From e4857b966973845fb9b7d08e1a7169cf6b05823d Mon Sep 17 00:00:00 2001
From: "Gattuso, Sandro" <sandro.gattuso@anz.com>
Date: Fri, 29 Jan 2021 15:04:25 +1100
Subject: [PATCH] Add support for debug permission and update documentation

---
 codefresh/resource_permission.go |  7 ++---
 docs/resources/permissions.md    | 45 +++++++++++++++++++++++++++++++-
 2 files changed, 48 insertions(+), 4 deletions(-)

diff --git a/codefresh/resource_permission.go b/codefresh/resource_permission.go
index 930035f9..9124d389 100644
--- a/codefresh/resource_permission.go
+++ b/codefresh/resource_permission.go
@@ -2,9 +2,10 @@ package codefresh
 
 import (
 	"fmt"
+	"log"
+
 	cfClient "github.com/codefresh-io/terraform-provider-codefresh/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"log"
 )
 
 func resourcePermission() *schema.Resource {
@@ -42,8 +43,8 @@ func resourcePermission() *schema.Resource {
 				Required: true,
 				ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) {
 					v := val.(string)
-					if v != "create" && v != "read" && v != "update" && v != "delete" && v != "run" && v != "approve" {
-						errs = append(errs, fmt.Errorf("%q must be between one of create,read,update,delete,approve, got: %s", key, v))
+					if v != "create" && v != "read" && v != "update" && v != "delete" && v != "run" && v != "approve" && v != "debug" {
+						errs = append(errs, fmt.Errorf("%q must be between one of create,read,update,delete,approve,debug got: %s", key, v))
 					}
 					return
 				},
diff --git a/docs/resources/permissions.md b/docs/resources/permissions.md
index 3395ae81..82cf66cf 100644
--- a/docs/resources/permissions.md
+++ b/docs/resources/permissions.md
@@ -1,6 +1,49 @@
 # resource codefresh_permission
+Permission are used to setup access control and allow to define which teams have access to which clusters and pipelines based on tags
+See the [documentation](https://codefresh.io/docs/docs/administration/access-control/).
 
+## Example usage
+
+```hcl
+resource "codefresh_team" "developers" {
+  name = "developers"
+
+  users = [
+      "5efc3cb6355c6647041b6e49",
+      "59009221c102763beda7cf04"
+    ]
+}
+
+resource "codefresh_permission" "developers" {
+
+  team = codefresh_team.developers.id
+  resource = "pipeline"
+  action = "run"
+  tags = [
+      "demo",
+      "test"
+    ]
+}
 ```
 
+## Argument Reference
+
+- `action` - (Required) Action to be allowed. Possible values:
+  - __create__
+  - __read__
+  - __update__
+  - __delete__
+  - __run__ (Only valid for `pipeline` resource)
+  - __approve__ (Only valid for `pipeline` resource)
+  - __debug__ (Only valid for `pipeline` resource)
+- `resource` - (Required) The type of resource the permission applies to. Possible values:
+  - __pipeline__
+  - __cluster__
+- `team` - (Required) The Id of the team the permissions apply to.
+- `tags` - (Optional) The effective tags to apply the permission. It supports 2 custom tags:
+  - __untagged__ is a “tag” which refers to all clusters that don’t have any tag.
+  - __*__ (the star character) means all tags.
+
+## Attributes Reference
 
-```
\ No newline at end of file
+- `id` - The permission ID.