Merge pull request #11 from permitio/raz/per-7909-terraform-provider-…

…url-mappings-elements-riot add client and resource of proxy config
permitio · Sep 28, 2023 · b72da47 · b72da47
2 parents 5ea8f05 + 2bbc17f
commit b72da47
Show file tree

Hide file tree

Showing 10 changed files with 667 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,8 @@
 example.tf
 terraform.tfplan
 terraform.tfstate
+.terraform.lock.hcl
+.terraform.tfstate.lock.info
 bin/
 dist/
 modules-dev/
@@ -33,4 +35,3 @@ website/vendor
 
 # Keep windows files with windows line endings
 *.winfile eol=crlf
-examples/.terraform.lock.hcl
diff --git a/examples/main.tf b/examples/main.tf
@@ -117,6 +117,44 @@ resource "permitio_condition_set_rule" "allow_privileged_users_to_read_secret_do
   permission   = "document:read"
 }
 
+resource "permitio_proxy_config" "foaz" {
+  key            = "foaz"
+  name           = "Boaz"
+  auth_mechanism = "Basic"
+  auth_secret = {
+    basic = "hello:world"
+  }
+  mapping_rules = [
+    {
+      url         = "https://example.com/documents"
+      http_method = "post"
+      resource    = "document"
+      action      = "read"
+    },
+    {
+      url         = "https://example.com/documents/{project_id}"
+      http_method = "get"
+      resource    = "document"
+      action      = "read"
+    },
+    {
+      url         = "https://example.com/documents/{project_id}"
+      http_method = "put"
+      resource    = "document"
+      action      = "update"
+      headers = {
+        "x-update-id" : "foaz"
+      }
+    },
+    {
+      url         = "https://example.com/documents/{project_id}"
+      http_method = "delete"
+      resource    = "document"
+      action      = "delete"
+    }
+  ]
+}
+
 output "my_resource" {
   value = permitio_role.admin
 }
diff --git a/go.mod b/go.mod
@@ -5,10 +5,11 @@ go 1.19
 require (
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-framework v1.3.5
+	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0
 	github.com/hashicorp/terraform-plugin-go v0.18.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-testing v1.4.0
-	github.com/permitio/permit-golang v0.0.18
+	github.com/permitio/permit-golang v1.0.1
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -180,6 +180,8 @@ github.com/hashicorp/terraform-plugin-docs v0.16.0 h1:UmxFr3AScl6Wged84jndJIfFcc
 github.com/hashicorp/terraform-plugin-docs v0.16.0/go.mod h1:M3ZrlKBJAbPMtNOPwHicGi1c+hZUh7/g0ifT/z7TVfA=
 github.com/hashicorp/terraform-plugin-framework v1.3.5 h1:FJ6s3CVWVAxlhiF/jhy6hzs4AnPHiflsp9KgzTGl1wo=
 github.com/hashicorp/terraform-plugin-framework v1.3.5/go.mod h1:2gGDpWiTI0irr9NSTLFAKlTi6KwGti3AoU19rFqU30o=
+github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 h1:HOjBuMbOEzl7snOdOoUfE2Jgeto6JOjLVQ39Ls2nksc=
+github.com/hashicorp/terraform-plugin-framework-validators v0.12.0/go.mod h1:jfHGE/gzjxYz6XoUwi/aYiiKrJDeutQNUtGQXkaHklg=
 github.com/hashicorp/terraform-plugin-go v0.18.0 h1:IwTkOS9cOW1ehLd/rG0y+u/TGLK9y6fGoBjXVUquzpE=
 github.com/hashicorp/terraform-plugin-go v0.18.0/go.mod h1:l7VK+2u5Kf2y+A+742GX0ouLut3gttudmvMgN0PA74Y=
 github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=
@@ -240,8 +242,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/permitio/permit-golang v0.0.18 h1:94OQF7yTD6CCf72ARkVkXRGjZR7ToFYIkYvACf5nnU0=
-github.com/permitio/permit-golang v0.0.18/go.mod h1:phP2AVSL3bgDKfhhmhPt/VJAN8UUDJoQtVjUKRfY5Ck=
+github.com/permitio/permit-golang v1.0.1 h1:duRb8lmIhVTAa5oGCNU9KnIQgnKmyn0iZ7PVpCXOx8k=
+github.com/permitio/permit-golang v1.0.1/go.mod h1:phP2AVSL3bgDKfhhmhPt/VJAN8UUDJoQtVjUKRfY5Ck=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -11,6 +11,7 @@ import (
 	"github.com/permitio/permit-golang/pkg/permit"
 	conditionsetrules "github.com/permitio/terraform-provider-permit-io/internal/provider/conditionset_rules"
 	"github.com/permitio/terraform-provider-permit-io/internal/provider/conditionsets"
+	"github.com/permitio/terraform-provider-permit-io/internal/provider/proxy_configs"
 	"github.com/permitio/terraform-provider-permit-io/internal/provider/resources"
 	"github.com/permitio/terraform-provider-permit-io/internal/provider/roles"
 	"os"
@@ -146,6 +147,7 @@ func (p *PermitProvider) Resources(_ context.Context) []func() resource.Resource
 		conditionsets.NewUserSetResource,
 		conditionsets.NewResourceSetResource,
 		conditionsetrules.NewConditionSetRuleResource,
+		proxy_configs.NewProxyConfigResource,
 	}
 }
 

