Skip to content

Commit

Permalink
update tp member in ag
Browse files Browse the repository at this point in the history
  • Loading branch information
hariarla committed Mar 15, 2022
1 parent 6ab4808 commit 21409c9
Show file tree
Hide file tree
Showing 6 changed files with 290 additions and 34 deletions.
14 changes: 10 additions & 4 deletions ibm/flex/structures.go
Original file line number Diff line number Diff line change
Expand Up @@ -1399,9 +1399,10 @@ func StringContains(s []string, str string) bool {
return false
}

func FlattenMembersData(list []iamaccessgroupsv2.ListGroupMembersResponseMember, users []usermanagementv2.UserInfo, serviceids []iamidentityv1.ServiceID) ([]string, []string) {
func FlattenMembersData(list []iamaccessgroupsv2.ListGroupMembersResponseMember, users []usermanagementv2.UserInfo, serviceids []iamidentityv1.ServiceID, profileids []iamidentityv1.TrustedProfile) ([]string, []string, []string) {
var ibmid []string
var serviceid []string
var profileid []string
for _, m := range list {
if *m.Type == "user" {
for _, user := range users {
Expand All @@ -1410,19 +1411,24 @@ func FlattenMembersData(list []iamaccessgroupsv2.ListGroupMembersResponseMember,
break
}
}
} else if *m.Type == "profile" {
for _, prid := range profileids {
if *prid.IamID == *m.IamID {
profileid = append(profileid, *prid.ID)
break
}
}
} else {

for _, srid := range serviceids {
if *srid.IamID == *m.IamID {
serviceid = append(serviceid, *srid.ID)
break
}
}

}

}
return ibmid, serviceid
return ibmid, serviceid, profileid
}

func FlattenAccessGroupMembers(list []iamaccessgroupsv2.ListGroupMembersResponseMember, users []usermanagementv2.UserInfo, serviceids []iamidentityv1.ServiceID) []map[string]interface{} {
Expand Down
31 changes: 30 additions & 1 deletion ibm/service/iamaccessgroup/data_source_ibm_iam_access_group.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ func DataSourceIBMIAMAccessGroup() *schema.Resource {
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"iam_profile_ids": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"rules": {
Type: schema.TypeList,
Computed: true,
Expand Down Expand Up @@ -157,6 +162,29 @@ func dataIBMIAMAccessGroupRead(d *schema.ResourceData, meta interface{}) error {
}
}

profileStart := ""
allprofiles := []iamidentityv1.TrustedProfile{}
var plimit int64 = 100
for {
listProfilesOptions := iamidentityv1.ListProfilesOptions{
AccountID: &userDetails.UserAccount,
Pagesize: &plimit,
}
if profileStart != "" {
listProfilesOptions.Pagetoken = &profileStart
}

profileIDs, resp, err := iamClient.ListProfiles(&listProfilesOptions)
if err != nil {
return fmt.Errorf("[ERROR] Error listing Trusted Profiles %s %s", err, resp)
}
profileStart = flex.GetNextIAM(profileIDs.Next)
allprofiles = append(allprofiles, profileIDs.Profiles...)
if profileStart == "" {
break
}
}

listAccessGroupOption := iamAccessGroupsClient.NewListAccessGroupsOptions(accountID)
retreivedGroups, detailedResponse, err := iamAccessGroupsClient.ListAccessGroups(listAccessGroupOption)
if err != nil {
Expand Down Expand Up @@ -196,14 +224,15 @@ func dataIBMIAMAccessGroupRead(d *schema.ResourceData, meta interface{}) error {
if err != nil {
log.Printf("Error retrieving access group rules: %s. API Response: %s", err, detailedResponse)
}
ibmID, serviceID := flex.FlattenMembersData(members.Members, res, allrecs)
ibmID, serviceID, profileID := flex.FlattenMembersData(members.Members, res, allrecs, allprofiles)

grpInstance := map[string]interface{}{
"id": grp.ID,
"name": grp.Name,
"description": grp.Description,
"ibm_ids": ibmID,
"iam_service_ids": serviceID,
"iam_profile_ids": profileID,
"rules": flex.FlattenAccessGroupRules(rules),
}

Expand Down
148 changes: 136 additions & 12 deletions ibm/service/iamaccessgroup/resource_ibm_iam_access_group_members.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,12 @@ func ResourceIBMIAMAccessGroupMembers() *schema.Resource {
Elem: &schema.Schema{Type: schema.TypeString},
},

"iam_profile_ids": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},

"members": {
Type: schema.TypeList,
Computed: true,
Expand Down Expand Up @@ -82,13 +88,14 @@ func resourceIBMIAMAccessGroupMembersCreate(context context.Context, d *schema.R

accountID := userDetails.UserAccount

var userids, serviceids []string
var userids, serviceids, profileids []string

users := flex.ExpandStringList(d.Get("ibm_ids").(*schema.Set).List())
services := flex.ExpandStringList(d.Get("iam_service_ids").(*schema.Set).List())
profiles := flex.ExpandStringList(d.Get("iam_profile_ids").(*schema.Set).List())

if len(users) == 0 && len(services) == 0 {
return diag.FromErr(fmt.Errorf("ERROR] Provide either `ibm_ids` or `iam_service_ids`"))
if len(users) == 0 && len(services) == 0 && len(profiles) == 0 {
return diag.FromErr(fmt.Errorf("ERROR] Provide either `ibm_ids` or `iam_service_ids` or `iam_profile_ids`"))

