mirrors/terraform-provider-proxmox
0
0
Fork 0
mirror of https://github.com/bpg/terraform-provider-proxmox.git synced 2025-07-04 12:32:59 +00:00
Code
20131b0ffc
terraform-provider-proxmox/proxmoxtf/resource/role.go
Pavel Boldyrev 98e1cff7fe
feat: Add firewall resources (#246) 
* refactoring existing cluster / firewall API for better composition

* add basic security groups API
fix linter errors

* add rules API

* fix after renaming resourceVirtualEnvironmentClusterIPSet

* fix linter errors

* make linter happy

* even more refactoring

* tidy up datasources

* in refactoring spree

* update examples

* fix firewall resource/datasource & client error handling

* add ipset(s) datasource

* update docs

* add security group resource with rules

* docs

* fix security group update, TODO: rule update

* fix after rebase

* add rule update, extract common rule schema, refactor group

* fix linter  errors

* bump linter for ci

* make alias and ipset reusable

* make security group reusable

* refactor datasources

* add security group datasources

* fix linter errors

* update docs

TODO: documentation for group datasources

* add sg docs, update doc index

* minor cleanup

* fix examples & tests

* stub for firewall-level options and rules

* extract firewall interface

* add firewall options and rules on the cluster level

TODO: issues with rule list management

* refactor all resources format AGAIN, now more flat, without complex subresources

* sort out hierarchy of APIs and remove duplication in API wrappers

* bring back security group

* finally, working rules

* restore cluster firewall option

* add containers support

* add options

* move rules back under security group, update docs

* fix vm_id / container_id attrs

* add examples

* cleanup

* more cleanup


Release-As: 0.17.0-rc1
2023-04-02 18:01:10 -04:00

159 lines
3.7 KiB
Go
Raw Blame History

/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/
package resource
import (
"context"
"strings"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/bpg/terraform-provider-proxmox/proxmox"
"github.com/bpg/terraform-provider-proxmox/proxmox/types"
"github.com/bpg/terraform-provider-proxmox/proxmoxtf"
)
const (
mkResourceVirtualEnvironmentRolePrivileges = "privileges"
mkResourceVirtualEnvironmentRoleRoleID = "role_id"
)
func Role() *schema.Resource {
return &schema.Resource{
Schema: map[string]*schema.Schema{
mkResourceVirtualEnvironmentRolePrivileges: {
Type: schema.TypeSet,
Description: "The role privileges",
Required: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
mkResourceVirtualEnvironmentRoleRoleID: {
Type: schema.TypeString,
Description: "The role id",
Required: true,
ForceNew: true,
},
},
CreateContext: roleCreate,
ReadContext: roleRead,
UpdateContext: roleUpdate,
DeleteContext: roleDelete,
}
}
func roleCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
config := m.(proxmoxtf.ProviderConfiguration)
veClient, err := config.GetVEClient()
if err != nil {
return diag.FromErr(err)
}
privileges := d.Get(mkResourceVirtualEnvironmentRolePrivileges).(*schema.Set).List()
customPrivileges := make(types.CustomPrivileges, len(privileges))
roleID := d.Get(mkResourceVirtualEnvironmentRoleRoleID).(string)
for i, v := range privileges {
customPrivileges[i] = v.(string)
}
body := &proxmox.VirtualEnvironmentRoleCreateRequestBody{
ID: roleID,
Privileges: customPrivileges,
}
err = veClient.CreateRole(ctx, body)
if err != nil {
return diag.FromErr(err)
}
d.SetId(roleID)
return roleRead(ctx, d, m)
}
func roleRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
config := m.(proxmoxtf.ProviderConfiguration)
veClient, err := config.GetVEClient()
if err != nil {
return diag.FromErr(err)
}
roleID := d.Id()
role, err := veClient.GetRole(ctx, roleID)
if err != nil {
if strings.Contains(err.Error(), "HTTP 404") {
d.SetId("")
return nil
}
return diag.FromErr(err)
}
privileges := schema.NewSet(schema.HashString, []interface{}{})
if *role != nil {
for _, v := range *role {
privileges.Add(v)
}
}
err = d.Set(mkResourceVirtualEnvironmentRolePrivileges, privileges)
return diag.FromErr(err)
}
func roleUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
config := m.(proxmoxtf.ProviderConfiguration)
veClient, err := config.GetVEClient()
if err != nil {
return diag.FromErr(err)
}
privileges := d.Get(mkResourceVirtualEnvironmentRolePrivileges).(*schema.Set).List()
customPrivileges := make(types.CustomPrivileges, len(privileges))
roleID := d.Id()
for i, v := range privileges {
customPrivileges[i] = v.(string)
}
body := &proxmox.VirtualEnvironmentRoleUpdateRequestBody{
Privileges: customPrivileges,
}
err = veClient.UpdateRole(ctx, roleID, body)
if err != nil {
return diag.FromErr(err)
}
return roleRead(ctx, d, m)
}
func roleDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
config := m.(proxmoxtf.ProviderConfiguration)
veClient, err := config.GetVEClient()
if err != nil {
return diag.FromErr(err)
}
roleID := d.Id()
err = veClient.DeleteRole(ctx, roleID)
if err != nil {
if strings.Contains(err.Error(), "HTTP 404") {
d.SetId("")
return nil
}
return diag.FromErr(err)
}
d.SetId("")
return nil
}
View Git Blame Copy Permalink