port-labs · Tankilevitch · Jan 29, 2024 · Jan 27, 2024 · Jan 29, 2024
diff --git a/port/action-permissions/resource.go b/port/action-permissions/resource.go
@@ -96,19 +96,13 @@ func (r *ActionPermissionsResource) Update(ctx context.Context, req resource.Upd
 		return
 	}
 
-	a, err := r.portClient.UpdateActionPermissions(ctx, blueprintIdentifier, actionIdentifier, permissions)
+	_, err = r.portClient.UpdateActionPermissions(ctx, blueprintIdentifier, actionIdentifier, permissions)
 
 	if err != nil {
 		resp.Diagnostics.AddError("failed to update action permissions", err.Error())
 		return
 	}
 
-	err = refreshActionPermissionsState(ctx, state, a, blueprintIdentifier, actionIdentifier)
-	if err != nil {
-		resp.Diagnostics.AddError("failed to refresh action permissions state", err.Error())
-		return
-	}
-
 	state.ID = types.StringValue(fmt.Sprintf("%s:%s", blueprintIdentifier, actionIdentifier))
 	state.ActionIdentifier = types.StringValue(actionIdentifier)
 	state.BlueprintIdentifier = types.StringValue(blueprintIdentifier)

diff --git a/port/action-permissions/resource_test.go b/port/action-permissions/resource_test.go
@@ -465,7 +465,6 @@ func TestAccPortActionPermissionsImportState(t *testing.T) {
 					value: "true",
 					operator: "=",
 					property: "$owned_by_team"
-
 				}
 			  ],
 			  combinator: "and"
@@ -505,3 +504,40 @@ func TestAccPortActionPermissionsImportState(t *testing.T) {
 		},
 	})
 }
+
+func TestAccPortActionWithEmptyFieldsExpectDefaultsToApply(t *testing.T) {
+	blueprintIdentifier := utils.GenID()
+	actionIdentifier := utils.GenID()
+	var testAccActionPermissionsConfigCreate = testAccCreateBlueprintAndActionConfig(blueprintIdentifier, actionIdentifier) + `
+	resource "port_action_permissions" "create_microservice_permissions" {
+	  action_identifier = port_action.create_microservice.identifier
+	  blueprint_identifier = port_blueprint.microservice.identifier	
+	  permissions = {
+		"execute": {}
+		"approve": {}
+		}
+	}
+`
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.TestAccPreCheck(t) },
+		ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccActionPermissionsConfigCreate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "action_identifier", actionIdentifier),
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "blueprint_identifier", blueprintIdentifier),
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.execute.roles.#", "0"),
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.execute.users.#", "0"),
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.execute.teams.#", "0"),
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.execute.owned_by_team", "true"),
+					resource.TestCheckNoResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.approve.policy"),
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.approve.roles.#", "0"),
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.approve.users.#", "0"),
+					resource.TestCheckResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.approve.teams.#", "0"),
+					resource.TestCheckNoResourceAttr("port_action_permissions.create_microservice_permissions", "permissions.approve.policy"),
+				),
+			},
+		},
+	})
+}
diff --git a/port/action-permissions/schema.go b/port/action-permissions/schema.go
@@ -2,8 +2,11 @@ package action_permissions
 
 import (
 	"context"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listdefault"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 )
 
@@ -22,30 +25,38 @@ func ActionPermissionsSchema() map[string]schema.Attribute {
 		},
 		"permissions": schema.SingleNestedAttribute{
 			MarkdownDescription: "The permissions for the action",
-			Optional:            true,
+			Required:            true,
 			Attributes: map[string]schema.Attribute{
 				"execute": schema.SingleNestedAttribute{
 					MarkdownDescription: "The permission to execute the action",
-					Optional:            true,
+					Required:            true,
 					Attributes: map[string]schema.Attribute{
 						"users": schema.ListAttribute{
 							MarkdownDescription: "The users with execution permission",
 							Optional:            true,
+							Computed:            true,
+							Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							ElementType:         types.StringType,
 						},
 						"roles": schema.ListAttribute{
 							MarkdownDescription: "The roles with execution permission",
 							Optional:            true,
+							Computed:            true,
+							Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							ElementType:         types.StringType,
 						},
 						"teams": schema.ListAttribute{
 							MarkdownDescription: "The teams with execution permission",
 							Optional:            true,
+							Computed:            true,
+							Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							ElementType:         types.StringType,
 						},
 						"owned_by_team": schema.BoolAttribute{
 							MarkdownDescription: "Give execution permission to the teams who own the entity",
 							Optional:            true,
+							Computed:            true,
+							Default:             booldefault.StaticBool(true),
 						},
 						"policy": schema.StringAttribute{
 							MarkdownDescription: "The policy to use for execution",
@@ -55,21 +66,27 @@ func ActionPermissionsSchema() map[string]schema.Attribute {
 				},
 				"approve": schema.SingleNestedAttribute{
 					MarkdownDescription: "The permission to approve the action's runs",
-					Optional:            true,
+					Required:            true,
 					Attributes: map[string]schema.Attribute{
 						"users": schema.ListAttribute{
 							MarkdownDescription: "The users with approval permission",
 							Optional:            true,
+							Computed:            true,
+							Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							ElementType:         types.StringType,
 						},
 						"roles": schema.ListAttribute{
 							MarkdownDescription: "The roles with approval permission",
 							Optional:            true,
+							Computed:            true,
+							Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							ElementType:         types.StringType,
 						},
 						"teams": schema.ListAttribute{
 							MarkdownDescription: "The teams with approval permission",
 							Optional:            true,
+							Computed:            true,
+							Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							ElementType:         types.StringType,
 						},
 						"policy": schema.StringAttribute{