Merge pull request #70 from arangodb-managed/OAS-5164

adoi · web-flow · commit a03749e69be8 · 2022-07-04T13:11:04.000+02:00
Oas 5164 | Add IAM Policy resource to Terraform provider
diff --git a/docs/data-sources/current_user.md b/docs/data-sources/current_user.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "oasis_current_user Data Source - terraform-provider-oasis"
+subcategory: ""
+description: |-
+  Oasis Current User Data Source
+---
+
+# oasis_current_user (Data Source)
+
+Oasis Current User Data Source
+
+## Example Usage
+
+```terraform
+terraform {
+  required_version = ">= 0.13.0"
+  required_providers {
+    oasis = {
+      source  = "arangodb-managed/oasis"
+      version = ">=2.1.2"
+    }
+  }
+}
+
+provider "oasis" {
+  api_key_id     = "" // API Key ID generated in Oasis platform
+  api_key_secret = "" // API Key Secret generated in Oasis platform
+}
+
+// Load in an Oasis Current User within an organization
+data "oasis_current_user" "oasis_test_current_user" {}
+
+// Output the data after it has been synced.
+output "datasets" {
+  value = data.oasis_current_user.oasis_test_current_user
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `email` (String) Current User Data Source Email field
+- `id` (String) Current User Data Source User ID field
+- `name` (String) Current User Data Source Name field
+
+
diff --git a/docs/resources/iam_policy.md b/docs/resources/iam_policy.md
@@ -0,0 +1,94 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "oasis_iam_policy Resource - terraform-provider-oasis"
+subcategory: ""
+description: |-
+  Oasis IAM Policy Resource
+---
+
+# oasis_iam_policy (Resource)
+
+Oasis IAM Policy Resource
+
+## Example Usage
+
+```terraform
+terraform {
+  required_version = ">= 0.13.0"
+  required_providers {
+    oasis = {
+      source  = "arangodb-managed/oasis"
+      version = ">=2.1.2"
+    }
+  }
+}
+
+provider "oasis" {
+  api_key_id     = "" // API Key ID generated in Oasis platform
+  api_key_secret = "" // API Key Secret generated in Oasis platform
+}
+
+// Terraform created organization
+resource "oasis_organization" "oasis_test_organization" {
+  name        = "Terraform Oasis Organization"
+  description = "A test Oasis organization from Terraform Provider"
+}
+
+// Terraform created IAM Group. This resource uses the computed ID value of the
+// previously defined organization resource.
+resource "oasis_iam_group" "my_iam_group" {
+  name         = "Terraform IAM Group"
+  description  = "IAM Group created by Terraform"
+  organization = oasis_organization.oasis_test_organization.id
+}
+
+// Load in an Oasis Current User within an organization
+data "oasis_current_user" "oasis_test_current_user" {}
+
+// Terraform created IAM Policy. This resource uses the computed ID value of the
+// previously defined organization resource and IAM group resource.
+resource "oasis_iam_policy" "my_iam_policy_group" {
+  url = "/Organization/${oasis_organization.oasis_test_organization.id}"
+
+  binding {
+    role  = "auditlog-admin"
+    group = oasis_iam_group.my_iam_group.id
+  }
+
+  binding {
+    role  = "auditlog-archive-viewer"
+    group = oasis_iam_group.my_iam_group.id
+  }
+
+  binding {
+    role = "auditlog-archive-viewer"
+    user = data.oasis_current_user.oasis_test_current_user.id
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `binding` (Block List, Min: 1) IAM Policy Resource IAM Policy Bindings (see [below for nested schema](#nestedblock--binding))
+- `url` (String) IAM Policy Resource IAM Policy URL
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--binding"></a>
+### Nested Schema for `binding`
+
+Required:
+
+- `role` (String) IAM Policy Resource IAM Policy Role
+
+Optional:
+
+- `group` (String) IAM Policy Resource IAM Policy Group
+- `user` (String) IAM Policy Resource IAM Policy User
+
+
diff --git a/docs/resources/private_endpoint.md b/docs/resources/private_endpoint.md
@@ -134,7 +134,7 @@ resource "oasis_private_endpoint" "my_aws_private_endpoint" {
 <a id="nestedblock--aks"></a>
 ### Nested Schema for `aks`
 
-Optional:
+Required:
 
 - `az_client_subscription_ids` (List of String) Private Endpoint Resource Private Endpoint AKS Subscription IDS field (list of subscription ids)
 
diff --git a/examples/data-sources/oasis_current_user/README.md b/examples/data-sources/oasis_current_user/README.md
@@ -0,0 +1,32 @@
+# Example: Current User Data Source
+
+This example shows how to use the Terraform Oasis provider to manage Current User Data Source in Oasis.
