Merge pull request #226 from NetApp/140-new-resource-securityroles

140 new data source securityroles

CHANGELOG.md

@@ -4,6 +4,8 @@ FEATURES:
 * **New Data Source:** `netapp-ontap_volumes_files` ([#8](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/8))
 * **New Data Source:** `netapp-ontap_quota_rules` ([#135](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/135))
 * **New Data Source:** `netapp-ontap_quota_rule` ([#135](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/135))
+* **New Data Source:** `netapp-ontap_security_role` ([#139](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/139))
+* **New Data Source:** `netapp-ontap_security_roles` ([#139](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/139))
 * **New Data Source:** `netapp-ontap_security_login_message` ([#17](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/17))
 * **New Data Source:** `netapp-ontap_security_login_messages` ([#17](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/17))
 * **New Resource:** `netapp-ontap_volume_efficiency_policies` ([#80](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/80))

docs/data-sources/security_role.md

@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netapp-ontap_security_role Data Source - terraform-provider-netapp-ontap"
+subcategory: "Security"
+description: |-
+  Retrieves a Security role
+---
+
+# netapp-ontap_security_role (Data Source)
+
+SecurityRole data source
+
+## Example Usage
+```terraform
+data "netapp-ontap_security_role" "security_role" {
+  # required to know which system to interface with
+  cx_profile_name = "cluster4"
+  name = "vsadmin"
+  svm_name = "acc_test"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cx_profile_name` (String) Connection profile name
+- `name` (String) SecurityRole name
+- `svm_name` (String) IPInterface svm name
+
+### Optional
+
+- `builtin` (Boolean) Indicates if this is a built-in (pre-defined) role which cannot be modified or deleted.
+- `privileges` (Attributes Set) The list of privileges that this role has been granted. (see [below for nested schema](#nestedatt--privileges))
+- `scope` (String) Scope of the entity. Set to 'cluster' for cluster owned objects and to 'svm' for SVM owned objects.
+
+<a id="nestedatt--privileges"></a>
+### Nested Schema for `privileges`
+
+Optional:
+
+- `access` (String) Access level for the REST endpoint or command/command directory path. If it denotes the access level for a command/command directory path, the only supported enum values are 'none','readonly' and 'all'.
+- `path` (String) Either of REST URI/endpoint OR command/command directory path.

docs/data-sources/security_roles.md

@@ -0,0 +1,69 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netapp-ontap_security_roles Data Source - terraform-provider-netapp-ontap"
+subcategory: "Security"
+description: |-
+  Retrieves Security Rules
+---
+
+# netapp-ontap_security_roles (Data Source)
+
+SecurityRules data source
+
+## Example Usage
+data "netapp-ontap_security_roles" "security_roles" {
+  cx_profile_name = "cluster4"
+  filter = {
+    svm_name = "svm_1"
+    scope = "svm"
+  }
+}
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cx_profile_name` (String) Connection profile name
+
+### Optional
+
+- `filter` (Attributes) (see [below for nested schema](#nestedatt--filter))
+
+### Read-Only
+
+- `security_roles` (Attributes List) (see [below for nested schema](#nestedatt--security_roles))
+
+<a id="nestedatt--filter"></a>
+### Nested Schema for `filter`
+
+Optional:
+
+- `name` (String) SecurityRule name
+- `scope` (String) Scope of the entity. Set to 'cluster' for cluster owned objects and to 'svm' for SVM owned objects.
+- `svm_name` (String) SecurityRule svm name
+
+
+<a id="nestedatt--security_roles"></a>
+### Nested Schema for `security_roles`
+
+Required:
+
+- `cx_profile_name` (String) Connection profile name
+- `name` (String) SecurityRule name
+- `svm_name` (String) IPInterface svm name
+
+Optional:
+
+- `builtin` (Boolean) Indicates if this is a built-in (pre-defined) role which cannot be modified or deleted.
+- `privileges` (Attributes Set) The list of privileges that this role has been granted. (see [below for nested schema](#nestedatt--security_roles--privileges))
+- `scope` (String) Scope of the entity. Set to 'cluster' for cluster owned objects and to 'svm' for SVM owned objects.
+
+<a id="nestedatt--security_roles--privileges"></a>
+### Nested Schema for `security_roles.privileges`
+
+Optional:
+
+- `access` (String) Access level for the REST endpoint or command/command directory path. If it denotes the access level for a command/command directory path, the only supported enum values are 'none','readonly' and 'all'.
+- `path` (String) Either of REST URI/endpoint OR command/command directory path.

