Add the Team roles and the role resource

mauromedda · Dec 2, 2018 · 6223c17 · 6223c17
1 parent c4a8d4d
commit 6223c17
Show file tree

Hide file tree

Showing 15 changed files with 1,085 additions and 86 deletions.
diff --git a/LICENSE b/LICENSE
diff --git a/ROADMAP.md b/ROADMAP.md
@@ -4,17 +4,16 @@
 - [x] Create the provider acceptance test
 - [x] Create the provider unit test
 - [x] Create the resource inventory
-      - [x] Create, update, read, delete basic inventory
-      - [x] Load variables
 - [x] Create the inventory group resource and tests
-      - [x] Create, Read, Delete
-      - [x] Update
 - [x] Create the inventory host resource and tests
 - [x] Create inventory tests
-      -  [x] Basic CRUD test acc
+- [x] Basic CRUD test acc
 - [x] Create the resource user
+- [x] Users' role resource
 - [ ] Create the resource credential (HIGH)
-- [ ] Create the resource team (MEDIUM)
+- [ ] Create resource documentation
+- [x] Create the resource team
+- [x] Teams' role resource
 - [ ] Create the resource inventory scripts (MEDIUM)
 - [ ] Create the resurce organization and tests (LOW)
 - [x] Create the resource project and tests

diff --git a/awx/helpers.go b/awx/helpers.go
@@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"fmt"
 
+	"github.com/hashicorp/terraform/helper/schema"
+	awxgo "github.com/mauromedda/awx-go"
 	"gopkg.in/yaml.v2"
 )
 
@@ -53,3 +55,90 @@ func normalizeYaml(s interface{}) string {
 	v, _ := normalizeYamlOk(s)
 	return v
 }
+
+func getRoleID(d *schema.ResourceData, m interface{}) (int, error) {
+	awx := m.(*awxgo.AWX)
+	switch d.Get("resource_type").(string) {
+	case "inventory":
+		awxService := awx.InventoriesService
+		obj, _, err := awxService.ListInventories(map[string]string{
+			"name":         d.Get("resource_name").(string),
+			"organization": d.Get("organization_id").(string),
+		})
+		if err != nil {
+			return 0, err
+		}
+		if d.Get("role").(string) == "admin" {
+			return obj[0].SummaryFields.ObjectRoles.AdminRole.ID, nil
+		} else if d.Get("role").(string) == "use" {
+			return obj[0].SummaryFields.ObjectRoles.UseRole.ID, nil
+		} else if d.Get("role").(string) == "read" {
+			return obj[0].SummaryFields.ObjectRoles.ReadRole.ID, nil
+		} else if d.Get("role").(string) == "update" {
+			return obj[0].SummaryFields.ObjectRoles.UpdateRole.ID, nil
+		} else {
+			return 0, fmt.Errorf("Role not valid for inventory")
+		}
+
+	case "team":
+		awxService := awx.TeamService
+		obj, _, err := awxService.ListTeams(map[string]string{
+			"name":         d.Get("resource_name").(string),
+			"organization": d.Get("organization_id").(string),
+		})
+		if err != nil {
+			return 0, err
+		}
+		if d.Get("role").(string) == "admin" {
+			return obj[0].SummaryFields.ObjectRoles.AdminRole.ID, nil
+		} else if d.Get("role").(string) == "member" {
+			return obj[0].SummaryFields.ObjectRoles.MemberRole.ID, nil
+		} else if d.Get("role").(string) == "read" {
+			return obj[0].SummaryFields.ObjectRoles.ReadRole.ID, nil
+		} else {
+			return 0, fmt.Errorf("Role not valid for team object")
+		}
+	case "organization":
+		return 0, fmt.Errorf("Organization endpoint not implemeneted")
+	case "job_template":
+		awxService := awx.JobTemplateService
+		obj, _, err := awxService.ListJobTemplates(map[string]string{
+			"name": d.Get("resource_name").(string),
+		})
+		if err != nil {
+			return 0, err
+		}
+		if d.Get("role").(string) == "admin" {
+			return obj[0].SummaryFields.ObjectRoles.AdminRole.ID, nil
+		} else if d.Get("role").(string) == "execute" {
+			return obj[0].SummaryFields.ObjectRoles.ExecuteRole.ID, nil
+		} else if d.Get("role").(string) == "read" {
+			return obj[0].SummaryFields.ObjectRoles.ReadRole.ID, nil
+		} else {
+			return 0, fmt.Errorf("Role not valid for Job Template")
+		}
+	case "credential":
+		return 0, fmt.Errorf("Credential endpoint not implemeneted")
+	case "project":
+		awxService := awx.ProjectService
+		obj, _, err := awxService.ListProjects(map[string]string{
+			"name":         d.Get("resource_name").(string),
+			"organization": d.Get("organization_id").(string),
+		})
+		if err != nil {
+			return 0, err
+		}
+		if d.Get("role").(string) == "admin" {
+			return obj[0].SummaryFields.ObjectRoles.AdminRole.ID, nil
+		} else if d.Get("role").(string) == "update" {
+			return obj[0].SummaryFields.ObjectRoles.UpdateRole.ID, nil
+		} else if d.Get("role").(string) == "read" {
+			return obj[0].SummaryFields.ObjectRoles.ReadRole.ID, nil
+		} else if d.Get("role").(string) == "use" {
+			return obj[0].SummaryFields.ObjectRoles.UseRole.ID, nil
+		} else {
+			return 0, fmt.Errorf("Role not valid for Project")
+		}
+	}
+	return 0, fmt.Errorf("Not implemented API endpoint")
+}
diff --git a/awx/provider.go b/awx/provider.go
@@ -55,7 +55,9 @@ func Provider() terraform.ResourceProvider {
 			"awx_project":           resourceProjectObject(),
 			"awx_job_template":      resourceJobTemplateObject(),
 			"awx_user":              resourceUserObject(),
+			"awx_team":              resourceTeamObject(),
 			"awx_user_role":         resourceUserRoleObject(),
+			"awx_team_role":         resourceTeamRoleObject(),
 		},
 
