current account

Author: kosta709

Diff for: .gitignore

@@ -1,2 +1,7 @@
 terraform-provider-codefresh
 dist/
+
+**/.terraform
+**/terraform.tfstate
+**/terraform.tfstate.backup
+tests/

Diff for: client/current_account.go

@@ -0,0 +1,87 @@
+package client
+
+import (
+	"fmt"
+	"encoding/json"
+	"github.com/stretchr/objx"
+)
+
+// CurrentAccountUser spec
+type CurrentAccountUser struct {
+	ID       string 
+	UserName string
+	Email    string
+}
+
+// CurrentAccount spec
+type CurrentAccount struct {
+	ID      string
+	Name    string
+	Users   map[string]CurrentAccountUser
+}
+
+// GetCurrentAccount -
+func (client *Client) GetCurrentAccount() (*CurrentAccount, error) {
+
+	// get and parse current account
+	userResp, err := client.RequestAPI(&RequestOptions{
+		Path:   "/user",
+		Method: "GET",
+	})
+	if err != nil {
+		return nil, err
+	}
+
+    currentAccountX, err := objx.FromJSON(string(userResp))
+	if err != nil {
+		return nil, err
+	}
+
+	activeAccountName := currentAccountX.Get("activeAccountName").String()
+	if activeAccountName == "" {
+		return nil, fmt.Errorf("GetCurrentAccount - cannot get activeAccountName")
+	}
+	currentAccount := &CurrentAccount{
+		Name: activeAccountName,
+		Users: make(map[string]CurrentAccountUser),
+	}
+
+	allAccountsI := currentAccountX.Get("account").MSISlice()
+	for _, accI := range(allAccountsI) {
+		accX := objx.New(accI)
+		if accX.Get("name").String() == activeAccountName {
+			currentAccount.ID = accX.Get("id").String()
+			break
+		}
+	}
+	if currentAccount.ID == "" {
+		return nil, fmt.Errorf("GetCurrentAccount - cannot get activeAccountName")
+	}
+
+	// get and parse account users
+	accountUsersResp, err := client.RequestAPI(&RequestOptions{
+		Path:   fmt.Sprintf("/accounts/%s/users", currentAccount.ID),
+		Method: "GET",
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	accountUsersI := make([]interface{}, 0)
+	if e := json.Unmarshal(accountUsersResp, &accountUsersI); e != nil {
+		return nil, fmt.Errorf("Cannot unmarshal accountUsers responce for accountId=%s: %v", currentAccount.ID, e)
+	}
+	for _, userI := range(accountUsersI) {
+		userX := objx.New(userI)
+		userName := userX.Get("userX").String()
+		email := userX.Get("email").String()
+		userID := userX.Get("_id").String()
+		currentAccount.Users[userName] = CurrentAccountUser{
+			ID:       userID,
+			UserName: userName,
+			Email:    email,
+		}
+	}
+
+	return currentAccount, nil
+}

Diff for: codefresh/data_current_account.go

@@ -0,0 +1,76 @@
+package codefresh
+
+import (
+	"fmt"
+	cfClient "github.com/codefresh-io/terraform-provider-codefresh/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceCurrentAccount() *schema.Resource {
+	return &schema.Resource{
+		Read:   dataSourceCurrentAccountRead,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"users": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"email": {
+							Type:     schema.TypeString,
+							Required: true,
+						},						
+					},
+				},
+			}	
+		},
+	}
+}
+
+
+func dataSourceCurrentAccountRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*cfClient.Client)
+	var currentAccount *cfClient.CurrentAccount
+	var err error
+
+	currentAccount, err = client.GetCurrentAccount
+	if err != nil {
+		return err
+	}
+
+	if currentAccount == nil {
+		return fmt.Errorf("data.codefresh_current_account - failed to get current_account")
+	}
+
+    return mapDataCurrentAccountToResource(team, d)
+
+}
+
+func mapDataCurrentAccountToResource(currentAccount *cfClient.CurrentAccount, d *schema.ResourceData) error {
+	
+	if currentAccount == nil || currentAccount.ID == "" {
+		return fmt.Errorf("data.codefresh_current_account - failed to mapDataCurrentAccountToResource")
+	}
+	d.SetId(currentAccount.ID)
+
+	d.Set("id", currentAccount.ID)
+	d.Set("name", currentAccount.Name)	
+	d.Set("users", currentAccount.Users)
+
+	return nil
+}

Diff for: codefresh/resource_team.go

@@ -1,6 +1,7 @@
 package codefresh
 
 import (
+	"fmt"
 	cfClient "github.com/codefresh-io/terraform-provider-codefresh/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
@@ -136,6 +137,9 @@ func resourceTeamDelete(d *schema.ResourceData, meta interface{}) error {
 
 func mapTeamToResource(team *cfClient.Team, d *schema.ResourceData) error {
 
+	if team == nil {
+		return fmt.Errorf("mapTeamToResource - cannot find team")
+	}
 	err := d.Set("name", team.Name)
 	if err != nil {
 		return err

