Read remote info into terraform (#30)

opalsecurity · Sep 1, 2023 · 95a7620 · 95a7620
1 parent 9774f40
commit 95a7620
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 7 deletions.
diff --git a/opal/group.go b/opal/group.go
@@ -300,7 +300,7 @@ func resourceGroupCreate(ctx context.Context, d *schema.ResourceData, m any) dia
 		createInfo.SetDescription(descI.(string))
 	}
 	if remoteInfoI, ok := d.GetOk("remote_info"); ok {
-		remoteInfo, err := parseGroupRemoteInfo(remoteInfoI)
+		remoteInfo, err := groupRemoteInfoTerraformToAPI(remoteInfoI)
 		if err != nil {
 			return diagFromErr(ctx, err)
 		}
@@ -580,6 +580,14 @@ func resourceGroupRead(ctx context.Context, d *schema.ResourceData, m any) diag.
 		return diagFromErr(ctx, err)
 	}
 
+	remoteInfoI, err := groupRemoteInfoAPIToTerraform(group.RemoteInfo)
+	if err != nil {
+		return diagFromErr(ctx, err)
+	}
+	if remoteInfoI != nil {
+		d.Set("remote_info", remoteInfoI)
+	}
+
 	visibility, _, err := client.GroupsApi.GetGroupVisibility(ctx, group.GroupId).Execute()
 	if err != nil {
 		return diagFromErr(ctx, err)

diff --git a/opal/group_remote_info.go b/opal/group_remote_info.go
@@ -163,8 +163,12 @@ func groupRemoteInfoElem() *schema.Resource {
 	}
 }
 
-// NOTE: See comment in `resourceRemoteInfoElem` for why the parsing is so convoluted.
-func parseGroupRemoteInfo(remoteInfoI interface{}) (*opal.GroupRemoteInfo, error) {
+func groupRemoteInfoAPIToTerraform(remoteInfo *opal.GroupRemoteInfo) (interface{}, error) {
+	return remoteInfoAPIToTerraformInternal(remoteInfo)
+}
+
+// NOTE: See comment in `groupRemoteInfoElem` for why the parsing is so convoluted.
+func groupRemoteInfoTerraformToAPI(remoteInfoI interface{}) (*opal.GroupRemoteInfo, error) {
 	remoteInfoIList := remoteInfoI.([]interface{})
 	if len(remoteInfoIList) != 1 {
 		return nil, errors.New("you cannot provide multiple remote_info blobs")

diff --git a/opal/resource.go b/opal/resource.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
-
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -162,6 +161,7 @@ func resourceResource() *schema.Resource {
 				Description: "Remote info that is required for the creation of remote resources.",
 				Type:        schema.TypeList,
 				Optional:    true,
+				Computed:    true,
 				ForceNew:    true,
 				MaxItems:    1,
 				Elem:        resourceRemoteInfoElem(),
@@ -251,7 +251,7 @@ func resourceResourceCreate(ctx context.Context, d *schema.ResourceData, m any)
 	}
 
 	if remoteInfoI, ok := d.GetOk("remote_info"); ok {
-		remoteInfo, err := parseResourceRemoteInfo(remoteInfoI)
+		remoteInfo, err := resourceRemoteInfoTerraformToAPI(remoteInfoI)
 		if err != nil {
 			return diagFromErr(ctx, err)
 		}
@@ -424,6 +424,14 @@ func resourceResourceRead(ctx context.Context, d *schema.ResourceData, m any) di
 		return diagFromErr(ctx, err)
 	}
 
+	remoteInfoI, err := resourceRemoteInfoAPIToTerraform(resource.RemoteInfo)
+	if err != nil {
+		return diagFromErr(ctx, err)
+	}
+	if remoteInfoI != nil {
+		d.Set("remote_info", remoteInfoI)
+	}
+
 	visibility, _, err := client.ResourcesApi.GetResourceVisibility(ctx, resource.ResourceId).Execute()
 	if err != nil {
 		return diagFromErr(ctx, err)

diff --git a/opal/resource_remote_info.go b/opal/resource_remote_info.go
@@ -1,8 +1,8 @@
 package opal
 
 import (
+	"encoding/json"
 	"errors"
-
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/opalsecurity/opal-go"
 )
@@ -443,8 +443,58 @@ func resourceRemoteInfoElem() *schema.Resource {
 	}
 }
 
+func resourceRemoteInfoAPIToTerraform(remoteInfo *opal.ResourceRemoteInfo) (interface{}, error) {
+	return remoteInfoAPIToTerraformInternal(remoteInfo)
+}
+
+// NOTE: See comment in `resourceRemoteInfoElem` for details on the structure we're parsing into
+func remoteInfoAPIToTerraformInternal(remoteInfo interface{}) (interface{}, error) {
+	var remoteInfoMap map[string]map[string]interface{}
+	jsonRemoteInfo, err := json.Marshal(remoteInfo)
+	if err != nil {
+		return nil, err
+	}
+	err = json.Unmarshal(jsonRemoteInfo, &remoteInfoMap)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(remoteInfoMap) == 0 {
+		return nil, nil
+	}
+
+	deprecatedKeysByApp := map[string]map[string]bool{
+		"github_repo": {
+			"repo_id": true,
+		},
+		"github_team": {
+			"team_id": true,
+		},
+	}
+	remoteInfoIList := make([]interface{}, 1)
+	for appKey, remoteInfoRaw := range remoteInfoMap {
+		itemRemoteInfo := map[string]interface{}{}
+		for k, v := range remoteInfoRaw {
+			if deprecatedKeys, ok := deprecatedKeysByApp[appKey]; ok {
+				if _, ok := deprecatedKeys[k]; ok {
+					continue
+				}
+			}
+			itemRemoteInfo[k] = v
+		}
+
+		remoteInfoIList[0] = map[string]interface{}{
+			appKey: []interface{}{
+				itemRemoteInfo,
+			},
+		}
+	}
+
+	return remoteInfoIList, nil
+}
+
 // NOTE: See comment in `resourceRemoteInfoElem` for why the parsing is so convoluted.
-func parseResourceRemoteInfo(remoteInfoI interface{}) (*opal.ResourceRemoteInfo, error) {
+func resourceRemoteInfoTerraformToAPI(remoteInfoI interface{}) (*opal.ResourceRemoteInfo, error) {
 	remoteInfoIList := remoteInfoI.([]interface{})
 	if len(remoteInfoIList) != 1 {
 		return nil, errors.New("you cannot provide multiple remote_info blobs")