Merge pull request #30 from arangodb-managed/foxx-auth

OAS-3201 | Extended deployment resource to support disable_foxx_authentication setting

Author: ewoutp

README.md

@@ -69,6 +69,7 @@ resource "oasis_deployment" "my_oneshard_deployment" {
   security { // this section is optional
     ca_certificate = "" // If not set, uses default certificate from project
     ip_allowlist = "" // If not set, no allowlist is configured
+    disable_foxx_authentication = false // If set to true, request to Foxx apps are not authentications.
   }
 
   configuration {

go.mod

@@ -1,7 +1,7 @@
 module github.com/arangodb-managed/terraform-provider-oasis
 
 require (
-	github.com/arangodb-managed/apis v0.65.0
+	github.com/arangodb-managed/apis v0.69.3
 	github.com/arangodb-managed/log-helper v0.2.0
 	github.com/gogo/protobuf v1.3.0
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -19,7 +19,7 @@ go 1.16
 
 replace github.com/Azure/go-autorest => github.com/Azure/go-autorest v14.2.0+incompatible
 
-replace github.com/arangodb/kube-arangodb => github.com/arangodb/kube-arangodb v0.0.0-20210414140129-e66e59938ad5
+replace github.com/arangodb/kube-arangodb => github.com/arangodb/kube-arangodb v0.0.0-20210528082542-41972ad9b013
 
 replace github.com/coreos/go-systemd => github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a
 

go.sum

@@ -45,8 +45,8 @@ github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFU
 github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
 github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0=
 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
-github.com/arangodb-managed/apis v0.65.0 h1:tvsQXVwJmg4UgYIGG6/NemV8EDoq3M7bGtm6XNFciIw=
-github.com/arangodb-managed/apis v0.65.0/go.mod h1:dSEV+DTPdZNH06qVqFWA+F0OcaL2ePGEo+odyMaU72Y=
+github.com/arangodb-managed/apis v0.69.3 h1:xgY3wtjzuMp9HDwXgmVkc6pA8f8mqpf3uYEqtrbUCUc=
+github.com/arangodb-managed/apis v0.69.3/go.mod h1:dSEV+DTPdZNH06qVqFWA+F0OcaL2ePGEo+odyMaU72Y=
 github.com/arangodb-managed/log-helper v0.2.0 h1:QK85i0a+mGM++wK625Oe1z4HuXhvaN3vR/Nunwa1qAA=
 github.com/arangodb-managed/log-helper v0.2.0/go.mod h1:WJogNCCXWM5OQx/ZYvtRo/1zwm/IpKj+f4QVtM8hNJw=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=

pkg/resource_deployment.go

@@ -20,6 +20,7 @@
 // Author Gergely Brautigam
 // Author Robert Stam
 // Author Marcin Swiderski
+// Author Ewout Prangsma
 //
 
 package pkg
@@ -37,22 +38,23 @@ import (
 )
 
 const (
-	deplTAndCAcceptedFieldName             = "terms_and_conditions_accepted"
-	deplProjectFieldName                   = "project"
-	deplNameFieldName                      = "name"
-	deplDescriptionFieldName               = "description"
-	deplLocationFieldName                  = "location"
-	deplLocationRegionFieldName            = "region"
-	deplVersionFieldName                   = "version"
-	deplVersionDbVersionFieldName          = "db_version"
-	deplSecurityFieldName                  = "security"
-	deplSecurityCaCertificateFieldName     = "ca_certificate"
-	deplSecurityIpAllowlistFieldName       = "ip_allowlist"
-	deplConfigurationFieldName             = "configuration"
-	deplConfigurationModelFieldName        = "model"
-	deplConfigurationNodeSizeIdFieldName   = "node_size_id"
-	deplConfigurationNodeCountFieldName    = "node_count"
-	deplConfigurationNodeDiskSizeFieldName = "node_disk_size"
+	deplTAndCAcceptedFieldName                     = "terms_and_conditions_accepted"
+	deplProjectFieldName                           = "project"
+	deplNameFieldName                              = "name"
+	deplDescriptionFieldName                       = "description"
+	deplLocationFieldName                          = "location"
+	deplLocationRegionFieldName                    = "region"
+	deplVersionFieldName                           = "version"
+	deplVersionDbVersionFieldName                  = "db_version"
+	deplSecurityFieldName                          = "security"
+	deplSecurityCaCertificateFieldName             = "ca_certificate"
+	deplSecurityIpAllowlistFieldName               = "ip_allowlist"
+	deplSecurityDisableFoxxAuthenticationFieldName = "disable_foxx_authentication"
+	deplConfigurationFieldName                     = "configuration"
+	deplConfigurationModelFieldName                = "model"
+	deplConfigurationNodeSizeIdFieldName           = "node_size_id"
+	deplConfigurationNodeCountFieldName            = "node_count"
+	deplConfigurationNodeDiskSizeFieldName         = "node_disk_size"
 )
 