diff --git a/internal/provider/proxy_configs/client.go b/internal/provider/proxy_configs/client.go
@@ -0,0 +1,73 @@
+package proxy_configs
+
+import (
+	"context"
+	"github.com/permitio/permit-golang/pkg/permit"
+)
+
+type proxyConfigClient struct {
+	client *permit.Client
+}
+
+func (c *proxyConfigClient) create(ctx context.Context, model proxyConfigModel) (proxyConfigModel, error) {
+	proxyConfigCreate, err := model.toProxyConfigCreate(ctx)
+
+	if err != nil {
+		return proxyConfigModel{}, err
+	}
+
+	proxyConfig, err := c.client.Api.ProxyConfigs.Create(ctx, proxyConfigCreate)
+
+	if err != nil {
+		return proxyConfigModel{}, err
+	}
+
+	resultModel := proxyConfigModel{}
+	resultModel.fromProxyConfigRead(proxyConfig)
+
+	return resultModel, nil
+}
+
+func (c *proxyConfigClient) read(ctx context.Context, model proxyConfigModel) (proxyConfigModel, error) {
+	proxyConfig, err := c.client.Api.ProxyConfigs.Get(ctx, ident(model))
+
+	if err != nil {
+		return proxyConfigModel{}, err
+	}
+
+	resultModel := proxyConfigModel{}
+	resultModel.fromProxyConfigRead(proxyConfig)
+
+	return resultModel, nil
+}
+
+func (c *proxyConfigClient) update(ctx context.Context, model proxyConfigModel) (proxyConfigModel, error) {
+	proxyConfigUpdate, err := model.toProxyConfigUpdate(ctx)
+
+	if err != nil {
+		return proxyConfigModel{}, err
+	}
+
+	proxyConfig, err := c.client.Api.ProxyConfigs.Update(ctx, ident(model), proxyConfigUpdate)
+
+	if err != nil {
+		return proxyConfigModel{}, err
+	}
+
+	resultModel := proxyConfigModel{}
+	resultModel.fromProxyConfigRead(proxyConfig)
+
+	return resultModel, nil
+}
+
+func (c *proxyConfigClient) delete(ctx context.Context, model proxyConfigModel) error {
+	return c.client.Api.ProxyConfigs.Delete(ctx, ident(model))
+}
+
+func ident(model proxyConfigModel) string {
+	if model.Key.IsNull() {
+		return model.Id.ValueString()
+	} else {
+		return model.Key.ValueString()
+	}
+}
diff --git a/internal/provider/proxy_configs/model.go b/internal/provider/proxy_configs/model.go
@@ -0,0 +1,159 @@
+package proxy_configs
+
+import (
+	"context"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/permitio/permit-golang/pkg/models"
+)
+
+type mappingRuleModel struct {
+	Url        types.String `tfsdk:"url"`
+	HttpMethod types.String `tfsdk:"http_method"`
+	Resource   types.String `tfsdk:"resource"`
+	Action     types.String `tfsdk:"action"`
+	Priority   types.Int64  `tfsdk:"priority"`
+	Headers    types.Map    `tfsdk:"headers"`
+}
+
+type authSecretModel struct {
+	Basic   types.String            `tfsdk:"basic"`
+	Bearer  types.String            `tfsdk:"bearer"`
+	Headers map[string]types.String `tfsdk:"headers"`
+}
+
+type proxyConfigModel struct {
+	Id             types.String       `tfsdk:"id"`
+	OrganizationId types.String       `tfsdk:"organization_id"`
+	ProjectId      types.String       `tfsdk:"project_id"`
+	EnvironmentId  types.String       `tfsdk:"environment_id"`
+	Key            types.String       `tfsdk:"key"`
+	Name           types.String       `tfsdk:"name"`
+	AuthMechanism  types.String       `tfsdk:"auth_mechanism"`
+	AuthSecret     authSecretModel    `tfsdk:"auth_secret"`
+	MappingRules   []mappingRuleModel `tfsdk:"mapping_rules"`
+}
+
+func (model *proxyConfigModel) toProxyConfigCreate(ctx context.Context) (models.ProxyConfigCreate, error) {
+	authMech := models.AuthMechanism(model.AuthMechanism.ValueString())
+	mappingRules := make([]models.MappingRule, len(model.MappingRules))
+
+	for i, rule := range model.MappingRules {