}

Expand All @@ -102,7 +109,12 @@ func resourceIBMIAMAccessGroupMembersCreate(context context.Context, d *schema.R
return diag.FromErr(err)
}

members := prepareMemberAddRequest(iamAccessGroupsClient, userids, serviceids)
profileids, err = FlattenProfileIds(profiles, meta)
if err != nil {
return diag.FromErr(err)
}

members := prepareMemberAddRequest(iamAccessGroupsClient, userids, serviceids, profileids)

addMembersToAccessGroupOptions := iamAccessGroupsClient.NewAddMembersToAccessGroupOptions(grpID)
addMembersToAccessGroupOptions.SetMembers(members)
Expand Down Expand Up @@ -196,14 +208,40 @@ func resourceIBMIAMAccessGroupMembersRead(context context.Context, d *schema.Res
}
}

profileStart := ""
allprofiles := []iamidentityv1.TrustedProfile{}
var plimit int64 = 100
for {
listProfilesOptions := iamidentityv1.ListProfilesOptions{
AccountID: &userDetails.UserAccount,
Pagesize: &plimit,
}
if profileStart != "" {
listProfilesOptions.Pagetoken = &profileStart
}

profileIDs, resp, err := iamClient.ListProfiles(&listProfilesOptions)
if err != nil {
return diag.FromErr(fmt.Errorf("[ERROR] Error listing Trusted Profiles %s %s", err, resp))
}
profileStart = flex.GetNextIAM(profileIDs.Next)
allprofiles = append(allprofiles, profileIDs.Profiles...)
if profileStart == "" {
break
}
}

d.Set("members", flex.FlattenAccessGroupMembers(allMembers, res, allrecs))
ibmID, serviceID := flex.FlattenMembersData(allMembers, res, allrecs)
ibmID, serviceID, profileID := flex.FlattenMembersData(allMembers, res, allrecs, allprofiles)
if len(ibmID) > 0 {
d.Set("ibm_ids", ibmID)
}
if len(serviceID) > 0 {
d.Set("iam_service_ids", serviceID)
}
if len(profileID) > 0 {
d.Set("iam_profile_ids", profileID)
}
return nil
}

Expand All @@ -227,7 +265,7 @@ func resourceIBMIAMAccessGroupMembersUpdate(context context.Context, d *schema.R

accountID := userDetails.UserAccount

var removeUsers, addUsers, removeServiceids, addServiceids []string
var removeUsers, addUsers, removeServiceids, addServiceids, removeProfileids, addProfileids []string
o, n := d.GetChange("ibm_ids")
ou := o.(*schema.Set)
nu := n.(*schema.Set)
Expand All @@ -242,8 +280,15 @@ func resourceIBMIAMAccessGroupMembersUpdate(context context.Context, d *schema.R
removeServiceids = flex.ExpandStringList(osi.Difference(nsi).List())
addServiceids = flex.ExpandStringList(nsi.Difference(osi).List())

if len(addUsers) > 0 || len(addServiceids) > 0 && !d.IsNewResource() {
var userids, serviceids []string
op, np := d.GetChange("iam_profile_ids")
opi := op.(*schema.Set)
npi := np.(*schema.Set)

removeProfileids = flex.ExpandStringList(opi.Difference(npi).List())
addProfileids = flex.ExpandStringList(npi.Difference(opi).List())

if len(addUsers) > 0 || len(addServiceids) > 0 || len(addProfileids) > 0 && !d.IsNewResource() {
var userids, serviceids, profileids []string
userids, err = flex.FlattenUserIds(accountID, addUsers, meta)
if err != nil {
return diag.FromErr(err)
Expand All @@ -253,7 +298,13 @@ func resourceIBMIAMAccessGroupMembersUpdate(context context.Context, d *schema.R
if err != nil {
return diag.FromErr(err)
}
members := prepareMemberAddRequest(iamAccessGroupsClient, userids, serviceids)

profileids, err = FlattenProfileIds(addProfileids, meta)
if err != nil {
return diag.FromErr(err)
}

members := prepareMemberAddRequest(iamAccessGroupsClient, userids, serviceids, profileids)

addMembersToAccessGroupOptions := iamAccessGroupsClient.NewAddMembersToAccessGroupOptions(grpID)
addMembersToAccessGroupOptions.SetMembers(members)
Expand All @@ -263,7 +314,7 @@ func resourceIBMIAMAccessGroupMembersUpdate(context context.Context, d *schema.R
}

