-
Notifications
You must be signed in to change notification settings - Fork 356
/
resource_service_principal_role.go
32 lines (29 loc) · 1.33 KB
/
resource_service_principal_role.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
package aws
import (
"context"
"fmt"
"github.com/databricks/databricks-sdk-go/apierr"
"github.com/databricks/terraform-provider-databricks/common"
"github.com/databricks/terraform-provider-databricks/scim"
)
// ResourceServicePrincipalRole binds service principal and instance profile
func ResourceServicePrincipalRole() common.Resource {
r := common.NewPairID("service_principal_id", "role").BindResource(common.BindResource{
CreateContext: func(ctx context.Context, servicePrincipalID, role string, c *common.DatabricksClient) error {
return scim.NewServicePrincipalsAPI(ctx, c).Patch(servicePrincipalID, scim.PatchRequestWithValue("add", "roles", role))
},
ReadContext: func(ctx context.Context, servicePrincipalID, roleARN string, c *common.DatabricksClient) error {
servicePrincipal, err := scim.NewServicePrincipalsAPI(ctx, c).Read(servicePrincipalID, "roles")
hasRole := scim.ComplexValues(servicePrincipal.Roles).HasValue(roleARN)
if err == nil && !hasRole {
return apierr.NotFound("Service Principal has no role")
}
return err
},
DeleteContext: func(ctx context.Context, servicePrincipalID, roleARN string, c *common.DatabricksClient) error {
return scim.NewServicePrincipalsAPI(ctx, c).Patch(servicePrincipalID, scim.PatchRequest(
"remove", fmt.Sprintf(`roles[value eq "%s"]`, roleARN)))
},
})
return r
}