-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DXCDT-431: auth0_role_permission
resource
#582
Merged
Merged
Changes from 9 commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
849b804
Merge branch 'main' of https://github.com/auth0/terraform-provider-auth0
willvedd 3b5fa44
Initial commit for auth0_role_permission resource
willvedd 89b8307
Second commit for auth0_role_permission resource
willvedd de6e079
Getting tests to pass
willvedd 4a432e3
Undoing unnecessary testing changes
willvedd dac2aa0
Updating migration guide
willvedd e51f2a3
Merge branch 'main' into DXCDT-431-role-permission-resource
willvedd 175e930
Fixing comment
willvedd d42fc17
Merge branch 'DXCDT-431-role-permission-resource' of https://github.c…
willvedd 0b90cba
Merge branch 'main' of https://github.com/auth0/terraform-provider-au…
willvedd c12c712
Testing changes
willvedd b909573
Tiny improvements to the permission test
sergiught File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
--- | ||
page_title: "Resource: auth0_role_permission" | ||
description: |- | ||
With this resource, you can manage role permissions (1-1). | ||
--- | ||
|
||
# Resource: auth0_role_permission | ||
|
||
With this resource, you can manage role permissions (1-1). | ||
|
||
|
||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `permission` (String) Name of the permission. | ||
- `resource_server_identifier` (String) Identifier of the resource server that the permission is associated with. | ||
- `role_id` (String) ID of the role to associate the permission to. | ||
|
||
### Read-Only | ||
|
||
- `description` (String) Description of the permission. | ||
- `id` (String) The ID of this resource. | ||
- `resource_server_name` (String) Name of the resource server that the permission is associated with. | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,172 @@ | ||
package role | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"net/http" | ||
"strings" | ||
|
||
"github.com/auth0/go-auth0/management" | ||
"github.com/hashicorp/go-multierror" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
|
||
"github.com/auth0/terraform-provider-auth0/internal/config" | ||
) | ||
|
||
// NewPermissionResource will return a new auth0_role_permission resource. | ||
func NewPermissionResource() *schema.Resource { | ||
return &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
"role_id": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
Description: "ID of the role to associate the permission to.", | ||
}, | ||
"permission": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
Description: "Name of the permission.", | ||
}, | ||
"resource_server_identifier": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
Description: "Identifier of the resource server that the permission is associated with.", | ||
}, | ||
"description": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "Description of the permission.", | ||
}, | ||
"resource_server_name": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "Name of the resource server that the permission is associated with.", | ||
}, | ||
}, | ||
CreateContext: createRolePermission, | ||
ReadContext: readRolePermission, | ||
DeleteContext: deleteRolePermission, | ||
Importer: &schema.ResourceImporter{ | ||
StateContext: importRolePermission, | ||
}, | ||
Description: "With this resource, you can manage role permissions (1-1).", | ||
} | ||
} | ||
|
||
func createRolePermission(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
api := meta.(*config.Config).GetAPI() | ||
mutex := meta.(*config.Config).GetMutex() | ||
|
||
roleID := data.Get("role_id").(string) | ||
resourceServerID := data.Get("resource_server_identifier").(string) | ||
permissionName := data.Get("permission").(string) | ||
|
||
mutex.Lock(roleID) | ||
defer mutex.Unlock(roleID) | ||
|
||
if err := api.Role.AssociatePermissions(roleID, []*management.Permission{ | ||
{ | ||
ResourceServerIdentifier: &resourceServerID, | ||
Name: &permissionName, | ||
}, | ||
}); err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
data.SetId(fmt.Sprintf(`%s::%s::%s`, roleID, resourceServerID, permissionName)) | ||
|
||
return readRolePermission(ctx, data, meta) | ||
} | ||
|
||
func readRolePermission(_ context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
api := meta.(*config.Config).GetAPI() | ||
|
||
roleID := data.Get("role_id").(string) | ||
permissionName := data.Get("permission").(string) | ||
resourceServerID := data.Get("resource_server_identifier").(string) | ||
|
||
existingPermissions, err := api.Role.Permissions(roleID) | ||
if err != nil { | ||
if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound { | ||
data.SetId("") | ||
return nil | ||
} | ||
return diag.FromErr(err) | ||
} | ||
|
||
for _, p := range existingPermissions.Permissions { | ||
if p.GetName() == permissionName && p.GetResourceServerIdentifier() == resourceServerID { | ||
result := multierror.Append( | ||
data.Set("description", p.GetDescription()), | ||
data.Set("resource_server_name", p.GetResourceServerName()), | ||
) | ||
return diag.FromErr(result.ErrorOrNil()) | ||
} | ||
} | ||
|
||
data.SetId("") | ||
return nil | ||
} | ||
|
||
func deleteRolePermission(_ context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
api := meta.(*config.Config).GetAPI() | ||
mutex := meta.(*config.Config).GetMutex() | ||
|
||
roleID := data.Get("role_id").(string) | ||
permissionName := data.Get("permission").(string) | ||
resourceServerID := data.Get("resource_server_identifier").(string) | ||
|
||
mutex.Lock(roleID) | ||
defer mutex.Unlock(roleID) | ||
|
||
if err := api.Role.RemovePermissions( | ||
roleID, | ||
[]*management.Permission{ | ||
{ | ||
ResourceServerIdentifier: &resourceServerID, | ||
Name: &permissionName, | ||
}, | ||
}, | ||
); err != nil { | ||
if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound { | ||
data.SetId("") | ||
return nil | ||
} | ||
return diag.FromErr(err) | ||
} | ||
|
||
data.SetId("") | ||
return nil | ||
} | ||
|
||
func importRolePermission( | ||
_ context.Context, | ||
data *schema.ResourceData, | ||
_ interface{}, | ||
) ([]*schema.ResourceData, error) { | ||
rawID := data.Id() | ||
if rawID == "" { | ||
return nil, fmt.Errorf("ID cannot be empty") | ||
} | ||
|
||
if !strings.Contains(rawID, "::") { | ||
return nil, fmt.Errorf("ID must be formatted as <roleID>::<resourceServerIdentifier>::<permission>") | ||
} | ||
|
||
idPair := strings.Split(rawID, "::") | ||
if len(idPair) != 3 { | ||
return nil, fmt.Errorf("ID must be formatted as <roleID>::<resourceServerIdentifier>::<permission>") | ||
} | ||
|
||
result := multierror.Append( | ||
data.Set("role_id", idPair[0]), | ||
data.Set("resource_server_identifier", idPair[1]), | ||
data.Set("permission", idPair[2]), | ||
) | ||
|
||
return []*schema.ResourceData{data}, result.ErrorOrNil() | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quick fix