CDPCP-9785 - extend credential prerequisites with policy JSONs

cloudera · Apr 5, 2024 · 989199f · 989199f
1 parent 2b1ab4c
commit 989199f
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 30 deletions.
diff --git a/resources/environments/data_source_aws_credential_prerequisites.go b/resources/environments/data_source_aws_credential_prerequisites.go
@@ -14,14 +14,14 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+
 	"github.com/cloudera/terraform-provider-cdp/cdp-sdk-go/cdp"
 	"github.com/cloudera/terraform-provider-cdp/cdp-sdk-go/gen/environments/client/operations"
 	environmentsmodels "github.com/cloudera/terraform-provider-cdp/cdp-sdk-go/gen/environments/models"
 	"github.com/cloudera/terraform-provider-cdp/utils"
-	"github.com/hashicorp/terraform-plugin-framework/datasource"
-	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
-	"github.com/hashicorp/terraform-plugin-framework/types"
-	"github.com/hashicorp/terraform-plugin-log/tflog"
 )
 
 // Ensure the implementation satisfies the expected interfaces.
@@ -37,13 +37,6 @@ type awsCredentialPrerequisitesDataSource struct {
 	client *cdp.Client
 }
 
-// awsCredentialPrerequisitesDataSourceModel maps the data source schema data.
-type awsCredentialPrerequisitesDataSourceModel struct {
-	ID         types.String `tfsdk:"id"`
-	AccountID  types.String `tfsdk:"account_id"`
-	ExternalID types.String `tfsdk:"external_id"`
-}
-
 // Configure adds the provider configured client to the data source.
 func (d *awsCredentialPrerequisitesDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
 	d.client = utils.GetCdpClientForDataSource(req, resp)
@@ -53,25 +46,6 @@ func (d *awsCredentialPrerequisitesDataSource) Metadata(_ context.Context, req d
 	resp.TypeName = req.ProviderTypeName + "_environments_aws_credential_prerequisites"
 }
 
-func (d *awsCredentialPrerequisitesDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
-	resp.Schema = schema.Schema{
-		MarkdownDescription: "This data source is used to get information required to set up a delegated access role in AWS that can be used to create a CDP credential.",
-		Attributes: map[string]schema.Attribute{
-			"id": schema.StringAttribute{
-				Computed: true,
-			},
-			"account_id": schema.StringAttribute{
-				MarkdownDescription: "The AWS account ID of the identity used by CDP when assuming a delegated access role associated with a CDP credential.",
-				Computed:            true,
-			},
-			"external_id": schema.StringAttribute{
-				MarkdownDescription: "The external ID that will be used when assuming a delegated access role associated with a CDP credential.",
-				Computed:            true,
-			},
-		},
-	}
-}
-
 // Read refreshes the Terraform state with the latest data.
 func (d *awsCredentialPrerequisitesDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
 	var data awsCredentialPrerequisitesDataSourceModel
@@ -111,6 +85,14 @@ func (d *awsCredentialPrerequisitesDataSource) Read(ctx context.Context, req dat
 	data.AccountID = types.StringValue(prerequisites.AccountID)
 	data.ExternalID = types.StringValue(*prerequisites.Aws.ExternalID)
 	data.ID = types.StringValue(prerequisites.AccountID + ":" + *prerequisites.Aws.ExternalID)
+	data.Policy = types.StringPointerValue(prerequisites.Aws.PolicyJSON)
+	data.Policies = make([]*credentialGranularPolicyDataSourceModel, len(prerequisites.Aws.Policies))
+	for i, policy := range prerequisites.Aws.Policies {
+		data.Policies[i] = &credentialGranularPolicyDataSourceModel{
+			Service:    types.StringPointerValue(policy.Service),
+			PolicyJson: types.StringPointerValue(policy.PolicyJSON),
+		}
+	}
 
 	// Save data into Terraform state
 	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)

diff --git a/resources/environments/model_aws_credential_prerequisites.go b/resources/environments/model_aws_credential_prerequisites.go
@@ -0,0 +1,26 @@
+// Copyright 2024 Cloudera. All Rights Reserved.
+//
+// This file is licensed under the Apache License Version 2.0 (the "License").
+// You may not use this file except in compliance with the License.
+// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+//
+// This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+// OF ANY KIND, either express or implied. Refer to the License for the specific
+// permissions and limitations governing your use of the file.
+
+package environments
+
+import "github.com/hashicorp/terraform-plugin-framework/types"
+
+type awsCredentialPrerequisitesDataSourceModel struct {
+	ID         types.String                               `tfsdk:"id"`
+	AccountID  types.String                               `tfsdk:"account_id"`
+	ExternalID types.String                               `tfsdk:"external_id"`
+	Policy     types.String                               `tfsdk:"policy"`
+	Policies   []*credentialGranularPolicyDataSourceModel `tfsdk:"policies"`
+}
+
+type credentialGranularPolicyDataSourceModel struct {
+	Service    types.String `tfsdk:"service"`
+	PolicyJson types.String `tfsdk:"policy_json"`
+}
diff --git a/resources/environments/schema_aws_credential_prerequisites.go b/resources/environments/schema_aws_credential_prerequisites.go
@@ -0,0 +1,56 @@
+// Copyright 2024 Cloudera. All Rights Reserved.
+//
+// This file is licensed under the Apache License Version 2.0 (the "License").
+// You may not use this file except in compliance with the License.
+// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+//
+// This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+// OF ANY KIND, either express or implied. Refer to the License for the specific
+// permissions and limitations governing your use of the file.
+
+package environments
+
+import (
+	"context"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+)
+
+func (d *awsCredentialPrerequisitesDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		MarkdownDescription: "This data source is used to get information required to set up a delegated access role in AWS that can be used to create a CDP credential.",
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Computed: true,
+			},
+			"account_id": schema.StringAttribute{
+				MarkdownDescription: "The AWS account ID of the identity used by CDP when assuming a delegated access role associated with a CDP credential.",
+				Computed:            true,
+			},
+			"external_id": schema.StringAttribute{
+				MarkdownDescription: "The external ID that will be used when assuming a delegated access role associated with a CDP credential.",
+				Computed:            true,
+			},
+			"policy": schema.StringAttribute{
+				MarkdownDescription: "The related policy json encoded in base64",
+				Computed:            true,
+			},
+			"policies": schema.SetNestedAttribute{
+				Computed:            true,
+				MarkdownDescription: "The fine-grained policies related to each service.",
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"service": schema.StringAttribute{
+							Computed:            true,
+							MarkdownDescription: "The name of the service that requires the given policy for resource management.",
+						},
+						"policy_json": schema.StringAttribute{
+							Computed:            true,
+							MarkdownDescription: "The policy JSON encoded in base64.",
+						},
+					},
+				},
+			},
+		},
+	}
+}