examples/data-sources/netapp-ontap_security_role/data-source.tf

@@ -0,0 +1,6 @@
+data "netapp-ontap_security_role" "security_role" {
+  # required to know which system to interface with
+  cx_profile_name = "cluster4"
+  name = "vsadmin"
+  svm_name = "acc_test"
+}

examples/data-sources/netapp-ontap_security_role/provider.tf

@@ -0,0 +1 @@
+../../provider/provider.tf

examples/data-sources/netapp-ontap_security_role/terraform.tfvars

@@ -0,0 +1 @@
+../../provider/terraform.tfvars

examples/data-sources/netapp-ontap_security_role/variables.tf

@@ -0,0 +1 @@
+../../provider/variables.tf

examples/data-sources/netapp-ontap_security_roles/data-source.tf

@@ -0,0 +1,8 @@
+data "netapp-ontap_security_roles" "security_roles" {
+  # required to know which system to interface with
+  cx_profile_name = "cluster4"
+  filter = {
+    svm_name = "acc_test"
+    scope = "cluster"
+  }
+}

examples/data-sources/netapp-ontap_security_roles/provider.tf

@@ -0,0 +1 @@
+../../provider/provider.tf

examples/data-sources/netapp-ontap_security_roles/terraform.tfvars

@@ -0,0 +1 @@
+../../provider/terraform.tfvars

examples/data-sources/netapp-ontap_security_roles/variables.tf

@@ -0,0 +1 @@
+../../provider/variables.tf

internal/interfaces/security_role.go

@@ -0,0 +1,131 @@
+package interfaces
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/mitchellh/mapstructure"
+	"github.com/netapp/terraform-provider-netapp-ontap/internal/restclient"
+	"github.com/netapp/terraform-provider-netapp-ontap/internal/utils"
+)
+
+// SecurityRoleGetDataModelONTAP describes the GET record data model using go types for mapping.
+type SecurityRoleGetDataModelONTAP struct {
+	Name       string                   `mapstructure:"name"`
+	UUID       string                   `mapstructure:"uuid"`
+	Owner      SecurityRoleOwner        `mapstructure:"owner"`
+	Privileges []SecurityRolePrivileges `mapstructure:"privileges"`
+	Scope      string                   `mapstructure:"scope"`
+	Builtin    bool                     `mapstructure:"builtin"`
+}
+
+type SecurityRolePrivileges struct {
+	Access string `mapstructure:"access"`
+	Path   string `mapstructure:"path"`
+}
+
+type SecurityRoleOwner struct {
+	Name string `mapstructure:"name"`
+	Id   string `mapstructure:"uuid"`
+}
+
+// SecurityRoleResourceBodyDataModelONTAP describes the body data model using go types for mapping.
+type SecurityRoleResourceBodyDataModelONTAP struct {
+	Name string `mapstructure:"name"`
+	SVM  svm    `mapstructure:"svm"`
+}
+
+// SecurityRoleDataSourceFilterModel describes the data source data model for queries.
+type SecurityRoleDataSourceFilterModel struct {
+	Name    string `mapstructure:"name"`
+	SVMName string `mapstructure:"owner.name"`
+	Scope   string `mapstructure:"scope"`
+}
+
+// GetSecurityRoleByName to get security_role info
+func GetSecurityRoleByName(errorHandler *utils.ErrorHandler, r restclient.RestClient, name string, svmUUID string) (*SecurityRoleGetDataModelONTAP, error) {
+	api := "security/roles/" + svmUUID + "/" + name
+	query := r.NewQuery()
+	query.Set("name", name)
+	query.Fields([]string{"name", "scope", "owner", "privileges", "builtin"})
+	statusCode, response, err := r.GetNilOrOneRecord(api, query, nil)
+	if err == nil && response == nil {
+		err = fmt.Errorf("no response for GET %s", api)
+	}
+	if err != nil {
+		return nil, errorHandler.MakeAndReportError("error reading security_role info", fmt.Sprintf("error on GET %s: %s, statusCode %d", api, err, statusCode))
+	}
+
+	var dataONTAP SecurityRoleGetDataModelONTAP
+	if err := mapstructure.Decode(response, &dataONTAP); err != nil {
+		return nil, errorHandler.MakeAndReportError(fmt.Sprintf("failed to decode response from GET %s", api),
+			fmt.Sprintf("error: %s, statusCode %d, response %#v", err, statusCode, response))
+	}