 		ConfigureFunc: providerConfigure,

diff --git a/awx/resource_role_team.go b/awx/resource_role_team.go
@@ -0,0 +1,152 @@
+package awx
+
+import (
+	"fmt"
+	"strconv"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	awxgo "github.com/mauromedda/awx-go"
+)
+
+func resourceTeamRoleObject() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTeamRoleGrant,
+		Read:   resourceTeamRoleRead,
+		Delete: resourceTeamRoleRevoke,
+
+		Schema: map[string]*schema.Schema{
+			"team_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"organization_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"role": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					validResourceTypes := map[string]bool{"admin": true, "read": true, "use": true,
+						"member": true, "execute": true, "adhoc": true, "update": true, "auditor": true}
+					value := v.(string)
+					if !validResourceTypes[value] {
+						errors = append(errors, fmt.Errorf("%q must match one of the valid vaules", k))
+					}
+					return
+				},
+			},
+			"resource_type": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					validResourceTypes := map[string]bool{"inventory": true, "team": true, "organization": true,
+						"job_template": true, "credential": true, "project": true}
+					value := v.(string)
+					if !validResourceTypes[value] {
+						errors = append(errors, fmt.Errorf("%q must match one of inventory, team, organization, job_template, credential or project", k))
+					}
+					return
+				},
+			},
+			"resource_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+		},
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(1 * time.Minute),
+			Delete: schema.DefaultTimeout(1 * time.Minute),
+		},
+	}
+}
+
+func resourceTeamRoleGrant(d *schema.ResourceData, m interface{}) error {
+	awx := m.(*awxgo.AWX)
+	awxService := awx.TeamService
+	_, res, err := awxService.ListTeams(map[string]string{
+		"id": d.Get("team_id").(string)},
+	)
+	if err != nil {
+		return err
+	}
+	if len(res.Results) == 0 {
+		return fmt.Errorf("Team with Id %s doesn't exists",
+			d.Get("team_id").(string))
+	}
+	id, _ := strconv.Atoi(d.Get("team_id").(string))
+	roleID, err := getRoleID(d, m)
+	if err == nil {
+		err = awxService.GrantRole(id, roleID)
+		if err != nil {
+			return err
+		}
+	} else {
+		return err
+	}
+	d.SetId(d.Get("team_id").(string))
+	return resourceTeamRoleRead(d, m)
+
+}
+
+func resourceTeamRoleRevoke(d *schema.ResourceData, m interface{}) error {
+	awx := m.(*awxgo.AWX)
+	awxService := awx.TeamService
+
+	_, res, err := awxService.ListTeams(map[string]string{
+		"id": d.Get("team_id").(string)},
+	)
+	if err != nil {
+		return err
+	}
+	if len(res.Results) == 0 {
+		return fmt.Errorf("Team with Id %s doesn't exists",
+			d.Get("team_id").(string))
+	}
+	roleID, err := getRoleID(d, m)
+	if err == nil {
+		id, _ := strconv.Atoi(d.Get("team_id").(string))
+		err = awxService.RevokeRole(id, roleID)
+		if err != nil {
+			return err
+		}
+	} else {
+		return err
+	}
+	d.SetId("")
+	return resourceTeamRoleRead(d, m)
+}
+
+func resourceTeamRoleRead(d *schema.ResourceData, m interface{}) error {
+	awx := m.(*awxgo.AWX)
+	awxService := awx.TeamService
+	_, res, err := awxService.ListTeams(map[string]string{
+		"id": d.Get("team_id").(string)})
+	if err != nil {
+		return err
+	}
+	if len(res.Results) == 0 {
+		return nil
+	}
+	d = setTeamRoleResourceData(d, res.Results[0])
+	return nil
+}
+
+func setTeamRoleResourceData(d *schema.ResourceData, r *awxgo.Team) *schema.ResourceData {
+	d.Set("name", r.Name)
+	d.Set("team_id", r.ID)
+	d.Set("resource_name", d.Get("resource_name").(string))
+	d.Set("resource_type", d.Get("resource_type").(string))
+	d.Set("role", d.Get("role").(string))
+	return d
+}
diff --git a/awx/resource_role_team_test.go b/awx/resource_role_team_test.go
@@ -0,0 +1,58 @@
+package awx
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// awx_team test case
+func TestAccAWXTeamRole(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { TestAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTeamRoleConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckStateTeamRole("role", "admin"),
+					testAccCheckStateTeamRole("resource_type", "inventory"),
+					testAccCheckStateTeamRole("resource_name", "Demo Inventory"),
+					testAccCheckStateTeamRole("organization_id", "1"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckStateTeamRole(skey, svalue string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources["awx_team_role.testacc-team_role_1"]
+		if !ok {
+			return fmt.Errorf("awx_team_role.testacc-team_role_1 not found")
+		}
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		cr := rs.Primary
+
+		if cr.Attributes[skey] != svalue {
+			return fmt.Errorf("%s != %s (actual: %s)", skey, svalue, cr.Attributes[skey])
+		}
+
+		return nil
+	}
+}
+
+const testAccTeamRoleConfig = `
+resource "awx_team_role" "testacc-team_role_1" {
+	team_id = 4
+	organization_id = 1
+	resource_type = "inventory"
+	resource_name = "Demo Inventory"
+	role = "admin"
+  }
+`