+
+## Prerequisites
+
+*This example uses syntax elements specific to Terraform version 0.13+ (tested on Terraform version 1.1.4).
+It will not work out-of-the-box with Terraform 0.12.x and lower (deprecated by Terraform).*
+
+## Environment variables
+Please refer to [Main README](../../README.md) file for all the environment variables you might need.
+
+## Example output
+```
+datasets = {
+  "email" = "test@arangodb.com"
+  "id" = "google-oauth2|781471512049238536110"
+  "name" = "Test Arango"
+}
+```
+
+## Instructions on how to run:
+```
+terraform init
+terraform plan
+terraform apply
+```
+
+To remove the resources created run:
+```
+terraform destroy
+``` 
diff --git a/examples/data-sources/oasis_current_user/data-source.tf b/examples/data-sources/oasis_current_user/data-source.tf
@@ -0,0 +1,22 @@
+terraform {
+  required_version = ">= 0.13.0"
+  required_providers {
+    oasis = {
+      source  = "arangodb-managed/oasis"
+      version = ">=2.1.2"
+    }
+  }
+}
+
+provider "oasis" {
+  api_key_id     = "" // API Key ID generated in Oasis platform
+  api_key_secret = "" // API Key Secret generated in Oasis platform
+}
+
+// Load in an Oasis Current User within an organization
+data "oasis_current_user" "oasis_test_current_user" {}
+
+// Output the data after it has been synced.
+output "datasets" {
+  value = data.oasis_current_user.oasis_test_current_user
+}
diff --git a/examples/resources/oasis_iam_policy/README.md b/examples/resources/oasis_iam_policy/README.md
@@ -0,0 +1,23 @@
+# Example: IAM Policy
+
+This example shows how to use the Terraform Oasis provider to create an IAM Policy for a specific resource within Oasis.
+
+## Prerequisites
+
+*This example uses syntax elements specific to Terraform version 0.13+ (tested on Terraform version 1.1.4).
+It will not work out-of-the-box with Terraform 0.12.x and lower (deprecated by Terraform).*
+
+## Environment variables
+Please refer to [Main README](../../README.md) file for all the environment variables you might need.
+
+## Instructions on how to run:
+```
+terraform init
+terraform plan
+terraform apply
+```
+
+To remove the resources created run:
+```
+terraform destroy
+```
diff --git a/examples/resources/oasis_iam_policy/resource.tf b/examples/resources/oasis_iam_policy/resource.tf
@@ -0,0 +1,52 @@
+terraform {
+  required_version = ">= 0.13.0"
+  required_providers {
+    oasis = {
+      source  = "arangodb-managed/oasis"
+      version = ">=2.1.2"
+    }
+  }
+}
+
+provider "oasis" {
+  api_key_id     = "" // API Key ID generated in Oasis platform
+  api_key_secret = "" // API Key Secret generated in Oasis platform
+}
+
+// Terraform created organization
+resource "oasis_organization" "oasis_test_organization" {
+  name        = "Terraform Oasis Organization"
+  description = "A test Oasis organization from Terraform Provider"
+}
+
+// Terraform created IAM Group. This resource uses the computed ID value of the
+// previously defined organization resource.