+		mappingRules[i] = models.MappingRule{
+			Url:        rule.Url.ValueString(),
+			HttpMethod: models.Methods(rule.HttpMethod.ValueString()),
+			Resource:   rule.Resource.ValueString(),
+			Action:     rule.Action.ValueStringPointer(),
+		}
+
+		if !rule.Priority.IsNull() {
+			priority := int32(rule.Priority.ValueInt64())
+			mappingRules[i].Priority = &priority
+		}
+
+		if !rule.Headers.IsNull() {
+			headers := make(map[string]string)
+
+			for headerKey, headerValue := range rule.Headers.Elements() {
+				tfValue, err := headerValue.ToTerraformValue(ctx)
+
+				if err != nil {
+					return models.ProxyConfigCreate{}, err
+				}
+
+				var strValue string
+				err = tfValue.As(&strValue)
+
+				if err != nil {
+					return models.ProxyConfigCreate{}, err
+				}
+
+				headers[headerKey] = strValue
+			}
+
+			mappingRules[i].Headers = &headers
+		}
+	}
+
+	proxyConfigCreate := models.ProxyConfigCreate{
+		Key:           model.Key.ValueString(),
+		Name:          model.Name.ValueString(),
+		AuthMechanism: &authMech,
+		MappingRules:  mappingRules,
+	}
+
+	switch models.AuthMechanism(model.AuthMechanism.ValueString()) {
+	case models.BASIC:
+		proxyConfigCreate.Secret = model.AuthSecret.Basic.ValueString()
+	case models.BEARER:
+		proxyConfigCreate.Secret = model.AuthSecret.Bearer.ValueString()
+	case models.HEADERS:
+	}
+
+	return proxyConfigCreate, nil
+}
+
+func (model *proxyConfigModel) toProxyConfigUpdate(ctx context.Context) (models.ProxyConfigUpdate, error) {
+	created, err := model.toProxyConfigCreate(ctx)
+
+	if err != nil {
+		return models.ProxyConfigUpdate{}, err
+	}
+
+	return models.ProxyConfigUpdate{
+		Name:          &created.Name,
+		Secret:        &created.Secret,
+		AuthMechanism: created.AuthMechanism,
+		MappingRules:  created.MappingRules,
+	}, nil
+}
+
+func (model *proxyConfigModel) fromProxyConfigRead(sdkModel *models.ProxyConfigRead) {
+	model.Id = types.StringValue(sdkModel.Id)
+	model.OrganizationId = types.StringValue(sdkModel.OrganizationId)
+	model.ProjectId = types.StringValue(sdkModel.ProjectId)
+	model.EnvironmentId = types.StringValue(sdkModel.EnvironmentId)
+	model.Key = types.StringValue(sdkModel.Key)
+	model.Name = types.StringValue(sdkModel.Name)
+	model.AuthMechanism = types.StringValue(string(*sdkModel.AuthMechanism))
+
+	switch *sdkModel.AuthMechanism {
+	case models.BASIC:
+		model.AuthSecret.Basic = types.StringValue(sdkModel.Secret)
+	case models.BEARER:
+		model.AuthSecret.Bearer = types.StringValue(sdkModel.Secret)
+	}
+
+	resultRules := make([]mappingRuleModel, len(sdkModel.MappingRules))
+
+	for i, rule := range sdkModel.MappingRules {
+		resultRules[i] = mappingRuleModel{
+			Url:        types.StringValue(rule.Url),
+			HttpMethod: types.StringValue(string(rule.HttpMethod)),
+			Resource:   types.StringValue(rule.Resource),
+		}
+
+		if rule.Action != nil {
+			resultRules[i].Action = types.StringPointerValue(rule.Action)
+		}
+
+		if rule.Priority != nil {
+			priority := int64(*rule.Priority)
+			resultRules[i].Priority = types.Int64Value(priority)
+		}
+
+		if rule.Headers != nil && len(*rule.Headers) > 0 {
+			headers := make(map[string]attr.Value)
+
+			for headerKey, headerValue := range *rule.Headers {
+				headers[headerKey] = types.StringValue(headerValue)
+			}
+
+			resultRules[i].Headers = types.MapValueMust(types.StringType, headers)
+		} else {
+			resultRules[i].Headers = types.MapNull(types.StringType)
+		}
+	}
+
+	model.MappingRules = resultRules
+}