vcfa_org_local_user resource + data source (#25)

Author: Didainius

.changes/v1.0.0/25-features.md

@@ -0,0 +1,2 @@
+- **New Resource:** `vcfa_org_local_user` to manage Org Local users [GH-25]
+- **New Data Source:** `vcfa_org_local_user` to read Org Local users [GH-25]

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-version v1.7.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.35.0
-	github.com/vmware/go-vcloud-director/v3 v3.0.0-alpha.23
+	github.com/vmware/go-vcloud-director/v3 v3.0.0-alpha.24
 )
 
 require (

go.sum

@@ -149,8 +149,8 @@ github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IU
 github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
-github.com/vmware/go-vcloud-director/v3 v3.0.0-alpha.23 h1:GhQhlULBs/7oetCZ2IFvQfH7OqEo6Q5r9GT6v5YgZOQ=
-github.com/vmware/go-vcloud-director/v3 v3.0.0-alpha.23/go.mod h1:68KHsVns52dsq/w5JQYzauaU/+NAi1FmCxhBrFc/VoQ=
+github.com/vmware/go-vcloud-director/v3 v3.0.0-alpha.24 h1:WarOa7cskCyAsbMgtDGc2pxsDW2hnWkxdgz0AhOQS1o=
+github.com/vmware/go-vcloud-director/v3 v3.0.0-alpha.24/go.mod h1:68KHsVns52dsq/w5JQYzauaU/+NAi1FmCxhBrFc/VoQ=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=

vcfa/datasource_vcfa_org_local_user.go

@@ -0,0 +1,56 @@
+package vcfa
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/vmware/go-vcloud-director/v3/govcd"
+	"github.com/vmware/go-vcloud-director/v3/types/v56"
+)
+
+func datasourceVcfaLocalUser() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: datasourceVcfaLocalUserRead,
+
+		Schema: map[string]*schema.Schema{
+			"org_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: fmt.Sprintf("Parent %s ID for %s", labelVcfaOrg, labelLocalUser),
+			},
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: fmt.Sprintf("%s User Name", labelLocalUser),
+			},
+			"role_ids": {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: fmt.Sprintf("%ss to use for %s", labelVcfaRole, labelLocalUser),
+			},
+		},
+	}
+}
+
+func datasourceVcfaLocalUserRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	vcfaClient := meta.(*VCDClient)
+	tenantContext, err := getTenantContextFromOrgId(vcfaClient, d.Get("org_id").(string))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	getByNameFunc := func(username string) (*govcd.OpenApiUser, error) {
+		return vcfaClient.GetUserByName(username, tenantContext)
+	}
+
+	c := dsReadConfig[*govcd.OpenApiUser, types.OpenApiUser]{
+		entityLabel:              labelLocalUser,
+		getEntityFunc:            getByNameFunc,
+		stateStoreFunc:           setLocalUserData,
+		overrideDefaultNameField: "username",
+	}
+	return readDatasource(ctx, d, meta, c)
+}

vcfa/helpers.go

@@ -1,9 +1,10 @@
 package vcfa
 
 import (
+	"os"
+
 	"github.com/vmware/go-vcloud-director/v3/govcd"
 	"github.com/vmware/go-vcloud-director/v3/util"
-	"os"
 )
 
 // Returns a valid Tenant Context if the Organization identified by the given ID is valid and exists.

vcfa/provider.go

@@ -59,6 +59,7 @@ var globalDataSourceMap = map[string]*schema.Resource{
 	"vcfa_role":                            datasourceVcfaRole(),                        // 1.0
 	"vcfa_global_role":                     datasourceVcfaGlobalRole(),                  // 1.0
 	"vcfa_certificate":                     datasourceVcfaCertificate(),                 // 1.0
+	"vcfa_org_local_user":                  datasourceVcfaLocalUser(),                   // 1.0
 }
 
 var globalResourceMap = map[string]*schema.Resource{
@@ -81,6 +82,7 @@ var globalResourceMap = map[string]*schema.Resource{
 	"vcfa_global_role":                     resourceVcfaGlobalRole(),                  // 1.0
 	"vcfa_api_token":                       resourceVcfaApiToken(),                    // 1.0
 	"vcfa_certificate":                     resourceVcfaCertificate(),                 // 1.0
+	"vcfa_org_local_user":                  resourceVcfaLocalUser(),                   // 1.0
 }
 
