdk v1.54.2-0.20240826012638-d07038aece4e/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.54.2-0.20240828032201-8ea82346d3bc h1:QiuHLHlAeGKxgPMr+i7uUV+6KaTJ0mucYfkgkgDgJPk=
-github.com/common-fate/sdk v1.54.2-0.20240828032201-8ea82346d3bc/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.54.2-0.20240828232313-e59662fa5409 h1:vQPgytT5LaiQSKSRYV0PLYuZrJKhgO/H5MHYqKoY1/U=
-github.com/common-fate/sdk v1.54.2-0.20240828232313-e59662fa5409/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.54.2-0.20240830000801-1f335f78aa4a h1:S+bSFrlQqqd+rtw5nynkjsadSdCmnrnmNpDwvgVysMw=
-github.com/common-fate/sdk v1.54.2-0.20240830000801-1f335f78aa4a/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.55.0 h1:G5VcjFBp4VZ/Er+ekgfHhgFqMhpGSOd+KDid0JDxb6c=
-github.com/common-fate/sdk v1.55.0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.55.1-0.20240903080122-bc7ac8ae3ae0 h1:Lx+plt1OOSm9j6mTjn0cTSG7c2HUyD5/cjU2dQUz0pA=
-github.com/common-fate/sdk v1.55.1-0.20240903080122-bc7ac8ae3ae0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.56.0 h1:16jVKFJLrDEBVIe44tLLzPotJymDXscwwyp++2O3wdU=
-github.com/common-fate/sdk v1.56.0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.59.3-0.20240930041650-9dff9f8c434c h1:fXiW8om7V+0GOnJ7ig5YAhk4+Qr57MBGUI6C2jwH4O8=
-github.com/common-fate/sdk v1.59.3-0.20240930041650-9dff9f8c434c/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.60.0 h1:Ebh9SfCoA/2dArKDMlw89rgfmNYVWUqJY0J5gNxRsgc=
-github.com/common-fate/sdk v1.60.0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.61.1-0.20241003003332-71be03ac64a6 h1:Y5VvsG4+byDP5AlVoXM2h8izSvN7WDLGvTeuHdiczmA=
-github.com/common-fate/sdk v1.61.1-0.20241003003332-71be03ac64a6/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.63.0 h1:Nlgf3jpoJVy7DR3QhKvkZW3LYUyWXT5oDBpF3h/Xtjs=
-github.com/common-fate/sdk v1.63.0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.63.1-0.20241008013228-135a8835b12d h1:C2XaSWyBC1dFwBzNe2XtMcvOzaA5z4FWjDJn4wNBXI8=
-github.com/common-fate/sdk v1.63.1-0.20241008013228-135a8835b12d/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.63.1-0.20241008045928-9195c815a7f1 h1:KtSzfguxjquajy70tQqoMGIOSuA6coSIhUwXwKJDuAQ=
-github.com/common-fate/sdk v1.63.1-0.20241008045928-9195c815a7f1/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.64.0 h1:m55A0yr9/Ag7dcnEU5XcxcDvX2rJM44wbuLguZY2xeg=
-github.com/common-fate/sdk v1.64.0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.64.1-0.20241009042902-15ead860bdd3 h1:RA3xSP88+HqNEXwMH9eEkaj2jkEqSAabw87d+9TvWY4=
-github.com/common-fate/sdk v1.64.1-0.20241009042902-15ead860bdd3/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.64.1-0.20241009043542-adec3fc5323f h1:X6m/YfF/POH8P3RXAqq7jrGb+4koD1MFfmDRDogQ6Bk=
-github.com/common-fate/sdk v1.64.1-0.20241009043542-adec3fc5323f/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.64.1 h1:vmH8MKsCv5MHhyhyLEN6OSbMv/0MHAIaiHyMNTY1VRs=
-github.com/common-fate/sdk v1.64.1/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.65.0 h1:vmQdePgmJeAvjDLEuoLb6fKURFeeTLOrKHPWxxuoYTE=
-github.com/common-fate/sdk v1.65.0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
 github.com/common-fate/sdk v1.65.2 h1:vBwqcC7t+jZmXz2XN+MqCh07/DakFhqmGrktzuwlcGk=
 github.com/common-fate/sdk v1.65.2/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=