+resource "oasis_iam_group" "my_iam_group" {
+  name         = "Terraform IAM Group"
+  description  = "IAM Group created by Terraform"
+  organization = oasis_organization.oasis_test_organization.id
+}
+
+// Load in an Oasis Current User within an organization
+data "oasis_current_user" "oasis_test_current_user" {}
+
+// Terraform created IAM Policy. This resource uses the computed ID value of the
+// previously defined organization resource and IAM group resource.
+resource "oasis_iam_policy" "my_iam_policy_group" {
+  url = "/Organization/${oasis_organization.oasis_test_organization.id}"
+
+  binding {
+    role  = "auditlog-admin"
+    group = oasis_iam_group.my_iam_group.id
+  }
+
+  binding {
+    role  = "auditlog-archive-viewer"
+    group = oasis_iam_group.my_iam_group.id
+  }
+
+  binding {
+    role = "auditlog-archive-viewer"
+    user = data.oasis_current_user.oasis_test_current_user.id
+  }
+}
diff --git a/internal/data_source_current_user.go b/internal/data_source_current_user.go
@@ -0,0 +1,96 @@
+//
+// DISCLAIMER
+//
+// Copyright 2022 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package provider
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	common "github.com/arangodb-managed/apis/common/v1"
+	iam "github.com/arangodb-managed/apis/iam/v1"
+)
+
+const (
+	// current user source fields
+	userIdFieldName    = "id"
+	userEmailFieldName = "email"
+	userNameFieldName  = "name"
+)
+
+// dataSourceOasisCurrentUser defines a Current User datasource terraform type.
+func dataSourceOasisCurrentUser() *schema.Resource {
+	return &schema.Resource{
+		Description: "Oasis Current User Data Source",
+		ReadContext: dataSourceOasisCurrentUserRead,
+
+		Schema: map[string]*schema.Schema{
+			userIdFieldName: {
+				Type:        schema.TypeString,
+				Description: "Current User Data Source User ID field",
+				Optional:    true,
+			},
+			userEmailFieldName: {
+				Type:        schema.TypeString,
+				Description: "Current User Data Source Email field",
+				Optional:    true,
+			},
+			userNameFieldName: {
+				Type:        schema.TypeString,
+				Description: "Current User Data Source Name field",
+				Optional:    true,
+			},
+		},
+	}
+}
+
+// dataSourceOasisCurrentUserRead reloads the resource object from the terraform store.
+func dataSourceOasisCurrentUserRead(ctx context.Context, data *schema.ResourceData, m interface{}) diag.Diagnostics {
+	client := m.(*Client)
+	if err := client.Connect(); err != nil {
+		client.log.Error().Err(err).Msg("Failed to connect to api")
+		return diag.FromErr(err)
+	}
+
+	iamc := iam.NewIAMServiceClient(client.conn)
+	user, err := iamc.GetThisUser(client.ctxWithToken, &common.Empty{})
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	for k, v := range flattenCurrentUserObject(user) {
+		if err := data.Set(k, v); err != nil {
+			return diag.FromErr(err)
+		}
+	}
+	data.SetId(user.GetId())
+	return nil
+}
+
+// flattenCurrentUserObject creates a map from an Oasis Current User for easy digestion by the terraform schema.
+func flattenCurrentUserObject(user *iam.User) map[string]interface{} {
+	return map[string]interface{}{
+		userIdFieldName:    user.GetId(),
+		userEmailFieldName: user.GetEmail(),
+		userNameFieldName:  user.GetName(),
+	}
+}
diff --git a/internal/data_source_current_user_test.go b/internal/data_source_current_user_test.go
diff --git a/internal/provider.go b/internal/provider.go
diff --git a/internal/resource_iam_policy.go b/internal/resource_iam_policy.go
diff --git a/internal/resource_iam_policy_test.go b/internal/resource_iam_policy_test.go
