forked from aliyun/terraform-provider-alicloud
/
data_source_alicloud_cs_kubernetes_permissions.go
114 lines (103 loc) · 2.97 KB
/
data_source_alicloud_cs_kubernetes_permissions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package alicloud
import (
cs "github.com/alibabacloud-go/cs-20151215/v3/client"
"github.com/alibabacloud-go/tea/tea"
"github.com/gunnerliu/terraform-provider-alicloud/alicloud/connectivity"
"github.com/hashicorp/terraform-plugin-sdk/helper/hashcode"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
)
func dataSourceAlicloudCSKubernetesPermissions() *schema.Resource {
return &schema.Resource{
Read: dataAlicloudCSKubernetesPermissionsRead,
Schema: map[string]*schema.Schema{
"uid": {
Type: schema.TypeString,
Required: true,
},
"permissions": {
Optional: true,
Type: schema.TypeList,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"resource_id": {
Type: schema.TypeString,
Required: true,
},
"resource_type": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{"cluster", "namespace", "console"}, false),
},
"role_name": {
Type: schema.TypeString,
Required: true,
},
"role_type": {
Type: schema.TypeString,
Optional: true,
},
"is_owner": {
Type: schema.TypeBool,
Optional: true,
},
"is_ram_role": {
Type: schema.TypeBool,
Optional: true,
},
},
},
},
},
}
}
func dataAlicloudCSKubernetesPermissionsRead(d *schema.ResourceData, meta interface{}) error {
client, err := meta.(*connectivity.AliyunClient).NewRoaCsClient()
if err != nil {
return WrapErrorf(err, DefaultErrorMsg, ResourceName, "InitializeClient", err)
}
// Query existing permissions, DescribeUserPermission
uid := d.Get("uid").(string)
perms, _err := describeUserPermissions(client, uid)
if _err != nil {
return WrapErrorf(err, DefaultErrorMsg, ResourceName, "DescribeUserPermission", err)
}
_ = d.Set("permissions", flattenPermissionsConfig(perms))
_ = d.Set("uid", uid)
d.SetId(tea.ToString(hashcode.String(uid)))
return nil
}
func describeUserPermissions(client *cs.Client, uid string) ([]*cs.DescribeUserPermissionResponseBody, error) {
resp, err := client.DescribeUserPermission(tea.String(uid))
if err != nil {
return nil, err
}
return resp.Body, nil
}
func flattenPermissionsConfig(permissions []*cs.DescribeUserPermissionResponseBody) (m []map[string]interface{}) {
if permissions == nil {
return []map[string]interface{}{}
}
for _, permission := range permissions {
m = append(m, map[string]interface{}{
"resource_id": permission.ResourceId,
"resource_type": permission.ResourceType,
"role_name": permission.RoleName,
"role_type": permission.RoleType,
"is_owner": convertToBool(permission.IsOwner),
"is_ram_role": convertToBool(permission.IsRamRole),
})
}
return m
}
func convertToBool(i *int64) bool {
in := tea.Int64Value(i)
var b bool
if in == 0 {
b = false
}
if in == 1 {
b = true
}
return b
}