 func resourceDeployment() *schema.Resource {
@@ -136,6 +138,10 @@ func resourceDeployment() *schema.Resource {
 							Type:     schema.TypeString,
 							Optional: true, // If not set, no allowlist is configured
 						},
+						deplSecurityDisableFoxxAuthenticationFieldName: {
+							Type:     schema.TypeBool,
+							Optional: true, // If not set, defaults to enabling foxx authentication
+						},
 					},
 				},
 			},
@@ -307,8 +313,9 @@ type version struct {
 
 // security is a convenient wrapper around the security schema for easy parsing
 type securityFields struct {
-	caCertificate string
-	ipAllowlist   string
+	caCertificate             string
+	ipAllowlist               string
+	disableFoxxAuthentication bool
 }
 
 // configuration is a convenient wrapper around the configuration schema for easy parsing
@@ -366,13 +373,14 @@ func expandDeploymentResource(d *schema.ResourceData, defaultProject string) (*d
 	}
 
 	return &data.Deployment{
-		Name:          name,
-		Description:   description,
-		ProjectId:     project,
-		RegionId:      loc.region,
-		Version:       ver.dbVersion,
-		Certificates:  &data.Deployment_CertificateSpec{CaCertificateId: sec.caCertificate},
-		IpallowlistId: sec.ipAllowlist,
+		Name:                      name,
+		Description:               description,
+		ProjectId:                 project,
+		RegionId:                  loc.region,
+		Version:                   ver.dbVersion,
+		Certificates:              &data.Deployment_CertificateSpec{CaCertificateId: sec.caCertificate},
+		IpallowlistId:             sec.ipAllowlist,
+		DisableFoxxAuthentication: sec.disableFoxxAuthentication,
 		Model: &data.Deployment_ModelSpec{
 			Model:        conf.model,
 			NodeCount:    int32(conf.nodeCount),
@@ -418,6 +426,9 @@ func expandSecurity(s []interface{}) (sec securityFields) {
 		if i, ok := item[deplSecurityIpAllowlistFieldName]; ok {
 			sec.ipAllowlist = i.(string)
 		}
+		if i, ok := item[deplSecurityDisableFoxxAuthenticationFieldName]; ok {
+			sec.disableFoxxAuthentication = i.(bool)
+		}
 	}
 	return
 }
@@ -500,8 +511,9 @@ func flattenVersion(depl *data.Deployment) []interface{} {
 func flattenSecurity(depl *data.Deployment) []interface{} {
 	return []interface{}{
 		map[string]interface{}{
-			deplSecurityIpAllowlistFieldName:   depl.GetIpallowlistId(),
-			deplSecurityCaCertificateFieldName: depl.GetCertificates().GetCaCertificateId(),
+			deplSecurityIpAllowlistFieldName:               depl.GetIpallowlistId(),
+			deplSecurityCaCertificateFieldName:             depl.GetCertificates().GetCaCertificateId(),
+			deplSecurityDisableFoxxAuthenticationFieldName: depl.GetDisableFoxxAuthentication(),
 		},
 	}
 }

