-
Notifications
You must be signed in to change notification settings - Fork 102
/
resource_acl_role.go
176 lines (142 loc) · 4.61 KB
/
resource_acl_role.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package nomad
import (
"fmt"
"log"
"strings"
"github.com/hashicorp/nomad/api"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
)
func resourceACLRole() *schema.Resource {
return &schema.Resource{
Create: resourceACLRoleCreate,
Update: resourceACLRoleUpdate,
Delete: resourceACLRoleDelete,
Read: resourceACLRoleRead,
Exists: resourceACLRoleExists,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"name": {
Description: "Unique name for this ACL role.",
Required: true,
Type: schema.TypeString,
},
"description": {
Description: "Description for this ACL role.",
Optional: true,
Type: schema.TypeString,
},
"policy": {
Description: "The policies that should be applied to the role. It may be used multiple times.",
Required: true,
Type: schema.TypeSet,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
Description: "The name of the ACL policy to link.",
},
},
},
},
},
}
}
func resourceACLRoleCreate(d *schema.ResourceData, meta interface{}) error {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
role := generateNomadACLRole(d)
// Create our ACL role.
log.Printf("[DEBUG] Creating ACL role")
aclRoleCreateResp, _, err := client.ACLRoles().Create(role, nil)
if err != nil {
return fmt.Errorf("error creating ACL role: %s", err.Error())
}
d.SetId(aclRoleCreateResp.ID)
log.Printf("[DEBUG] Created ACL role %q", aclRoleCreateResp.ID)
return resourceACLRoleRead(d, meta)
}
func resourceACLRoleUpdate(d *schema.ResourceData, meta interface{}) error {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
role := generateNomadACLRole(d)
// Perform the in-place update of the ACL role.
log.Printf("[DEBUG] Updating ACL Role %q", role.ID)
_, _, err := client.ACLRoles().Update(role, nil)
if err != nil {
return fmt.Errorf("error updating ACL Role %q: %s", role.ID, err.Error())
}
log.Printf("[DEBUG] Updated ACL Role %q", role.ID)
return resourceACLRoleRead(d, meta)
}
func resourceACLRoleDelete(d *schema.ResourceData, meta interface{}) error {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
roleID := d.Id()
// Delete the ACL role.
log.Printf("[DEBUG] Deleting ACL Role %q", roleID)
_, err := client.ACLRoles().Delete(roleID, nil)
if err != nil {
return fmt.Errorf("error deleting ACL Role %q: %s", roleID, err.Error())
}
log.Printf("[DEBUG] Deleted ACL Role %q", roleID)
d.SetId("")
return nil
}
func resourceACLRoleRead(d *schema.ResourceData, meta interface{}) error {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
roleID := d.Id()
// If the role has not been created, the ID will be an empty string which
// means we can skip attempting to perform the lookup.
if roleID == "" {
return nil
}
log.Printf("[DEBUG] Reading ACL Role %q", roleID)
role, _, err := client.ACLRoles().Get(roleID, nil)
if err != nil {
return fmt.Errorf("error reading ACL Role %q: %s", roleID, err.Error())
}
log.Printf("[DEBUG] Read ACL Role %q", roleID)
policies := make([]map[string]interface{}, len(role.Policies))
for i, policyLink := range role.Policies {
policies[i] = map[string]interface{}{"name": policyLink.Name}
}
d.Set("name", role.Name)
d.Set("description", role.Description)
d.Set("policy", policies)
return nil
}
func resourceACLRoleExists(d *schema.ResourceData, meta interface{}) (bool, error) {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
roleID := d.Id()
log.Printf("[DEBUG] Checking if ACL Role %q exists", roleID)
_, _, err := client.ACLRoles().Get(roleID, nil)
if err != nil {
// As of Nomad 0.4.1, the API client returns an error for 404
// rather than a nil result, so we must check this way.
if strings.Contains(err.Error(), "404") {
return false, nil
}
return true, fmt.Errorf("error checking for ACL Role %q: %#v", roleID, err)
}
return true, nil
}
func generateNomadACLRole(d *schema.ResourceData) *api.ACLRole {
policies := make([]*api.ACLRolePolicyLink, 0)
for _, raw := range d.Get("policy").(*schema.Set).List() {
s := raw.(map[string]interface{})
policies = append(policies, &api.ACLRolePolicyLink{Name: s["name"].(string)})
}
return &api.ACLRole{
ID: d.Id(),
Name: d.Get("name").(string),
Description: d.Get("description").(string),
Policies: policies,
}
}