 // Provider returns a terraform.ResourceProvider.

vcfa/resource_vcfa_org_local_user.go

@@ -0,0 +1,222 @@
+package vcfa
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/vmware/go-vcloud-director/v3/govcd"
+	"github.com/vmware/go-vcloud-director/v3/types/v56"
+)
+
+const labelLocalUser = "Org Local User"
+
+func resourceVcfaLocalUser() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceVcfaLocalUserCreate,
+		ReadContext:   resourceVcfaLocalUserRead,
+		UpdateContext: resourceVcfaLocalUserUpdate,
+		DeleteContext: resourceVcfaLocalUserDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: resourceVcfaLocalUserImport,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"org_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: fmt.Sprintf("Parent %s ID for %s", labelVcfaOrg, labelLocalUser),
+			},
+			"role_ids": {
+				Type:        schema.TypeSet,
+				Required:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: fmt.Sprintf("%ss to use for %s", labelVcfaRole, labelLocalUser),
+			},
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: fmt.Sprintf("%s username", labelLocalUser),
+			},
+			"password": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Sensitive:   true,
+				Description: fmt.Sprintf("Password for %s", labelLocalUser),
+			},
+		},
+	}
+}
+
+func resourceVcfaLocalUserCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	vcfaClient := meta.(*VCDClient)
+	tenantContext, err := getTenantContextFromOrgId(vcfaClient, d.Get("org_id").(string))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	createFunc := func(config *types.OpenApiUser) (*govcd.OpenApiUser, error) {
+		return vcfaClient.CreateUser(config, tenantContext)
+	}
+
+	c := crudConfig[*govcd.OpenApiUser, types.OpenApiUser]{
+		entityLabel:      labelLocalUser,
+		getTypeFunc:      getLocalUserType,
+		stateStoreFunc:   setLocalUserData,
+		createFunc:       createFunc,
+		resourceReadFunc: resourceVcfaLocalUserRead,
+	}
+	return createResource(ctx, d, meta, c)
+}
+
+func resourceVcfaLocalUserUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	vcfaClient := meta.(*VCDClient)
+	tenantContext, err := getTenantContextFromOrgId(vcfaClient, d.Get("org_id").(string))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	getByIdFunc := func(id string) (*govcd.OpenApiUser, error) {
+		return vcfaClient.GetUserById(id, tenantContext)
+	}
+
+	c := crudConfig[*govcd.OpenApiUser, types.OpenApiUser]{
+		entityLabel:      labelLocalUser,
+		getTypeFunc:      getLocalUserType,
+		getEntityFunc:    getByIdFunc,
+		resourceReadFunc: resourceVcfaLocalUserRead,
+	}
+
+	return updateResource(ctx, d, meta, c)
+}
+
+func resourceVcfaLocalUserRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	vcfaClient := meta.(*VCDClient)
+	tenantContext, err := getTenantContextFromOrgId(vcfaClient, d.Get("org_id").(string))
+	if err != nil {
+		if govcd.ContainsNotFound(err) { // Org no longer exists, therefore user is also gone
+			d.SetId("")
+			return nil
+		}
+		return diag.FromErr(err)
+	}
+
+	getByIdFunc := func(id string) (*govcd.OpenApiUser, error) {
+		return vcfaClient.GetUserById(id, tenantContext)
+	}
+
+	c := crudConfig[*govcd.OpenApiUser, types.OpenApiUser]{
+		entityLabel:    labelLocalUser,
+		getEntityFunc:  getByIdFunc,
+		stateStoreFunc: setLocalUserData,
+	}
