-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement hsdp_blr_blob_store_policy
Signed-off-by: Andy Lo-A-Foe <[email protected]>
- Loading branch information
Showing
7 changed files
with
305 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
subcategory: "Blob Repository (BLR)" | ||
--- | ||
|
||
# hsdp_blr_bucket | ||
|
||
Retrieve details on a Blob Repository Bucket resource | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "hsdp_blr_bucket" "store" { | ||
name = "bucket-store-1" | ||
} | ||
output "bucket_id" { | ||
value = data.hsdp_connect_mdm_bucket.store.id | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are available: | ||
|
||
* `name` - (Required) The name of the bucket to look up | ||
|
||
## Attribute Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
* `id` - The ID reference of the service action (format: `Bucket/${GUID}`) | ||
* `guid` - The GUID of the bucket | ||
* `cdn_enabled` - CDN enabled or not | ||
* `cache_control_age` - Cache control age settings | ||
* `cors_config_json` - The Bucket CORS configuration in JSON |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
subcategory: "Blob Repository (BLR)" | ||
page_title: "HSDP: hsdp_blr_blob_store_policy" | ||
description: |- | ||
Manages HSDP Connect Blob Store Repository Policies | ||
--- | ||
|
||
# hsdp_blr_blob_store_policy | ||
|
||
Create and manage Blob Repository Policies | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
resource "hsdp_blr_blob_store_policy" "policy" { | ||
statement { | ||
effect = "Allow" | ||
action = ["GET", "PUT", "DELETE"] | ||
principal = ["prn:hsdp:iam:${data.hsdp_iam_org.myorg.id}:${hsdp_connect_mdm_proposition.first.guid}:User/*"] | ||
resource = ["${hsdp_blr_bucket.store.name}/*"] | ||
} | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are available: | ||
|
||
* `statement` - (Required) | ||
* `effect` - (Required, string) Effect of policy [`Allow`, `Deny`] | ||
* `action` - (Required, list(string)) Allowed methods: [`GET`, `PUT`, `DELETE`] | ||
* `principal` - (Required, list(string)) The principals the policy applies to | ||
* `resource` - (Required, list(string)) The resources the policy applies to | ||
|
||
## Attributes reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
* `id` - The ID reference of the service action (format: `BlobStorePolicy/${GUID}`) | ||
* `guid` - The GUID of the bucket |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
224 changes: 224 additions & 0 deletions
224
internal/services/blr/resource_blr_blob_store_policy.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,224 @@ | ||
package blr | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"net/http" | ||
|
||
"github.com/philips-software/go-hsdp-api/blr" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/philips-software/terraform-provider-hsdp/internal/config" | ||
"github.com/philips-software/terraform-provider-hsdp/internal/tools" | ||
) | ||
|
||
func importStatePassthroughSetGuidContext(_ context.Context, d *schema.ResourceData, _ interface{}) ([]*schema.ResourceData, error) { | ||
var id string | ||
count, _ := fmt.Sscanf(d.Id(), "BlobStorePolicy/%s", &id) | ||
if count == 0 { | ||
return []*schema.ResourceData{d}, fmt.Errorf("invalid ID: %s", d.Id()) | ||
} | ||
d.Set("guid", id) | ||
return []*schema.ResourceData{d}, nil | ||
} | ||
|
||
func ResourceBLRBlobStorePolicy() *schema.Resource { | ||
return &schema.Resource{ | ||
Importer: &schema.ResourceImporter{ | ||
StateContext: importStatePassthroughSetGuidContext, | ||
}, | ||
CreateContext: resourceBLRBlobStorePolicyCreate, | ||
ReadContext: resourceBLRBlobStorePolicyRead, | ||
DeleteContext: resourceBLRBlobStorePolicyDelete, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"statement": blobStorePolicyStatementSchema(), | ||
"principal": config.PrincipalSchema(), | ||
"guid": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func policyStatementResource() *schema.Resource { | ||
return &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
"effect": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
}, | ||
"action": { | ||
Type: schema.TypeSet, | ||
MaxItems: 4, | ||
MinItems: 1, | ||
Required: true, | ||
Elem: &schema.Schema{Type: schema.TypeString}, | ||
}, | ||
"principal": { | ||
Type: schema.TypeSet, | ||
MinItems: 1, | ||
MaxItems: 10, | ||
Required: true, | ||
Elem: &schema.Schema{Type: schema.TypeString}, | ||
}, | ||
"resource": { | ||
Type: schema.TypeSet, | ||
MinItems: 1, | ||
MaxItems: 10, | ||
Optional: true, | ||
