feat(audit-trail): add support for audit trail to terraform provider

[mwasilew2]

Description of the change

closes: https://app.clickup.com/t/8693fq8pf

blocked on:

• expose id won't be needed:
  • https://github.com/spacelift-io/backend/pull/6147
  • https://github.com/spacelift-io/backend/pull/6165
• https://github.com/spacelift-io/backend/pull/6154

Type of change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation (non-breaking change that adds documentation)

Related issues

Fix #1

Checklists

Development

• Lint rules pass locally
• The code changed/added as part of this pull request has been covered with tests
• All tests related to the changed code pass in development
• Examples for new resources and data sources have been added
• Default values have been documented in the description (e.g., "Dummy: (Boolean) Blah blah. Defaults to false.)
• If the action fails that checks the documentation: Run go generate to make sure the docs are up to date

Code review

• This pull request has a descriptive title and information useful to a reviewer. There may be a screenshot or screencast attached
• Pull Request is no longer marked as "draft"
• Reviewers have been assigned
• Changes have been reviewed by at least one other engineer

[Clickup-user]

Task linked: CU-8693fq8pf add support for auditTrailWebhook to terraform provider

[jakubdal]

It looks like a neat copy-paste with intention behind it. However I don't know how a provider should be implemented properly, so an encouraging comment is best I can do 💪

[mwasilew2]

@peterdeme @michalg9 I saw you working on terraform provider recently, you would mind taking a look?

[peterdeme]

Are you sure about this one?

[mwasilew2]

@peterdeme

nope, not at all, I mean it works, but it's a hack, see: https://spacelift-io.slack.com/archives/CRTS17WLF/p1705055720419239

[mwasilew2]

I also drafted PRs to actually execute the "ulid based" solution: https://github.com/spacelift-io/backend/pull/6165

[peterdeme]

I see. I don't have a strong opinion on this, so feel free to do whatever :D Personally, I would either generate a "smart" id (maybe from the endpoint URL?), or go through with the ULID pull request.

Waiting on other people's opinion.

[adamconnelly]

Personally if it works I'm fine with this approach. There's only ever one audit trail webhook, and I don't think there's a reason to need to import the resource (since the mutation works like an upsert).

[mwasilew2]

@marcinwyszynski @adamconnelly I saw you've been active in the repo, could you take a look? Thanks in advance

[adamconnelly]

Looks good overall. Left some comments, but nothing major.

[adamconnelly]

Couple of suggestions here:

• Maybe we should say "sends POST requests" instead of "sends the POST request"?
• I'm not sure about the "events the user wants to track" part. It kinda implies that you can choose the events you're interested in. Maybe we should just say "about audit events" or something like that?

[adamconnelly]

Can you add descriptions to these fields please?

[adamconnelly]

Personally if it works I'm fine with this approach. There's only ever one audit trail webhook, and I don't think there's a reason to need to import the resource (since the mutation works like an upsert).

[adamconnelly]

Might wanna test deletion as well.

[mwasilew2]

Deletion should be a part of each test (the test will fail if the resource created for the test was not successfully removed). Do you reckon we need to test it explicitly? Do you know how to test it explicitly? I don't see a test like that in the repo and I'm not sure how to do it.

[adamconnelly]

That's fine then - don't worry about it if the test fails anyway if deletion fails. I just hadn't realised that.

As for how you'd do it - I imagine you'd just add a test step that applied a configuration where the resource wasn't included.

[mwasilew2]

As for how you'd do it - I imagine you'd just add a test step that applied a configuration where the resource wasn't included.

yeah, just wasn't sure how to test for a missing resource after applying an empty config

[adamconnelly]

Is this not more a test of the API rejecting an endpoint that doesn't exist, rather than testing that the endpoint can't be changed (which should totally be possible)?

[mwasilew2]

testing that the endpoint can't be changed (which should totally be possible)?

It's not possible to edit the endpoint if the audit trail webhook is enabled.

[adamconnelly]

You sure? Looking at the backend code, it seems to allow that, and just sends to both old and new endpoints if that's the case.

Regardless, I don't think this test is verifying that the endpoint can't be changed. It's just checking that if you set the endpoint to one that doesn't exist, we don't allow the endpoint to be updated.

[mwasilew2]

you're right, I think the reason I was able to set the endpoint to a non-existent value was that I disabled audit trail first and the check is only performed if it's enabled.

thanks!

I think the test still brings some value so I'll leave it and update the name.