+	return readResource(ctx, d, meta, c)
+}
+
+func resourceVcfaLocalUserDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	vcfaClient := meta.(*VCDClient)
+
+	tenantContext, err := getTenantContextFromOrgId(vcfaClient, d.Get("org_id").(string))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	getByIdFunc := func(id string) (*govcd.OpenApiUser, error) {
+		return vcfaClient.GetUserById(id, tenantContext)
+	}
+
+	c := crudConfig[*govcd.OpenApiUser, types.OpenApiUser]{
+		entityLabel:   labelLocalUser,
+		getEntityFunc: getByIdFunc,
+	}
+
+	return deleteResource(ctx, d, meta, c)
+}
+
+func resourceVcfaLocalUserImport(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	vcdClient := meta.(*VCDClient)
+
+	idSlice := strings.Split(d.Id(), ImportSeparator)
+	if len(idSlice) != 2 {
+		return nil, fmt.Errorf("expected import ID to be <org name>%s<user name>", ImportSeparator)
+	}
+
+	org, err := vcdClient.GetTmOrgByName(idSlice[0])
+	if err != nil {
+		return nil, fmt.Errorf("error getting %s: %s", labelVcfaOrg, err)
+	}
+
+	tenantContext := &govcd.TenantContext{
+		OrgId:   org.TmOrg.ID,
+		OrgName: org.TmOrg.Name,
+	}
+
+	user, err := vcdClient.GetUserByName(idSlice[1], tenantContext)
+	if err != nil {
+		return nil, fmt.Errorf("error retrieving %s: %s", labelLocalUser, err)
+	}
+
+	d.SetId(user.User.ID)
+	dSet(d, "org_id", org.TmOrg.ID)
+
+	return []*schema.ResourceData{d}, nil
+}
+
+func getLocalUserType(vcfaClient *VCDClient, d *schema.ResourceData) (*types.OpenApiUser, error) {
+	org, err := vcfaClient.GetTmOrgById(d.Get("org_id").(string))
+	if err != nil {
+		return nil, fmt.Errorf("error getting %s: %s", labelVcfaOrg, err)
+	}
+
+	roleSet := convertSchemaSetToSliceOfStrings(d.Get("role_ids").(*schema.Set))
+	t := &types.OpenApiUser{
+		OrgEntityRef:   &types.OpenApiReference{ID: d.Get("org_id").(string), Name: org.TmOrg.Name},
+		Username:       d.Get("username").(string),
+		Password:       d.Get("password").(string),
+		ProviderType:   "LOCAL",
+		RoleEntityRefs: convertSliceOfStringsToOpenApiReferenceIds(roleSet),
+		Locked:         addrOf(false),
+	}
+
+	// Update requires ID being present
+	if d.Id() != "" { // update operation
+		t.ID = d.Id()
+		user, err := vcfaClient.GetUserById(d.Id(), nil)
+		if err != nil {
+			return nil, fmt.Errorf("error retrieving %s by ID %s: %s", labelLocalUser, d.Id(), err)
+		}
+		// Name In Source must be set to "previous" username when performing update
+		t.NameInSource = user.User.Username
+
+		// if password has not changed - send exactly '******' to prevent updating password just like UI
+		if !d.HasChange("password") {
+			t.Password = "******"
+		}
+	}
+
+	return t, nil
+}
+
+func setLocalUserData(_ *VCDClient, d *schema.ResourceData, user *govcd.OpenApiUser) error {
+	if user == nil || user.User == nil {
+		return fmt.Errorf("nil user structure")
+	}
+	d.SetId(user.User.ID)
+	dSet(d, "username", user.User.Username)
+
+	roleIds := extractIdsFromOpenApiReferences(user.User.RoleEntityRefs)
+	err := d.Set("role_ids", roleIds)
+	if err != nil {
+		return fmt.Errorf("error storing 'role_ids': %s", err)
+	}
+
+	dSet(d, "org_id", "")
+	if user.User.OrgEntityRef != nil {
+		dSet(d, "org_id", user.User.OrgEntityRef.ID)
+	}
+	// dSet(d, "password", user.User.Password) // password is never returned on read
+
+	return nil
+}