[OP-2308] Added mongodb_role resource (#30)

* Added role commands to mongodb pkg

* tmp

* Implemented role resource

* go get -u

* Added role resource example

* Added more docs and validators

* Removed test code

* Check error from applyRole

* Added acceptance tests

* Run tests with MongoDB

* go fmt

* Check error

* Use localhost

.github/workflows/test.yml

@@ -69,7 +69,12 @@ jobs:
       matrix:
         # list whatever Terraform versions here you would like to support
         tofu:
-          - '1.6.0-alpha5'
+          - '1.6.0'
+    services:
+      mongodb:
+        image: mongo:7
+        ports:
+          - "27017:27017"
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5

Makefile

@@ -10,6 +10,11 @@ generate:
 test:
 	go test ./...
 
+# Run acceptance tests
+.PHONY: testacc
+testacc:
+	TF_ACC=1 go test -count=1 ./...
+
 .PHONY: deps
 deps: deps-npm deps-pip
 

README.md

@@ -39,10 +39,41 @@ To run the tests, run `make test`.
 2. Enter the repository directory
 3. Build the provider using the Go `install` command:
 
+   ```shell
+   go install
+   ```
+
+4. Tell Terraform via `~/.terraformrc` to use the locally built version of the
+   provider: (must use absolute path, Terraform does not understand `~/go/bin`)
+
+   ```terraform
+   // File: ~/.terraformrc
+   provider_installation {
+     dev_overrides {
+       "registry.terraform.io/RiskIdent/mongodb-driver" = "/home/<your username>/go/bin"
+       "registry.opentofu.org/RiskIdent/mongodb-driver" = "/home/<your username>/go/bin"
+     }
+     direct {}
+   }
+   ```
+
+### Testing
+
+First start MongoDB locally, such as via Podman:
+
 ```shell
-go install
+podman run -d --rm -p 27017:27017 --name mongo mongo
 ```
 
+Then run the Go tests with the `TF_ACC=1` environment variable set:
+
+```shell
+TF_ACC=1 go test -count=1 ./...
+```
+
+The MongoDB URI that the tests try to access can be overridden with
+the `MONGODB_URI` environment variable.
+
 ## License
 
 This repository complies with the [REUSE recommendations](https://reuse.software/).

docs/resources/mongodb_role.md

@@ -0,0 +1,116 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "mongodb_role Resource - terraform-provider-mongodb-driver"
+subcategory: ""
+description: |-
+  Role resource
+---
+
+# mongodb_role (Resource)
+
+Role resource
+
+## Example Usage
+
+```terraform
+resource "mongodb_role" "example" {
+  role = "myClusterwideAdmin"
+  db   = "admin"
+  privileges = [
+    {
+      resource = { cluster = true }
+      actions  = ["addShard"]
+    },
+    {
+      resource = { db = "config", collection = "" }
+      actions  = ["find", "update", "insert", "remove"]
+    },
+    {
+      resource = { db = "users", collection = "usersCollection" },
+      actions  = ["update", "insert", "remove"]
+    },
+    {
+      resource = { db = "", collection = "" },
+      actions  = ["find"]
+    }
+  ]
+  roles = [
+    { role = "read", db = "admin" },
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `db` (String) Database this MongoDB role belongs to.
+
+  MongoDB has some restrictions on database names. Such as:
+
+  - Cannot contain any of the following characters (we're following Windows limits): `/\. "$*<>:|?`
+  - Cannot create roles in the `local` database.
+  - Cannot be empty.
+  - Cannot be longer than 64 characters.
+
+  See documentation:
+
+  - <https://www.mongodb.com/docs/manual/reference/command/createRole/#local-database>
+  - <https://www.mongodb.com/docs/v6.0/reference/limits/#naming-restrictions>
+- `role` (String) Rolename for this MongoDB role.
+
+### Optional
+
+- `privileges` (Attributes Set) Privileges this role has. (see [below for nested schema](#nestedatt--privileges))
+- `roles` (Attributes Set) Roles this role inherits privileges from. (see [below for nested schema](#nestedatt--roles))
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
+
+### Read-Only
+
+- `id` (String) Role unique ID in MongoDB. Is composed from the `db` and `role` fields.
+
+<a id="nestedatt--privileges"></a>
+### Nested Schema for `privileges`
+
+Required:
+
+- `actions` (Set of String) Database this role belongs to. Leave unset to target same database as role.
+  See: <https://www.mongodb.com/docs/manual/reference/privilege-actions/>
+- `resource` (Attributes) A document that specifies the resources upon which the privilege `actions` apply.
+
+  Can only supply one of the following attribute combinations:  - only `cluster` attribute, must be set to `true`  - only `any_resource` attribute, must be set to `true`  - only `db` and `collection` attributes (see [below for nested schema](#nestedatt--privileges--resource))
+
+<a id="nestedatt--privileges--resource"></a>
+### Nested Schema for `privileges.resource`
+
+Optional:
+
+- `any_resource` (Boolean) Set to true to target every resource in the system. Intended for internal use. **Do not** use this resource, other than in exceptional circumstances.
+- `cluster` (Boolean) Set to true to target the MongoDB cluster as the resource.
+- `collection` (String) Specify which collection to target. Must be paired with the `db` attribute.
+- `db` (String) Specify which database to target. Must be paired with the `collection` attribute. If both the `db` and `collections` are empty strings (`""`), the resource is all collections, excluding the system collections, in all the databases. If only the `db` attribute is an empty string (`""`), the resource is all collections with the specified `collection` name across all databases.If only the `collection` attribute is an empty string (`""`), the resource is the specified database, excluding the system collections.
+
+
+
+<a id="nestedatt--roles"></a>
+### Nested Schema for `roles`
+
+Required:
+
+- `role` (String) Role name
+
+Optional:
+
+- `db` (String) Database this role belongs to. Leave unset to target same database as role.
+
+
+<a id="nestedatt--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

