make org id configurable -> provider users org APIs

cloudflare/provider.go

@@ -4,6 +4,7 @@ import (
 	"log"
 	"os"
 
+	"fmt"
 	"github.com/cloudflare/cloudflare-go"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/terraform"
@@ -30,37 +31,51 @@ func Provider() terraform.ResourceProvider {
 			"rps": &schema.Schema{
 				Type:        schema.TypeInt,
 				Optional:    true,
-				Default:     4,
+				DefaultFunc: schema.EnvDefaultFunc("CLOUDFLARE_RPS", 4),
 				Description: "RPS limit to apply when making calls to the API",
 			},
 
 			"retries": &schema.Schema{
 				Type:        schema.TypeInt,
 				Optional:    true,
-				Default:     3,
+				DefaultFunc: schema.EnvDefaultFunc("CLOUDFLARE_RETRIES", 3),
 				Description: "Maximum number of retries to perform when an API request fails",
 			},
 
 			"min_backoff": &schema.Schema{
 				Type:        schema.TypeInt,
 				Optional:    true,
-				Default:     1,
+				DefaultFunc: schema.EnvDefaultFunc("CLOUDFLARE_MIN_BACKOFF", 1),
 				Description: "Minimum backoff period in seconds after failed API calls",
 			},
 
 			"max_backoff": &schema.Schema{
 				Type:        schema.TypeInt,
 				Optional:    true,
-				Default:     30,
+				DefaultFunc: schema.EnvDefaultFunc("CLOUDFLARE_MAX_BACKOFF", 30),
 				Description: "Maximum backoff period in seconds after failed API calls",
 			},
 
 			"api_client_logging": &schema.Schema{
 				Type:        schema.TypeBool,
 				Optional:    true,
-				Default:     false,
+				DefaultFunc: schema.EnvDefaultFunc("CLOUDFLARE_API_CLIENT_LOGGING", false),
 				Description: "Whether to print logs from the API client (using the default log library logger)",
 			},
+
+			"use_org_from_zone": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("CLOUDFLARE_ORG_ZONE", nil),
+				Description: "If specified zone is owned by an organization, configure API client to always use that organization",
+			},
+
+			"org_id": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("CLOUDFLARE_ORG_ID", nil),
+				Description: "Configure API client to always use that organization. If set this will override 'user_owner_from_zone'",
+			},
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
@@ -95,5 +110,57 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		Options: options,
 	}
 
-	return config.Client()
+	client, err := config.Client()
+	if err != nil {
+		return nil, err
+	}
+
+	if orgId, ok := d.GetOk("org_id"); ok {
+		log.Printf("[INFO] Using specified organization id %s in CloudFlare provider", orgId.(string))
+		options = append(options, cloudflare.UsingOrganization(orgId.(string)))
+	} else if zoneName, ok := d.GetOk("use_org_from_zone"); ok {
+		zoneId, err := client.ZoneIDByName(zoneName.(string))
+		if err != nil {
+			return nil, fmt.Errorf("error finding zone %q: %s", zoneName.(string), err)
+		}
+
+		zone, err := client.ZoneDetails(zoneId)
+		if err != nil {
+			return nil, err
+		}
+		log.Printf("[DEBUG] Looked up zone to match organization details to: %#v", zone)
+
+		orgs, _, err := client.ListOrganizations()
+		if err != nil {
+			return nil, fmt.Errorf("error listing organizations: %s", err.Error())
+		}
+		log.Printf("[DEBUG] Found organizations for current user: %#v", orgs)
+
+		orgIds := make([]string, len(orgs))
+		for _, org := range orgs {
+			orgIds = append(orgIds, org.ID)
+		}
+
+		if contains(orgIds, zone.Owner.ID) {
+			log.Printf("[INFO] Using organization %#v in CloudFlare provider", zone.Owner)
+			options = append(options, cloudflare.UsingOrganization(zone.Owner.ID))
+		} else {
+			log.Printf("[INFO] Zone ownership specified but organization owner not found. Falling back to using user API for CloudFlare provider")
+		}
+	} else {
+		return client, err
+	}
+
+	config = Config{
+		Email:   d.Get("email").(string),
+		Token:   d.Get("token").(string),
+		Options: options,
+	}
+
+	client, err = config.Client()
+	if err != nil {
+		return nil, err
+	}
+
+	return client, err
 }

website/docs/index.html.markdown

@@ -42,9 +42,20 @@ The following arguments are supported:
   specified with the `CLOUDFLARE_EMAIL` shell environment variable.
 * `token` - (Required) The Cloudflare API token. This can also be specified
   with the `CLOUDFLARE_TOKEN` shell environment variable.
-* `rps` - (Optional) RPS limit to apply when making calls to the API. Default: 4.
+* `rps` - (Optional) RPS limit to apply when making calls to the API. Default: 4. 
+  This can also be specified with the `CLOUDFLARE_RPS` shell environment variable.
 * `retries` - (Optional) Maximum number of retries to perform when an API request fails. Default: 3.
+  This can also be specified with the `CLOUDFLARE_RETRIES` shell environment variable.
 * `min_backoff` - (Optional) Minimum backoff period in seconds after failed API calls. Default: 1.
+  This can also be specified with the `CLOUDFLARE_MIN_BACKOFF` shell environment variable.
 * `max_backoff` - (Optional) Maximum backoff period in seconds after failed API calls Default: 30.
+  This can also be specified with the `CLOUDFLARE_MAX_BACKOFF` shell environment variable.
 * `api_client_logging` - (Optional) Whether to print logs from the API client (using the default log library logger). Default: false.
+  This can also be specified with the `CLOUDFLARE_API_CLIENT_LOGGING` shell environment variable.
+* `org_id` - (Optional) Configure API client with this organisation ID, so calls use the organization API rather than the (default) user API.
+  This is required for other users in your organization to have access to the resources you manage.
+  This can also be specified with the `CLOUDFLARE_ORG_ID` shell environment variable.
+* `use_org_from_zone` - (Optional) Takes a zone name value. This is used to lookup the organization ID that owns this zone, 
+  which will be used to configure the API client. If `org_id` is also specified, this field will be ignored.
+  This can also be specified with the `CLOUDFLARE_ORG_ZONE` shell environment variable.