feat: support IAM policies

Signed-off-by: Nicolas FOURNIER <[email protected]>

Author: fehrnah

ovh/config.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"log"
 	"sync"
-	"time"
 
 	cleanhttp "github.com/hashicorp/go-cleanhttp"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging"
@@ -14,6 +13,8 @@ import (
 var providerVersion, providerCommit string
 
 type Config struct {
+	Account           string
+	Plate             string
 	Endpoint          string
 	ApplicationKey    string
 	ApplicationSecret string
@@ -24,17 +25,6 @@ type Config struct {
 	lockAuth          *sync.Mutex
 }
 
-type OvhAuthCurrentCredential struct {
-	OvhSupport    bool             `json:"ovhSupport"`
-	Status        string           `json:"status"`
-	ApplicationId int64            `json:"applicationId"`
-	CredentialId  int64            `json:"credentialId"`
-	Rules         []ovh.AccessRule `json:"rules"`
-	Expiration    time.Time        `json:"expiration"`
-	LastUse       time.Time        `json:"lastUse"`
-	Creation      time.Time        `json:"creation"`
-}
-
 func clientDefault(c *Config) (*ovh.Client, error) {
 	client, err := ovh.NewClient(
 		c.Endpoint,
@@ -63,15 +53,21 @@ func (c *Config) loadAndValidate() error {
 	}
 
 	if !c.authenticated {
-		var cred OvhAuthCurrentCredential
-		if err := c.OVHClient.Get("/auth/currentCredential", &cred); err != nil {
+		var details OvhAuthDetails
+		if err := c.OVHClient.Get("/auth/details", &details); err != nil {
 			c.authFailed = fmt.Errorf("OVH client seems to be misconfigured: %q\n", err)
 			return c.authFailed
 		}
 
 		log.Printf("[DEBUG] Logged in on OVH API")
+		c.Account = details.Account
 		c.authenticated = true
 	}
+
+	if c.Plate == "" {
+		c.Plate = plateFromEndpoint(c.Endpoint)
+	}
+
 	return nil
 }
 
@@ -106,3 +102,17 @@ func (c *Config) load() error {
 
 	return nil
 }
+
+var plateMapping map[string]string = map[string]string{
+	"ovh-eu":        "eu",
+	"ovh-ca":        "ca",
+	"ovh-us":        "us",
+	"kimsufi-eu":    "eu",
+	"kimsufi-ca":    "ca",
+	"soyoustart-eu": "eu",
+	"soyoustart-ca": "ca",
+}
+
+func plateFromEndpoint(endpoint string) string {
+	return plateMapping[endpoint]
+}

ovh/data_dbaas_logs_cluster.go

@@ -6,6 +6,7 @@ import (
 	"net/url"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/ovh/terraform-provider-ovh/ovh/helpers"
 )
 
 func dataSourceDbaasLogsCluster() *schema.Resource {
@@ -20,6 +21,10 @@ func dataSourceDbaasLogsCluster() *schema.Resource {
 				Required:    true,
 			},
 			// Computed
+			"urn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"cluster_type": {
 				Type:        schema.TypeString,
 				Description: "Cluster type",
@@ -114,6 +119,7 @@ func dataSourceDbaasLogsClusterRead(d *schema.ResourceData, meta interface{}) er
 	}
 
 	d.SetId(cluster_id)
+	d.Set("urn", helpers.ServiceURN(config.Plate, "ldp", serviceName))
 
 	endpoint := fmt.Sprintf(
 		"/dbaas/logs/%s/cluster/%s",

ovh/data_dedicated_ceph.go

@@ -20,6 +20,10 @@ func dataSourceDedicatedCeph() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"urn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"ceph_version": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -84,6 +88,7 @@ func dataSourceDedicatedCephRead(d *schema.ResourceData, meta interface{}) error
 	}
 	log.Printf("[DEBUG] CEPH is %v", ceph.CephMonitors)
 	d.SetId(ceph.ServiceName)
+	d.Set("urn", helpers.ServiceURN(config.Plate, "dedicatedCeph", ceph.ServiceName))
 	d.Set("service_name", ceph.ServiceName)
 	d.Set("ceph_mons", ceph.CephMonitors)
 	d.Set("ceph_version", ceph.CephVersion)

ovh/data_dedicated_nasha.go

@@ -3,9 +3,11 @@ package ovh
 import (
 	"context"
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"net/url"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/ovh/terraform-provider-ovh/ovh/helpers"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -20,6 +22,10 @@ func dataSourceDedicatedNasha() *schema.Resource {
 			},
 
