astra token generation, resource & data source

phact · phact · commit 8c50c850efe7 · 2021-08-12T22:54:14.000-04:00
diff --git a/docs/resources/token.md b/docs/resources/token.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "astra_token Resource - terraform-provider-astra"
+subcategory: ""
+description: |-
+  astra_token resource represents a token with a specific role assigned.
+---
+
+# astra_token (Resource)
+
+`astra_token` resource represents a token with a specific role assigned.
+
+## Example Usage
+
+```terraform
+resource "astra_token" "example" {
+  roles = ["puppies"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **roles** (List of String) Roles for generated token
+
+### Optional
+
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **client_id** (String) Client id, use as username in cql to connect
+- **secret** (String) Secret, use as password in cql to connect
+- **token** (String) Token, use as auth bearer for API calls or as password in combination with the word `token` in cql
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import astra_token.example client-secret
+```
diff --git a/examples/data-sources/astra_token/data-source.tf b/examples/data-sources/astra_token/data-source.tf
@@ -0,0 +1,3 @@
+data "astra_token" "dev" {
+  client_id = "client-id-here"
+}
diff --git a/examples/resources/astra_token/import.sh b/examples/resources/astra_token/import.sh
@@ -0,0 +1 @@
+terraform import astra_token.example client-secret
diff --git a/examples/resources/astra_token/resource.tf b/examples/resources/astra_token/resource.tf
@@ -0,0 +1,3 @@
+resource "astra_token" "example" {
+  roles = ["puppies"]
+}
diff --git a/internal/provider/data_source_role.go b/internal/provider/data_source_role.go
@@ -12,7 +12,7 @@ func dataSourceRole() *schema.Resource {
 	return &schema.Resource{
 		Description: "`astra_role` provides a datasource that lists the custom roles for an org.",
 
