-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathresource_role.go
171 lines (136 loc) · 3.66 KB
/
resource_role.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
package main
import (
"fmt"
"log"
"sort"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/pactflow/terraform/broker"
"github.com/pactflow/terraform/client"
)
func role() *schema.Resource {
return &schema.Resource{
Importer: &schema.ResourceImporter{State: schema.ImportStatePassthrough},
Create: roleCreate,
Read: roleRead,
Update: roleUpdate,
Delete: roleDelete,
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
Description: "Name of the Role",
},
"scopes": {
Type: schema.TypeSet,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Required: true,
Description: "The pre-defined scope to add to the role",
},
"uuid": {
Type: schema.TypeString,
Computed: true,
Description: "Name of the Role",
},
},
}
}
func validateScopes(val interface{}, key string) (warns []string, errs []error) {
v := val.(string)
for _, scope := range broker.AllowedScopes {
if scope == v {
return
}
}
errs = append(errs, fmt.Errorf("%q must be one of the allowed scopes %v, got %v", key, broker.AllowedScopes, v))
return
}
func getRoleFromState(d *schema.ResourceData) broker.Role {
name := d.Get("name").(string)
raw, ok := d.Get("scopes").(*schema.Set)
set := ExpandStringSet(raw)
permissions := make([]broker.Permission, len(set))
if ok && len(set) > 0 {
for i, s := range set {
permissions[i] = broker.Permission{
Scope: s,
}
}
}
return broker.Role{
UUID: d.Id(),
Name: name,
Permissions: permissions,
}
}
func scopesFromUser(u broker.Role) []string {
scopes := make([]string, len(u.Permissions))
for i, p := range u.Permissions {
scopes[i] = p.Scope
}
sort.Strings(scopes)
return scopes
}
func setRoleState(d *schema.ResourceData, r *broker.Role) error {
log.Printf("[DEBUG] setting role state: %v \n", r)
if err := d.Set("uuid", r.UUID); err != nil {
return fmt.Errorf("error creating key 'uuid': %w", err)
}
if err := d.Set("name", r.Name); err != nil {
return fmt.Errorf("error creating key 'name': %w", err)
}
if err := d.Set("scopes", scopesFromUser(*r)); err != nil {
return fmt.Errorf("error creating key 'scopes': %w", err)
}
return nil
}
func roleCreate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*client.Client)
role := getRoleFromState(d)
created, err := client.CreateRole(role)
if err != nil {
return fmt.Errorf("error creating role: %w", err)
}
d.SetId(created.UUID)
if err = setRoleState(d, created); err != nil {
return fmt.Errorf("error setting role state: %w", err)
}
return nil
}
func roleRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*client.Client)
role, err := client.ReadRole(d.Id())
if err != nil {
return fmt.Errorf("error reading role: %w", err)
}
if err = setRoleState(d, role); err != nil {
return fmt.Errorf("error setting role state: %w", err)
}
return nil
}
func roleUpdate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*client.Client)
role := getRoleFromState(d)
updated, err := client.UpdateRole(role)
if err != nil {
return fmt.Errorf("error updating role: %w", err)
}
if err = setRoleState(d, updated); err != nil {
return fmt.Errorf("error setting role state: %w", err)
}
return nil
}
func roleDelete(d *schema.ResourceData, meta interface{}) error {
client := meta.(*client.Client)
uuid := d.Get("uuid").(string)
log.Println("[DEBUG] deleting role for user with UUID:", uuid)
err := client.DeleteRole(broker.Role{
UUID: uuid,
})
if err != nil {
return fmt.Errorf("error deleting role: %w", err)
}
d.SetId("")
return nil
}