 			// Computed
+			"urn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"can_create_partition": {
 				Type:        schema.TypeBool,
 				Computed:    true,
@@ -86,6 +92,7 @@ func dataSourceDedicatedNashaRead(c context.Context, d *schema.ResourceData, met
 	}
 
 	d.SetId(ds.ServiceName)
+	d.Set("urn", helpers.ServiceURN(config.Plate, "nasHA", ds.ServiceName))
 	d.Set("service_name", ds.ServiceName)
 	d.Set("monitored", ds.Monitored)
 	d.Set("zpool_size", ds.ZpoolSize)

ovh/data_dedicated_server.go

@@ -6,6 +6,7 @@ import (
 	"net/url"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/ovh/terraform-provider-ovh/ovh/helpers"
 )
 
 func dataSourceDedicatedServer() *schema.Resource {
@@ -18,6 +19,10 @@ func dataSourceDedicatedServer() *schema.Resource {
 			},
 
 			// Computed
+			"urn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"boot_id": {
 				Type:        schema.TypeInt,
 				Computed:    true,
@@ -196,6 +201,7 @@ func dataSourceDedicatedServerRead(d *schema.ResourceData, meta interface{}) err
 	}
 
 	d.SetId(ds.Name)
+	d.Set("urn", helpers.ServiceURN(config.Plate, "dedicatedServer", ds.Name))
 	d.Set("boot_id", ds.BootId)
 	d.Set("commercial_range", ds.CommercialRange)
 	d.Set("datacenter", ds.Datacenter)

ovh/data_domain_zone.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/ovh/terraform-provider-ovh/ovh/helpers"
 )
 
 func dataSourceDomainZone() *schema.Resource {
@@ -16,6 +17,10 @@ func dataSourceDomainZone() *schema.Resource {
 			},
 
 			// Computed
+			"urn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"has_dns_anycast": {
 				Type:     schema.TypeBool,
 				Computed: true,
@@ -55,5 +60,7 @@ func dataSourceDomainZoneRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("last_update", dz.LastUpdate)
 	d.Set("name_servers", dz.NameServers)
 
+	d.Set("urn", helpers.ServiceURN(config.Plate, "dnsZone", zoneName))
+
 	return nil
 }

ovh/data_hosting_privatedatabase.go

@@ -5,6 +5,7 @@ import (
 	"net/url"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/ovh/terraform-provider-ovh/ovh/helpers"
 )
 
 func dataSourceHostingPrivateDatabase() *schema.Resource {
@@ -17,6 +18,10 @@ func dataSourceHostingPrivateDatabase() *schema.Resource {
 			},
 
 			// Computed
+			"urn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"cpu": {
 				Type:        schema.TypeInt,
 				Computed:    true,
@@ -138,6 +143,7 @@ func dataSourceHostingPrivateDatabaseRead(d *schema.ResourceData, meta interface
 		}
 	}
 	d.SetId(ds.ServiceName)
+	d.Set("urn", helpers.ServiceURN(config.Plate, "webCloudDatabases", ds.ServiceName))
 
 	return nil
 }

ovh/data_iam_policies.go

@@ -0,0 +1,46 @@
+package ovh
+
+import (
+	"context"
+	"sort"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/ovh/terraform-provider-ovh/ovh/helpers/hashcode"
+)
+
+func dataSourceIamPolicies() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"policies": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+		ReadContext: datasourceIamPoliciesRead,
+	}
+}
+
+func datasourceIamPoliciesRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	config := meta.(*Config)
+
+	var policies []IamPolicy
+	err := config.OVHClient.GetWithContext(ctx, "/v2/iam/policy", &policies)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	var polIDs []string
+	for _, p := range policies {
+		polIDs = append(polIDs, p.Id)
+	}
+
+	d.Set("policies", polIDs)
+
+	sort.Strings(polIDs)
+	d.SetId(hashcode.Strings(polIDs))
+	return nil
+}

ovh/data_iam_policy.go

@@ -0,0 +1,93 @@
+package ovh
+
+import (
+	"context"
+	"net/url"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceIamPolicy() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"identities": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"resources": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"allow": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"except": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"owner": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"created_at": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"updated_at": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"read_only": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+		},
+		ReadContext: datasourceIamPolicyRead,
+	}
+}
+
+func datasourceIamPolicyRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	config := meta.(*Config)
+	id := d.Get("id").(string)
+
+	var pol IamPolicy
+	err := config.OVHClient.GetWithContext(ctx, "/v2/iam/policy/"+url.PathEscape(id), &pol)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	for k, v := range pol.ToMap() {
+		err := d.Set(k, v)
+		if err != nil {
+			return diag.Errorf("key: %s; value: %v; err: %v", k, v, err)
+		}
+	}
+	d.SetId(id)
+	return nil
+}