}
if len(removeUsers) > 0 || len(removeServiceids) > 0 && !d.IsNewResource() {
if len(removeUsers) > 0 || len(removeServiceids) > 0 || len(removeProfileids) > 0 && !d.IsNewResource() {
iamClient, err := meta.(conns.ClientSession).IAMIdentityV1API()
if err != nil {
return diag.FromErr(err)
Expand Down Expand Up @@ -296,6 +347,22 @@ func resourceIBMIAMAccessGroupMembersUpdate(context context.Context, d *schema.R
}

}

for _, p := range removeProfileids {
getProfileOptions := iamidentityv1.GetProfileOptions{
ProfileID: &p,
}
profileID, resp, err := iamClient.GetProfile(&getProfileOptions)
if err != nil || profileID == nil {
return diag.FromErr(fmt.Errorf("ERROR] Error Getting Profile Ids %s %s", err, resp))
}
removeMembersFromAccessGroupOptions := iamAccessGroupsClient.NewRemoveMemberFromAccessGroupOptions(grpID, *profileID.IamID)
detailResponse, err := iamAccessGroupsClient.RemoveMemberFromAccessGroup(removeMembersFromAccessGroupOptions)
if err != nil {
return diag.FromErr(fmt.Errorf("[ERROR] Error removing members to group(%s). API Response: %s", grpID, detailResponse))
}

}
}

return resourceIBMIAMAccessGroupMembersRead(context, d, meta)
Expand Down Expand Up @@ -355,16 +422,36 @@ func resourceIBMIAMAccessGroupMembersDelete(context context.Context, d *schema.R
}
}

profiles := flex.ExpandStringList(d.Get("iam_profile_ids").(*schema.Set).List())

for _, id := range profiles {
profileID, err := getProfileID(id, meta)
if err != nil {
return diag.FromErr(err)
}

removeMembersFromAccessGroupOptions := &iamaccessgroupsv2.RemoveMemberFromAccessGroupOptions{
AccessGroupID: &grpID,
IamID: profileID.IamID,
}
_, err = iamAccessGroupsClient.RemoveMemberFromAccessGroup(removeMembersFromAccessGroupOptions)
if err != nil {
return diag.FromErr(err)
}
}

d.SetId("")

return nil
}

func prepareMemberAddRequest(iamAccessGroupsClient *iamaccessgroupsv2.IamAccessGroupsV2, userIds, serviceIds []string) (members []iamaccessgroupsv2.AddGroupMembersRequestMembersItem) {
members = make([]iamaccessgroupsv2.AddGroupMembersRequestMembersItem, len(userIds)+len(serviceIds))
func prepareMemberAddRequest(iamAccessGroupsClient *iamaccessgroupsv2.IamAccessGroupsV2, userIds, serviceIds, profileIds []string) (members []iamaccessgroupsv2.AddGroupMembersRequestMembersItem) {
members = make([]iamaccessgroupsv2.AddGroupMembersRequestMembersItem, len(userIds)+len(serviceIds)+len(profileIds))
var i = 0
userType := "user"
serviceType := "service"
profileType := "profile"

for _, id := range userIds {
membersItem, err := iamAccessGroupsClient.NewAddGroupMembersRequestMembersItem(id, userType)
if err != nil {
Expand All @@ -382,6 +469,15 @@ func prepareMemberAddRequest(iamAccessGroupsClient *iamaccessgroupsv2.IamAccessG
members[i] = *membersItem
i++
}

for _, id := range profileIds {
membersItem, err := iamAccessGroupsClient.NewAddGroupMembersRequestMembersItem(id, profileType)
if err != nil || membersItem == nil {
log.Printf("Error in preparing membership data. %s", err)
}
members[i] = *membersItem
i++
}
return
}
func getServiceID(id string, meta interface{}) (iamidentityv1.ServiceID, error) {
Expand Down Expand Up @@ -411,3 +507,31 @@ func FlattenServiceIds(services []string, meta interface{}) ([]string, error) {
}
return serviceids, nil
}

func FlattenProfileIds(profiles []string, meta interface{}) ([]string, error) {
profileids := make([]string, len(profiles))
for i, id := range profiles {
profileID, err := getProfileID(id, meta)
if err != nil {
return nil, err
}
profileids[i] = *profileID.IamID
}
return profileids, nil
}

func getProfileID(id string, meta interface{}) (iamidentityv1.TrustedProfile, error) {
profileids := iamidentityv1.TrustedProfile{}
iamClient, err := meta.(conns.ClientSession).IAMIdentityV1API()
if err != nil {
return profileids, err
}
getProfileOptions := iamidentityv1.GetProfileOptions{
ProfileID: &id,
}
profileID, resp, err := iamClient.GetProfile(&getProfileOptions)
if err != nil || profileID == nil {
return profileids, fmt.Errorf("ERROR] Error Getting Profile Ids %s %s", err, resp)
}
return *profileID, nil
}
Loading

0 comments on commit 21409c9

Please sign in to comment.