docs/resources/mongodb_user.md

@@ -44,7 +44,7 @@ resource "mongodb_user" "example" {
   db   = "my-db"
   pwd  = "super-secret-password"
 
-  customData = {
+  custom_data = {
     "my-custom-field" = "my-custom-value"
   }
 }

examples/resources/mongodb_role/resource.tf

@@ -0,0 +1,25 @@
+resource "mongodb_role" "example" {
+  role = "myClusterwideAdmin"
+  db   = "admin"
+  privileges = [
+    {
+      resource = { cluster = true }
+      actions  = ["addShard"]
+    },
+    {
+      resource = { db = "config", collection = "" }
+      actions  = ["find", "update", "insert", "remove"]
+    },
+    {
+      resource = { db = "users", collection = "usersCollection" },
+      actions  = ["update", "insert", "remove"]
+    },
+    {
+      resource = { db = "", collection = "" },
+      actions  = ["find"]
+    }
+  ]
+  roles = [
+    { role = "read", db = "admin" },
+  ]
+}

examples/resources/mongodb_role/resource.tf.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2023 Risk.Ident GmbH <contact@riskident.com>
+
+SPDX-License-Identifier: CC-BY-4.0

examples/resources/mongodb_user/resource.tf

@@ -29,7 +29,7 @@ resource "mongodb_user" "example" {
   db   = "my-db"
   pwd  = "super-secret-password"
 
-  customData = {
+  custom_data = {
     "my-custom-field" = "my-custom-value"
   }
 }

go.mod

@@ -11,68 +11,79 @@ require (
 	github.com/hashicorp/terraform-plugin-framework v1.5.0
 	github.com/hashicorp/terraform-plugin-framework-timeouts v0.4.1
 	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0
+	github.com/hashicorp/terraform-plugin-go v0.20.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
+	github.com/hashicorp/terraform-plugin-testing v1.6.0
 	go.mongodb.org/mongo-driver v1.13.1
 )
 
 require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
-	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/agext/levenshtein v1.2.2 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/uuid v1.3.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.5.0 // indirect
+	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
+	github.com/hashicorp/go-hclog v1.6.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.6.0 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/hc-install v0.5.2 // indirect
-	github.com/hashicorp/terraform-exec v0.18.1 // indirect
-	github.com/hashicorp/terraform-json v0.17.1 // indirect
-	github.com/hashicorp/terraform-plugin-go v0.20.0 // indirect
+	github.com/hashicorp/hc-install v0.6.1 // indirect
+	github.com/hashicorp/hcl/v2 v2.19.1 // indirect
+	github.com/hashicorp/logutils v1.0.0 // indirect
+	github.com/hashicorp/terraform-exec v0.19.0 // indirect
+	github.com/hashicorp/terraform-json v0.18.0 // indirect
+	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 // indirect
 	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/klauspost/compress v1.17.3 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/cli v1.1.5 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/montanaflynn/stats v0.7.1 // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/posener/complete v1.2.3 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
+	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
 	github.com/xdg-go/scram v1.1.2 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
-	github.com/zclconf/go-cty v1.13.2 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
-	golang.org/x/mod v0.11.0 // indirect
-	golang.org/x/net v0.18.0 // indirect
-	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	github.com/zclconf/go-cty v1.14.1 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/exp v0.0.0-20230809150735-7b3493d9a819 // indirect
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
-	google.golang.org/grpc v1.60.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
+	google.golang.org/grpc v1.60.1 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
 )