-		ReadContext: dataSourceAccessListRead,
+		ReadContext: dataSourceRoleRead,
 
 		Schema: map[string]*schema.Schema{
 			// Required
diff --git a/internal/provider/data_source_token.go b/internal/provider/data_source_token.go
@@ -0,0 +1,96 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+	"github.com/datastax/astra-client-go/v2/astra"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"strings"
+)
+
+func dataSourceToken() *schema.Resource {
+	return &schema.Resource{
+		Description: "`astra_token` provides a datasource that lists client tokens.",
+
+		ReadContext: dataSourceTokenRead,
+
+		Schema: map[string]*schema.Schema{
+			// Required
+			"client_id": {
+				Description:  "Client ID, system generated",
+				Type:         schema.TypeString,
+				Required:     true,
+			},
+
+			// Computed
+			"results": {
+				Type:        schema.TypeList,
+				Description: "The list of private links that match the search criteria.",
+				Computed:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"client_id": {
+							Description:  "Role name",
+							Type:         schema.TypeString,
+							Required:     true,
+							ForceNew: true,
+						},
+						"roles": {
+							Description:  "Roles for this client",
+							Type:         schema.TypeList,
+							Required:     true,
+							ForceNew: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceTokenRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	fmt.Printf("token data source")
+
+	client := meta.(*astra.ClientWithResponses)
+
+	clientID := d.Get("client_id").(string)
+
+	token, err := listRole(ctx, client, clientID)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	id := token["client_id"].(string)
+	d.SetId(id)
+	if err := d.Set("results", token); err != nil {
+		return diag.FromErr(err)
+	}
+
+
+	return nil
+}
+
+func listToken(ctx context.Context, client *astra.ClientWithResponses, clientID string) (map[string]interface{}, error) {
+	resp, err := client.GetClientsForOrgWithResponse(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	tokens := (*resp.JSON200).(map[string]interface{})["clients"].([]interface{})
+
+	for _, v := range tokens {
+		token := v.(map[string]interface{})
+		if strings.EqualFold(token["clientId"].(string), clientID) {
+			token["client_id"] = token["clientId"]
+			delete(token, "clientId")
+			return token, nil
+		}
+	}
+
+	return nil, err
+}
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -49,6 +49,7 @@ func New(version string) func() *schema.Provider {
 				"astra_private_link_endpoint": resourcePrivateLinkEndpoint(),
 				"astra_access_list": resourceAccessList(),
 				"astra_role": resourceRole(),
+				"astra_token": resourceToken(),
 			},
 			Schema: map[string]*schema.Schema{
 				"token": {
diff --git a/internal/provider/resource_token.go b/internal/provider/resource_token.go
@@ -0,0 +1,156 @@
+package provider
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/datastax/astra-client-go/v2/astra"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceToken() *schema.Resource {
+	return &schema.Resource{
+		Description: "`astra_token` resource represents a token with a specific role assigned.",
+		CreateContext: resourceTokenCreate,
+		ReadContext:   resourceTokenRead,
+		DeleteContext: resourceTokenDelete,
+
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: map[string]*schema.Schema{
+			// Required
+			"roles": {
+				Description:  "Roles for generated token",
+				Type:         schema.TypeList,
+				Required:     true,
+				ForceNew: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"client_id": {
+				Description:  "Client id, use as username in cql to connect",
+				Type:         schema.TypeString,
+				Computed: true,
+			},
+			"secret": {
+				Description:  "Secret, use as password in cql to connect",
+				Type:         schema.TypeString,
+				Computed: true,
+			},
+			"token": {
+				Description:  "Token, use as auth bearer for API calls or as password in combination with the word `token` in cql",
+				Type:         schema.TypeString,
+				Computed: true,
+			},
+
+
+		},
+	}
+}
+
+func resourceTokenCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*astra.ClientWithResponses)
+
+	roles := d.Get("roles").([]interface{})
+
+	rolesList := make([]string, len(roles))
+
+	for k, v := range roles {
+		rolesList[k] = v.(string)
+	}
+
+	tokenJSON := astra.GenerateTokenForClientJSONRequestBody{
+		Roles:        rolesList,
+	}
+	resp, err := client.GenerateTokenForClientWithResponse(ctx,
+		tokenJSON,
+	)
+
+	if err != nil {
+		return diag.FromErr(err)
+	} else if resp.StatusCode() >= 400 {
+		return diag.Errorf("error adding role to org: %s", resp.Body)
+	}
+
+	token := (*resp.JSON200).(map[string]interface{})
+	if err := setTokenData(d, token); err != nil {
+		return diag.FromErr(err)
+	}
+
+
+	return nil
+}
+
+func resourceTokenDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*astra.ClientWithResponses)
+
+	id := d.Id()
+
+	clientID, err := parseTokenID(id)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	client.DeleteTokenForClient(ctx, astra.ClientIdParam(clientID))
+
+	return nil
+}
+
+func resourceTokenRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+	client := meta.(*astra.ClientWithResponses)
+
+	id := d.Id()
+
+	clientID, err := parseTokenID(id)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	token, err := listToken(ctx, client, clientID)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(fmt.Sprintf("%s", clientID))
+	if err := d.Set("client_id", token["client_id"]); err != nil {
+		return diag.FromErr(err)
+	}
+
+	return nil
+
+}
+
+func setTokenData(d *schema.ResourceData, tokenMap map[string]interface{}) error {
+	clientID := tokenMap["clientId"].(string)
+	secret:= tokenMap["secret"].(string)
+	token := tokenMap["token"].(string)
+
+	d.SetId(fmt.Sprintf("%s", clientID))
+
+	if err := d.Set("client_id", clientID); err != nil {
+		return err
+	}
+	if err := d.Set("secret", secret); err != nil {
+		return err
+	}
+	if err := d.Set("token", token); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func parseTokenID(id string) (string, error) {
+	idParts := strings.Split(strings.ToLower(id), "/")
+	if len(idParts) != 1 {
+		return "",  errors.New("invalid token id format: expected clientID/")
+	}
+	return idParts[0],  nil
+}
diff --git a/internal/provider/resource_token_test.go b/internal/provider/resource_token_test.go
@@ -0,0 +1,27 @@
+package provider
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"testing"
+)
+
+func TestToken(t *testing.T){
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTokenConfiguration(),
+			},
+		},
+	})
+}
+
+func testAccTokenConfiguration() string {
+	return fmt.Sprintf(`
+resource "astra_token" "example" {
+  roles = ["puppies"]
+}
+`)
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+data "astra_token" "dev" {`
	`2`	`+ client_id = "client-id-here"`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+terraform import astra_token.example client-secret`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+resource "astra_token" "example" {`
	`2`	`+ roles = ["puppies"]`
	`3`	`+}`