resource_permission draft

kosta709 · kosta709 · commit 612aa5e3ee62 · 2020-07-27T19:42:45.000+03:00
diff --git a/client/permission.go b/client/permission.go
@@ -0,0 +1,120 @@
+package client
+
+import (
+	"fmt"
+)
+
+// Permission spec
+type Permission struct {
+	ID       string     `json:"_id,omitempty"`
+	Team     string     `json:"role,omitempty"`
+	Resource string     `json:"resource,omitempty"`
+	Action   string     `json:"action,omitempty"`
+	Account  string     `json:"account,omitempty"`
+	Tags     []string   `json:"tags,omitempty"`
+}
+
+// GetPermissionList -
+func (client *Client) GetPermissionList(teamID, action, resource string) ([]Permission, error) {
+	fullPath := "/abac"
+	opts := RequestOptions{
+		Path:   fullPath,
+		Method: "GET",
+	}
+
+	resp, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var permissions, permissionsFiltered []Permission
+
+	err = DecodeResponseInto(resp, &permissions)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, p := range permissions {
+		if teamID != "" && p.Team != teamID {
+			continue
+		}
+		if action != "" && p.Action != action {
+			continue
+		}
+		if resource != "" && p.Resource != resource {
+			continue
+		}
+		permissionsFiltered = append(permissionsFiltered, p)		
+	}
+
+	return permissionsFiltered, nil
+}
+
+// GetPermissionByID -
+func (client *Client) GetPermissionByID(id string) (*Permission, error) {
+	fullPath := fmt.Sprintf("/abac/%s", id)
+	opts := RequestOptions{
+		Path:   fullPath,
+		Method: "GET",
+	}
+
+	resp, err := client.RequestAPI(&opts)
+	if err != nil {
+		return nil, err
+	}
+
+	var permission Permission
+	err = DecodeResponseInto(resp, &permission)
+	if err != nil {
+		return nil, err
+	}
+
+	return &permission, nil
+}
+
+// CreatePermision -
+func (client *Client) CreatePermission(permission  *Permission) (*Permission, error) {
+
+	body, err := EncodeToJSON(permission)
+
+	if err != nil {
+		return nil, err
+	}
+	opts := RequestOptions{
+		Path:   "/abac",
+		Method: "POST",
+		Body:   body,
+	}
+
+	resp, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var newPermission Permission
+	err = DecodeResponseInto(resp, &newPermission)
+	if err != nil {
+		return nil, err
+	}
+
+	return &newPermission, nil
+}
+
+// DeletePermission -
+func (client *Client) DeletePermission(id string) error {
+	fullPath := fmt.Sprintf("/abac/%s", id)
+	opts := RequestOptions{
+		Path:   fullPath,
+		Method: "DELETE",
+	}
+
+	_, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/codefresh/provider.go b/codefresh/provider.go
@@ -41,6 +41,7 @@ func Provider() *schema.Provider {
 			"codefresh_idp_accounts":   resourceIDPAccounts(),
 			"codefresh_account_admins": resourceAccountAdmins(),
 			"codefresh_user":           resourceUser(),
+			"codefresh_permission":     resourcePermission(),
 		},
 		ConfigureFunc: configureProvider,
 	}
diff --git a/codefresh/resource_permission.go b/codefresh/resource_permission.go
@@ -0,0 +1,185 @@
+package codefresh
+
+import (
+	"fmt"	
+	cfClient "github.com/codefresh-io/terraform-provider-codefresh/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+)
+
+func resourcePermission() *schema.Resource {
+	return &schema.Resource{
+		Create: resourcePermissionCreate,
+		Read:   resourcePermissionRead,
+		Update: resourcePermissionUpdate,
+		Delete: resourcePermissionDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"team": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"account": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"resource": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) {
+					v := val.(string)
+					if v != "cluster" || v != "pipeline" {
+					  errs = append(errs, fmt.Errorf("%q must be between \"pipeline\" or \"cluster\", got: %s", key, v))
+					}
+					return
+				  },
+			},	
+			"action": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) {
+					v := val.(string)
+					if v != "create" || v != "read" || v != "update" || v != "delete" || v != "approve"  {
+					  errs = append(errs, fmt.Errorf("%q must be between one of create,read,update,delete,approve, got: %s", key, v))
+					}
+					return
+				  },
+			},					
+			"tags": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Default: []string{"*", "untagged"},
+			},
+		},
+	}
+}
+
+func resourcePermissionCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*cfClient.Client)
+
+	permission := *mapResourceToPermission(d)
+
+	resp, err := client.CreatePermission(&permission)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(resp.ID)
+
+	return resourcePermissionRead(d, meta)
+}
+
+func resourcePermissionRead(d *schema.ResourceData, meta interface{}) error {
+
+	client := meta.(*cfClient.Client)
+
+	permissionID := d.Id()
+	if permissionID == "" {
+		d.SetId("")
+		return nil
+	}
+
+	permission, err := client.GetPermissionByID(permissionID)
+	if err != nil {
+		return err
+	}
+
+	err = mapPermissionToResource(permission, d)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourcePermissionUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*cfClient.Client)
+
+	permission := *mapResourceToPermission(d)
+
+
+	// existingPermission, err := client.GetPermissionByID(permission.ID)
+	// if err != nil {
+	// 	return nil
+	// }
+
+	resp, err := client.CreatePermission(&permission)
+	if err != nil {
+		return err
+	}    
+	d.SetId(resp.ID)
+
+	return resourcePermissionRead(d, meta)
+}
+
+func resourcePermissionDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*cfClient.Client)
+
+	err := client.DeletePermission(d.Id())
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func mapPermissionToResource(permission *cfClient.Permission, d *schema.ResourceData) error {
+
+	err := d.Set("_id", permission.ID)
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("team", permission.Team)
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("account", permission.Account)
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("action", permission.Action)
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("resource", permission.Resource)
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("tags", permission.Tags)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func mapResourceToPermission(d *schema.ResourceData) *cfClient.Permission {
+	
+	tags := d.Get("tags").(*schema.Set).List()
+	permission := &cfClient.Permission{
+		ID:      d.Id(),
+		Team:    d.Get("team").(string),
+		Action:  d.Get("action").(string),
+		Resource: d.Get("string").(string),
+		//Account: d.Get("account_id").(string),
+		Tags:    convertStringArr(tags),
+	}
+
+	return permission
+}

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ func Provider() *schema.Provider {`
`41`	`41`	`"codefresh_idp_accounts": resourceIDPAccounts(),`
`42`	`42`	`"codefresh_account_admins": resourceAccountAdmins(),`
`43`	`43`	`"codefresh_user": resourceUser(),`
	`44`	`+ "codefresh_permission": resourcePermission(),`
`44`	`45`	`},`
`45`	`46`	`ConfigureFunc: configureProvider,`
`46`	`47`	`}`