+	tflog.Debug(errorHandler.Ctx, fmt.Sprintf("Read security_role data source: %#v", dataONTAP))
+	return &dataONTAP, nil
+}
+
+// GetSecurityRoles to get security_role info for all resources matching a filter
+func GetSecurityRoles(errorHandler *utils.ErrorHandler, r restclient.RestClient, filter *SecurityRoleDataSourceFilterModel) ([]SecurityRoleGetDataModelONTAP, error) {
+	api := "security/roles"
+	query := r.NewQuery()
+	query.Fields([]string{"name", "scope", "owner", "privileges", "builtin"})
+	if filter != nil {
+		var filterMap map[string]interface{}
+		if err := mapstructure.Decode(filter, &filterMap); err != nil {
+			return nil, errorHandler.MakeAndReportError("error encoding security_roles filter info", fmt.Sprintf("error on filter %#v: %s", filter, err))
+		}
+		query.SetValues(filterMap)
+	}
+	statusCode, response, err := r.GetZeroOrMoreRecords(api, query, nil)
+	if err == nil && response == nil {
+		err = fmt.Errorf("no response for GET %s", api)
+	}
+	if err != nil {
+		return nil, errorHandler.MakeAndReportError("error reading security_roles info", fmt.Sprintf("error on GET %s: %s, statusCode %d", api, err, statusCode))
+	}
+
+	var dataONTAP []SecurityRoleGetDataModelONTAP
+	for _, info := range response {
+		var record SecurityRoleGetDataModelONTAP
+		if err := mapstructure.Decode(info, &record); err != nil {
+			return nil, errorHandler.MakeAndReportError(fmt.Sprintf("failed to decode response from GET %s", api),
+				fmt.Sprintf("error: %s, statusCode %d, info %#v", err, statusCode, info))
+		}
+		dataONTAP = append(dataONTAP, record)
+	}
+	tflog.Debug(errorHandler.Ctx, fmt.Sprintf("Read security_roles data source: %#v", dataONTAP))
+	return dataONTAP, nil
+}
+
+// CreateSecurityRole to create security_role
+func CreateSecurityRole(errorHandler *utils.ErrorHandler, r restclient.RestClient, body SecurityRoleResourceBodyDataModelONTAP) (*SecurityRoleGetDataModelONTAP, error) {
+	api := "api_url"
+	var bodyMap map[string]interface{}
+	if err := mapstructure.Decode(body, &bodyMap); err != nil {
+		return nil, errorHandler.MakeAndReportError("error encoding security_role body", fmt.Sprintf("error on encoding %s body: %s, body: %#v", api, err, body))
+	}
+	query := r.NewQuery()
+	query.Add("return_records", "true")
+	statusCode, response, err := r.CallCreateMethod(api, query, bodyMap)
+	if err != nil {
+		return nil, errorHandler.MakeAndReportError("error creating security_role", fmt.Sprintf("error on POST %s: %s, statusCode %d", api, err, statusCode))
+	}
+
+	var dataONTAP SecurityRoleGetDataModelONTAP
+	if err := mapstructure.Decode(response.Records[0], &dataONTAP); err != nil {
+		return nil, errorHandler.MakeAndReportError("error decoding security_role info", fmt.Sprintf("error on decode storage/security_roles info: %s, statusCode %d, response %#v", err, statusCode, response))
+	}
+	tflog.Debug(errorHandler.Ctx, fmt.Sprintf("Create security_role source - udata: %#v", dataONTAP))
+	return &dataONTAP, nil
+}
+
+// DeleteSecurityRole to delete security_role
+func DeleteSecurityRole(errorHandler *utils.ErrorHandler, r restclient.RestClient, uuid string) error {
+	api := "api_url"
+	statusCode, _, err := r.CallDeleteMethod(api+"/"+uuid, nil, nil)
+	if err != nil {
+		return errorHandler.MakeAndReportError("error deleting security_role", fmt.Sprintf("error on DELETE %s: %s, statusCode %d", api, err, statusCode))
+	}
+	return nil
+}

internal/provider/provider.go

@@ -232,6 +232,8 @@ func (p *ONTAPProvider) DataSources(ctx context.Context) []func() datasource.Dat
 		protocols.NewProtocolsSanLunMapsDataSource,
 		security.NewSecurityAccountDataSource,
 		security.NewSecurityAccountsDataSource,
+		security.NewSecurityRoleDataSource,
+		security.NewSecurityRolesDataSource,
 		security.NewSecurityLoginMessageDataSource,
 		security.NewSecurityLoginMessagesDataSource,
 		snapmirror.NewSnapmirrorDataSource,