pkg/resource_deployment_test.go

@@ -102,8 +102,62 @@ func TestFlattenDeploymentResource(t *testing.T) {
 		},
 		deplSecurityFieldName: []interface{}{
 			map[string]interface{}{
-				deplSecurityCaCertificateFieldName: "certificate-id",
-				deplSecurityIpAllowlistFieldName:   "ip-allowlist",
+				deplSecurityCaCertificateFieldName:             "certificate-id",
+				deplSecurityIpAllowlistFieldName:               "ip-allowlist",
+				deplSecurityDisableFoxxAuthenticationFieldName: false,
+			},
+		},
+		deplConfigurationFieldName: []interface{}{
+			map[string]interface{}{
+				deplConfigurationModelFieldName:        "oneshard",
+				deplConfigurationNodeSizeIdFieldName:   "a8",
+				deplConfigurationNodeCountFieldName:    3,
+				deplConfigurationNodeDiskSizeFieldName: 32,
+			},
+		},
+	}
+	assert.Equal(t, expected, flattened)
+}
+
+func TestFlattenDeploymentResourceDisableFoxxAuth(t *testing.T) {
+	depl := &data.Deployment{
+		Name:        "test-name",
+		Description: "test-desc",
+		ProjectId:   "123456789",
+		RegionId:    "gcp-europe-west4",
+		Version:     "3.6.0",
+		Certificates: &data.Deployment_CertificateSpec{
+			CaCertificateId: "certificate-id",
+		},
+		IpallowlistId:             "ip-allowlist",
+		DisableFoxxAuthentication: true,
+		Model: &data.Deployment_ModelSpec{
+			Model:        "oneshard",
+			NodeSizeId:   "a8",
+			NodeCount:    3,
+			NodeDiskSize: 32,
+		},
+	}
+	flattened := flattenDeployment(depl)
+	expected := map[string]interface{}{
+		deplProjectFieldName:     "123456789",
+		deplNameFieldName:        "test-name",
+		deplDescriptionFieldName: "test-desc",
+		deplLocationFieldName: []interface{}{
+			map[string]interface{}{
+				deplLocationRegionFieldName: "gcp-europe-west4",
+			},
+		},
+		deplVersionFieldName: []interface{}{
+			map[string]interface{}{
+				deplVersionDbVersionFieldName: "3.6.0",
+			},
+		},
+		deplSecurityFieldName: []interface{}{
+			map[string]interface{}{
+				deplSecurityCaCertificateFieldName:             "certificate-id",
+				deplSecurityIpAllowlistFieldName:               "ip-allowlist",
+				deplSecurityDisableFoxxAuthenticationFieldName: true,
 			},
 		},
 		deplConfigurationFieldName: []interface{}{
@@ -128,7 +182,8 @@ func TestExpandingDeploymentResource(t *testing.T) {
 		Certificates: &data.Deployment_CertificateSpec{
 			CaCertificateId: "certificate-id",
 		},
-		IpallowlistId: "ip-allowlist",
+		IpallowlistId:             "ip-allowlist",
+		DisableFoxxAuthentication: false,
 		Model: &data.Deployment_ModelSpec{
 			Model:        "oneshard",
 			NodeSizeId:   "a8",
@@ -152,8 +207,65 @@ func TestExpandingDeploymentResource(t *testing.T) {
 		},
 		deplSecurityFieldName: []interface{}{
 			map[string]interface{}{
-				deplSecurityCaCertificateFieldName: "certificate-id",
-				deplSecurityIpAllowlistFieldName:   "ip-allowlist",
+				deplSecurityCaCertificateFieldName:             "certificate-id",
+				deplSecurityIpAllowlistFieldName:               "ip-allowlist",
+				deplSecurityDisableFoxxAuthenticationFieldName: false,
+			},
+		},
+		deplConfigurationFieldName: []interface{}{
+			map[string]interface{}{
+				deplConfigurationModelFieldName:        "oneshard",
+				deplConfigurationNodeSizeIdFieldName:   "a8",
+				deplConfigurationNodeCountFieldName:    3,
+				deplConfigurationNodeDiskSizeFieldName: 32,
+			},
+		},
+	}
+	s := resourceDeployment().Schema
+	resourceData := schema.TestResourceDataRaw(t, s, raw)
+	expandedDepl, err := expandDeploymentResource(resourceData, "123456789")
+	assert.NoError(t, err)
+	assert.Equal(t, depl, expandedDepl)
+}
+
+func TestExpandingDeploymentResourceDisableFoxxAuth(t *testing.T) {
+	depl := &data.Deployment{
+		Name:        "test-name",
+		Description: "test-desc",
+		ProjectId:   "123456789",
+		RegionId:    "gcp-europe-west4",
+		Version:     "3.6.0",
+		Certificates: &data.Deployment_CertificateSpec{
+			CaCertificateId: "certificate-id",
+		},
+		IpallowlistId:             "ip-allowlist",
+		DisableFoxxAuthentication: true,
+		Model: &data.Deployment_ModelSpec{
+			Model:        "oneshard",
+			NodeSizeId:   "a8",
+			NodeCount:    3,
+			NodeDiskSize: 32,
+		},
+	}
+	raw := map[string]interface{}{
+		deplProjectFieldName:     "123456789",
+		deplNameFieldName:        "test-name",
+		deplDescriptionFieldName: "test-desc",
+		deplLocationFieldName: []interface{}{
+			map[string]interface{}{
+				deplLocationRegionFieldName: "gcp-europe-west4",
+			},
+		},
+		deplVersionFieldName: []interface{}{
+			map[string]interface{}{
+				deplVersionDbVersionFieldName: "3.6.0",
+			},
+		},
+		deplSecurityFieldName: []interface{}{
+			map[string]interface{}{
+				deplSecurityCaCertificateFieldName:             "certificate-id",
+				deplSecurityIpAllowlistFieldName:               "ip-allowlist",
+				deplSecurityDisableFoxxAuthenticationFieldName: true,
 			},
 		},
 		deplConfigurationFieldName: []interface{}{