diff --git a/internal/access/resource_access_workflow.go b/internal/access/resource_access_workflow.go
@@ -42,16 +42,18 @@ type ApprovalStep struct {
 	When types.String `tfsdk:"when"`
 }
 type AccessWorkflowModel struct {
-	ID                  types.String         `tfsdk:"id"`
-	Name                types.String         `tfsdk:"name"`
-	AccessDuration      types.Int64          `tfsdk:"access_duration_seconds"`
-	TryExtendAfter      types.Int64          `tfsdk:"try_extend_after_seconds"`
-	Priority            types.Int64          `tfsdk:"priority"`
-	ActivationExpiry    types.Int64          `tfsdk:"activation_expiry"`
-	DefaultDuration     types.Int64          `tfsdk:"default_duration_seconds"`
-	Validation          *Validations         `tfsdk:"validation"`
-	ExtensionConditions *ExtensionConditions `tfsdk:"extension_conditions"`
-	ApprovalSteps       []ApprovalStep       `tfsdk:"approval_steps"`
+	ID                        types.String         `tfsdk:"id"`
+	Name                      types.String         `tfsdk:"name"`
+	AccessDuration            types.Int64          `tfsdk:"access_duration_seconds"`
+	TryExtendAfter            types.Int64          `tfsdk:"try_extend_after_seconds"`
+	Priority                  types.Int64          `tfsdk:"priority"`
+	ActivationExpiry          types.Int64          `tfsdk:"activation_expiry"`
+	RequestedToApprovedExpiry types.Int64          `tfsdk:"requested_to_approved_expiry"`
+	RequestedToActivateExpiry types.Int64          `tfsdk:"requested_to_activate_expiry"`
+	DefaultDuration           types.Int64          `tfsdk:"default_duration_seconds"`
+	Validation                *Validations         `tfsdk:"validation"`
+	ExtensionConditions       *ExtensionConditions `tfsdk:"extension_conditions"`
+	ApprovalSteps             []ApprovalStep       `tfsdk:"approval_steps"`
 }
 
 // AccessRuleResource is the data source implementation.
@@ -124,7 +126,15 @@ func (r *AccessWorkflowResource) Schema(ctx context.Context, req resource.Schema
 				Optional:            true,
 			},
 			"activation_expiry": schema.Int64Attribute{
-				MarkdownDescription: "The amount of time after access is activated before the request will be expired",
+				MarkdownDescription: "The amount of time after access is approved to be activated before the request will be expired",
+				Optional:            true,
+			},
+			"requested_to_approved_expiry": schema.Int64Attribute{
+				MarkdownDescription: "The amount of time after a request is made and approved before the request will be expired",
+				Optional:            true,
+			},
+			"requested_to_activate_expiry": schema.Int64Attribute{
+				MarkdownDescription: "The amount of time after a request is made and activated before the request will be expired",
 				Optional:            true,
 			},
 			"default_duration_seconds": schema.Int64Attribute{
@@ -237,6 +247,18 @@ func (r *AccessWorkflowResource) Create(ctx context.Context, req resource.Create
 		createReq.ActivationExpiry = durationpb.New(activationExpiry)
 	}
 
+	if !data.RequestedToActivateExpiry.IsNull() {
+		RequestedToActivateExpiry := time.Second * time.Duration(data.RequestedToActivateExpiry.ValueInt64())
+
+		createReq.RequestToActiveExpiry = durationpb.New(RequestedToActivateExpiry)
+	}
+
+	if !data.RequestedToApprovedExpiry.IsNull() {
+		RequestedToApprovedExpiry := time.Second * time.Duration(data.RequestedToApprovedExpiry.ValueInt64())
+
+		createReq.RequestToApproveExpiry = durationpb.New(RequestedToApprovedExpiry)
+	}
+
 	if data.Validation != nil {
 
 		var regexValidations []*accessv1alpha1.RegexValidation
@@ -361,6 +383,15 @@ func (r *AccessWorkflowResource) Read(ctx context.Context, req resource.ReadRequ
 
 	}
 
+	if res.Msg.Workflow.RequestToActiveExpiry != nil {
+		state.RequestedToActivateExpiry = types.Int64Value(res.Msg.Workflow.RequestToActiveExpiry.Seconds)
+
+	}
+
+	if res.Msg.Workflow.RequestToApproveExpiry != nil {
+		state.RequestedToApprovedExpiry = types.Int64Value(res.Msg.Workflow.RequestToApproveExpiry.Seconds)
+
+	}
 	if res.Msg.Workflow.Validation != nil {
 		var regexValidations []RegexValidation
 
@@ -434,6 +465,18 @@ func (r *AccessWorkflowResource) Update(ctx context.Context, req resource.Update
 		updateReq.Workflow.ActivationExpiry = durationpb.New(activationExpiry)
 	}
 
+	if !data.RequestedToActivateExpiry.IsNull() {
+		RequestedToActivateExpiry := time.Second * time.Duration(data.RequestedToActivateExpiry.ValueInt64())
+
+		updateReq.Workflow.RequestToActiveExpiry = durationpb.New(RequestedToActivateExpiry)
+	}
+
+	if !data.RequestedToApprovedExpiry.IsNull() {
+		RequestedToApprovedExpiry := time.Second * time.Duration(data.RequestedToApprovedExpiry.ValueInt64())
+
+		updateReq.Workflow.RequestToApproveExpiry = durationpb.New(RequestedToApprovedExpiry)
+	}
+
 	if data.Validation != nil {
 		var regexValidations []*accessv1alpha1.RegexValidation