Elem: &schema.Schema{Type: schema.TypeString}, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func blobStorePolicyStatementSchema() *schema.Schema { | ||
return &schema.Schema{ | ||
Type: schema.TypeSet, | ||
Required: true, | ||
ForceNew: true, | ||
MaxItems: 1, | ||
Elem: policyStatementResource(), | ||
} | ||
} | ||
|
||
func schemaToBlobStorePolicy(d *schema.ResourceData) blr.BlobStorePolicy { | ||
|
||
resource := blr.BlobStorePolicy{ | ||
ResourceType: "Bucket", | ||
Statement: []blr.BlobStorePolicyStatement{}, | ||
} | ||
if v, ok := d.GetOk("statement"); ok { | ||
vL := v.(*schema.Set).List() | ||
for _, entry := range vL { | ||
var statement blr.BlobStorePolicyStatement | ||
mV := entry.(map[string]interface{}) | ||
statement.Effect = mV["effect"].(string) | ||
statement.Action = tools.ExpandStringList(mV["action"].(*schema.Set).List()) | ||
statement.Principal = tools.ExpandStringList(mV["principal"].(*schema.Set).List()) | ||
statement.Resource = tools.ExpandStringList(mV["resource"].(*schema.Set).List()) | ||
resource.Statement = append(resource.Statement, statement) | ||
} | ||
} | ||
return resource | ||
} | ||
|
||
func blobStorePolicyToSchema(resource blr.BlobStorePolicy, d *schema.ResourceData) { | ||
a := &schema.Set{F: schema.HashResource(policyStatementResource())} | ||
entry := make(map[string]interface{}) | ||
entry["effect"] = resource.Statement[0].Effect | ||
entry["action"] = tools.SchemaSetStrings(resource.Statement[0].Action) | ||
entry["principal"] = tools.SchemaSetStrings(resource.Statement[0].Principal) | ||
entry["resource"] = tools.SchemaSetStrings(resource.Statement[0].Resource) | ||
a.Add(entry) | ||
|
||
_ = d.Set("statement", a) | ||
} | ||
|
||
func resourceBLRBlobStorePolicyCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
c := m.(*config.Config) | ||
|
||
principal := config.SchemaToPrincipal(d, m) | ||
|
||
client, err := c.BLRClient(principal) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
resource := schemaToBlobStorePolicy(d) | ||
|
||
var created *blr.BlobStorePolicy | ||
var resp *blr.Response | ||
err = tools.TryHTTPCall(ctx, 5, func() (*http.Response, error) { | ||
var err error | ||
created, resp, err = client.Configurations.CreateBlobStorePolicy(resource) | ||
if err != nil { | ||
_ = client.TokenRefresh() | ||
} | ||
if resp == nil { | ||
return nil, err | ||
} | ||
return resp.Response, err | ||
}) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
if created == nil { | ||
return diag.FromErr(fmt.Errorf("failed to create resource: %d", resp.StatusCode())) | ||
} | ||
_ = d.Set("guid", created.ID) | ||
d.SetId(fmt.Sprintf("BlobStorePolicy/%s", created.ID)) | ||
|
||
return resourceBLRBucketRead(ctx, d, m) | ||
} | ||
|
||
func resourceBLRBlobStorePolicyRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
c := m.(*config.Config) | ||
|
||
var diags diag.Diagnostics | ||
|
||
principal := config.SchemaToPrincipal(d, m) | ||
|
||
client, err := c.BLRClient(principal) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
var id string | ||
_, _ = fmt.Sscanf(d.Id(), "BlobStorePolicy/%s", &id) | ||
var resource *blr.BlobStorePolicy | ||
var resp *blr.Response | ||
err = tools.TryHTTPCall(ctx, 10, func() (*http.Response, error) { | ||
var err error | ||
resource, resp, err = client.Configurations.GetBlobStorePolicyByID(id) | ||
if err != nil { | ||
_ = client.TokenRefresh() | ||
} | ||
if resp == nil { | ||
return nil, err | ||
} | ||
return resp.Response, err | ||
}) | ||
if err != nil { | ||
if resp != nil && (resp.StatusCode() == http.StatusNotFound || resp.StatusCode() == http.StatusGone) { | ||
d.SetId("") | ||
return nil | ||
} | ||
return diag.FromErr(err) | ||
} | ||
blobStorePolicyToSchema(*resource, d) | ||
return diags | ||
} | ||
|
||
func resourceBLRBlobStorePolicyDelete(_ context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
c := m.(*config.Config) | ||
|
||
var diags diag.Diagnostics | ||
|
||
principal := config.SchemaToPrincipal(d, m) | ||
|
||
client, err := c.BLRClient(principal) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
var id string | ||
_, _ = fmt.Sscanf(d.Id(), "BlobStorePolicy/%s", &id) | ||
resource, _, err := client.Configurations.GetBlobStorePolicyByID(id) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
ok, _, err := client.Configurations.DeleteBlobStorePolicy(*resource) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
if !ok { | ||
return diag.FromErr(config.ErrInvalidResponse) | ||
} | ||
d.SetId("") | ||
return diags | ||
} |