TF-5569 Add support for custom project access permissions.

* Add customizable project level permissions in dataSourceTFETeamProjectAccess
* Add customizable project level permission in resourceTFETeamProjectAccess

Custom project access permissions allow setting various customizable
permissions at the project level and permissions that are applied to all
workspaces in a project.

CHANGELOG.md

@@ -8,6 +8,9 @@ FEATURES:
 * `d/tfe_saml_settings`: Add PrivateKey (sensitive), SignatureSigningMethod, and SignatureDigestMethod attributes, by @karvounis-form3 [970](https://github.com/hashicorp/terraform-provider-tfe/pull/970)
 * **New Resource**: `r/tfe_project_policy_set` is a new resource to attach/detach an existing `project` to an existing `policy set`, by @Netra2104 [972](https://github.com/hashicorp/terraform-provider-tfe/pull/972)
 * `d/tfe_policy_set`: Add `project_ids` attribute, by @Netra2104 [974](https://github.com/hashicorp/terraform-provider-tfe/pull/974/files)
+* `r/tfe_team_project_access`: Add a `custom` option to the `access` attribute as well as `project_access` and `workspace_access` attributes with
+various customizable permissions options to apply at the project level to the project itself and all of the workspaces therein, by @rberecka [983](https://github.com/hashicorp/terraform-provider-tfe/pull/983)
+* `d/team_project_access`: Add a `custom` option to the `access` attribute as well as `project_access` and `workspace_access` attributes, by @rberecka [983](https://github.com/hashicorp/terraform-provider-tfe/pull/983)
 
 NOTES:
 * The provider is now using go-tfe [v1.30.0](https://github.com/hashicorp/go-tfe/releases/tag/v1.30.0), by @karvounis-form3 [970](https://github.com/hashicorp/terraform-provider-tfe/pull/970)

tfe/data_source_team_project_access.go

@@ -5,6 +5,7 @@ package tfe
 
 import (
 	"context"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 
 	tfe "github.com/hashicorp/go-tfe"
@@ -30,18 +31,88 @@ func dataSourceTFETeamProjectAccess() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+
+			"project_access": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"settings": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"teams": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+
+			"workspace_access": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"create": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"locking": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"move": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"delete": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"run_tasks": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"runs": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"sentinel_mocks": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"state_versions": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"variables": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
 
 func dataSourceTFETeamProjectAccessRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	config := meta.(ConfiguredClient)
-
 	// Get the team ID.
 	teamID := d.Get("team_id").(string)
-
 	// Get the project
 	projectID := d.Get("project_id").(string)
+
 	proj, err := config.Client.Projects.Read(ctx, projectID)
 	if err != nil {
 		return diag.Errorf(

tfe/data_source_team_project_access_test.go

@@ -37,6 +37,53 @@ func TestAccTFETeamProjectAccessDataSource_basic(t *testing.T) {
 	})
 }
 
+func TestAccTFETeamProjectCustomAccessDataSource_basic(t *testing.T) {
+	tfeClient, err := getClientUsingEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	org, orgCleanup := createBusinessOrganization(t, tfeClient)
+	t.Cleanup(orgCleanup)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFETeamProjectCustomAccessDataSourceConfig(org.Name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.tfe_team_project_access.foobar_custom", "id"),
+					resource.TestCheckResourceAttrSet("data.tfe_team_project_access.foobar_custom", "team_id"),
+					resource.TestCheckResourceAttrSet("data.tfe_team_project_access.foobar_custom", "project_id"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "access", "custom"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "project_access.0.settings", "delete"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "project_access.0.teams", "manage"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.state_versions", "write"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.sentinel_mocks", "read"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.variables", "write"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.create", "true"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.locking", "true"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.move", "true"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.delete", "false"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_team_project_access.foobar_custom", "workspace_access.0.run_tasks", "false"),
+				),
+			},
+		},
+	})
+}
+
 func testAccTFETeamProjectAccessDataSourceConfig(organization string) string {
 	return fmt.Sprintf(`
 resource "tfe_team" "foobar" {
@@ -61,3 +108,42 @@ data "tfe_team_project_access" "foobar" {
   depends_on = [tfe_team_project_access.foobar]
 }`, organization, organization)
 }
+
+func testAccTFETeamProjectCustomAccessDataSourceConfig(organization string) string {
+	return fmt.Sprintf(`
+resource "tfe_team" "foobar_custom" {
+  name         = "team-test2"
+  organization = "%s"
+}
+
+resource "tfe_project" "foobar_custom" {
+  name         = "projecttest2"
+  organization = "%s"
+}
+
+resource "tfe_team_project_access" "foobar_custom" {
+  access       = "custom"
+  team_id      = tfe_team.foobar_custom.id
+  project_id   = tfe_project.foobar_custom.id
+  project_access {
+    settings = "delete"
+    teams    = "manage"
+  }
+  workspace_access {
+    state_versions = "write"
+    sentinel_mocks = "read"
+    variables      = "write"
+    create         = true
+    locking        = true
+    move           = true
+    delete         = false
+    run_tasks      = false
+  }
+}
+
+data "tfe_team_project_access" "foobar_custom" {
+  team_id      = tfe_team.foobar_custom.id
+  project_id   = tfe_project.foobar_custom.id
+  depends_on   = [tfe_team_project_access.foobar_custom]
+}`, organization, organization)
+}