Diff for: docs/modules/account_token.md

@@ -0,0 +1,44 @@
+# modules account_token and account_tokens
+
+To operate with Teams and Permission we should use token generated for Codefresh Account user (not adminCF token)  
+
+
+[account_token](../../tf_modules/account_token) - creates and outputs token of single account, for usage in aliased providers
+
+[account_tokens](../../tf_modules/account_tokens) - creates and outputs token for multiple accounts, for usage in other per-account configurations
+
+### Example - account_token
+```hcl
+module "account_token" "acc1_token" {
+  source = "../../tf_modules/account_token"
+  account_name = "acc1"
+}
+
+provider "codefresh" {
+  alias = "acc1"
+  api_url = var.api_url
+  token = module.change_account.acc1_token.token
+}
+
+resource "codefresh_team" "developers" {
+  provider = codefresh.acc1
+  name = "developers"
+  account_id = data.codefresh_account.acc.id
+
+  users = [
+      data.codefresh_user.user.id
+    ]
+}
+
+resource "codefresh_permission" "permission" {
+  for_each = toset(["run", "create", "update", "delete", "read", "approve"])
+  provider = codefresh.acc1
+  team = codefresh_team.developers.id
+  action = each.value
+  resource = "pipeline"
+  tags = [ "*", "untagged"]
+}
+
+```
+
+### [Example account-tokens](../../examples/account_tokens)

Diff for: docs/modules/accounts_users.md

@@ -0,0 +1,4 @@
+# module account_users 
+
+[accounts_users source](../../tf_modules/accounts_users)
+[accounts_users example](../../examples/accounts_users) 

Diff for: docs/modules/permissions.md

@@ -0,0 +1,2 @@
+# module permissions
+

Diff for: docs/modules/teams.md

@@ -0,0 +1 @@
+# module teams

Diff for: examples/account_tokens/main.tf

@@ -0,0 +1,24 @@
+variable api_url {
+  type = string
+}
+
+# 
+variable token {
+  type = string
+  default = ""
+}
+
+## Set of account names
+variable accounts {
+  type = set(string)
+}
+
+module "account_tokens" {
+    source = "../../tf_modules/account_tokens"
+    api_url = var.api_url
+    accounts = var.accounts
+}
+
+output "account_tokens" {
+    value = module.account_tokens.tokens
+}

Diff for: examples/account_tokens/terraform.tfvars

@@ -0,0 +1,5 @@
+api_url = "https://my-codefresh-example.com/api"
+
+accounts = [
+"acc1", "acc2"
+]

Diff for: go.mod

@@ -9,6 +9,7 @@ require (
 	github.com/hashicorp/terraform-config-inspect v0.0.0-20191212124732-c6ae6269b9d7 // indirect
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.0.0-rc.2.0.20200717132200-7435e2abc9d1
 	github.com/imdario/mergo v0.3.9
+	github.com/stretchr/objx v0.1.1
 	golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 // indirect
 )
 

Diff for: tf_modules/change_account/main.tf renamed to tf_modules/account_token/main.tf

@@ -1,5 +1,7 @@
 data "codefresh_account" "acc" {
-  name = var.account_id
+  name = var.account_name != ""? var.account_name : ""
+  _id = var.account_id != ""? var.account_id : ""
+
 }
 
 resource "random_string" "random" {
@@ -36,4 +38,12 @@ resource "codefresh_api_key" "new" {
 
 output "token" {
   value = codefresh_api_key.new.token
+}
+
+output "account_name" {
+  value = data.codefresh_account.acc.name
+}
+
+output "account_id" {
+  value = data.codefresh_account.acc.id
 }

Diff for: tf_modules/change_account/provider.tf renamed to tf_modules/account_token/provider.tf

@@ -10,4 +10,10 @@ variable token {
 
 variable account_id {
   type = string
+  default = ""
 }
+
+variable account_name {
+  type = string
+  default = ""
+}

Diff for: tf_modules/change_account/vars.tf renamed to tf_modules/account_token/vars.tf

@@ -0,0 +1,45 @@
+data "codefresh_account" "acc" {
+  for_each = var.accounts
+  name = each.value
+}
+
+resource "random_string" "random" {
+  for_each = var.accounts
+  length = 5
+  special = false
+}
+
+resource "codefresh_api_key" "new" {
+  for_each = var.accounts
+  account_id = data.codefresh_account.acc[each.value].id
+  user_id = data.codefresh_account.acc[each.value].admins[0]
+  name = "tfkey_${random_string.random[each.value].result}"
+
+  scopes = [
+    "agent",
+    "agents",
+    "audit",
+    "build",
+    "cluster",
+    "clusters",
+    "environments-v2",
+    "github-action",
+    "helm",
+    "kubernetes",
+    "pipeline",
+    "project",
+    "repos",
+    "runner-installation",
+    "step-type",
+    "step-types",
+    "view",
+    "workflow",
+  ]
+}
+
+output "tokens" {
+  value = {
+    for acc, token in codefresh_api_key.new:
+      acc => token.token
+  }  
+}

Diff for: tf_modules/account_tokens/main.tf

@@ -0,0 +1,4 @@
+provider "codefresh" {
+  api_url = var.api_url
+  token = var.admin_token
+}

Diff for: tf_modules/account_tokens/provider.tf

@@ -0,0 +1,15 @@
+variable api_url {
+  type = string
+}
+
+# 
+variable admin_token {
+  type = string
+  default = ""
+}
+
+
+## Set of account names
+variable accounts {
+  type = set(string)
+}