Refactor remaining resources and data sources (#522)

* Refactor cyral_integration_* * Remove dead code * Refactor cyral_policy * Refactor cyral_user_account * Refactor cyral_policy_rule and fix error in cyral_service_account * Refactor cyral_role and cyral_rego_policy_instance * Deprecate cyral_saml_configuration and improve deprecation messages * Refactor cyral_sidecar_instance, cyral_sidecar_instance_stats and cyral_system_info * Improve package names;refactor cyral_sidecar_health, cyral_permission * Fix error handlers to avoid states getting out-of-sync * Update cyral/internal/regopolicy/schema_loader.go Co-authored-by: Victor Moraes <[email protected]> --------- Co-authored-by: Victor Moraes <[email protected]>
cyralinc · Apr 9, 2024 · 386a9dc · 386a9dc
1 parent 37619ab
commit 386a9dc
Show file tree

Hide file tree

Showing 130 changed files with 2,365 additions and 1,899 deletions.
diff --git a/cyral/core/README.md b/cyral/core/README.md
@@ -65,7 +65,7 @@ func (r *NewFeature) ReadFromSchema(d *schema.ResourceData) error {
 
 ### datasource.go
 
-Use the `GetPutDeleteURLFactory` to provide the URL factory to read the data source from the API.
+Use the `ReadUpdateDeleteURLFactory` to provide the URL factory to read the data source from the API.
 
 ```go
 // datasource.go
@@ -75,7 +75,7 @@ var dsContextHandler = core.DefaultContextHandler{
 	ResourceName:        dataSourceName,
 	ResourceType:        resourcetype.DataSource,
 	SchemaWriterFactoryGetMethod: func(_ *schema.ResourceData) core.SchemaWriter { return &NewFeature{} },
-	GetPutDeleteURLFactory: func(d *schema.ResourceData, c *client.Client) string {
+	ReadUpdateDeleteURLFactory: func(d *schema.ResourceData, c *client.Client) string {
 		return fmt.Sprintf("https://%s/v1/NewFeature/%s", c.ControlPlane, d.Get("my_id_field").(string))
 	},
 }

diff --git a/cyral/core/default_context_handler.go b/cyral/core/default_context_handler.go
@@ -20,15 +20,16 @@ import (
 //     an `id` field, meaning it will use the
 //     `IDBasedResponse` struct in such cases.
 //  3. `BaseURLFactory` must be provided for resources. It will be used to
-//     create the POST endpoint and others in case `GetPutDeleteURLFactory`
+//     create the POST endpoint and others in case `ReadUpdateDeleteURLFactory`
 //     is not provided.
-//  4. `GetPutDeleteURLFactory` must be provided for data sources.
-//  5. If `GetPutDeleteURLFactory` is NOT provided (data sources or resources),
-//     the endpoint to perform GET, PUT and DELETE calls are composed by the
+//  4. `ReadUpdateDeleteURLFactory` must be provided for data sources.
+//  5. If `ReadUpdateDeleteURLFactory` is NOT provided (data sources or resources),
+//     the endpoints to perform GET, PUT, PATCH and DELETE calls are composed by the
 //     `BaseURLFactory` endpoint plus the ID specification as follows:
 //     - POST:    https://<CP>/<apiVersion>/<featureName>
 //     - GET:     https://<CP>/<apiVersion>/<featureName>/<id>
 //     - PUT:     https://<CP>/<apiVersion>/<featureName>/<id>
+//     - PATCH:   https://<CP>/<apiVersion>/<featureName>/<id>
 //     - DELETE:  https://<CP>/<apiVersion>/<featureName>/<id>
 type DefaultContextHandler struct {
 	ResourceName        string
@@ -41,10 +42,13 @@ type DefaultContextHandler struct {
 	// written in POST operations.
 	SchemaWriterFactoryPostMethod SchemaWriterFactoryFunc
 	// BaseURLFactory provides the URL used for POSTs and that
-	// will also be used to compose the ID URL for GET, PUT and
-	// DELETE in case `GetPutDeleteURLFactory` is not provided.
-	BaseURLFactory         URLFactoryFunc
-	GetPutDeleteURLFactory URLFactoryFunc
+	// will also be used to compose the ID URL for GET, PUT/PATCH and
+	// DELETE in case `ReadUpdateDeleteURLFactory` is not provided.
+	BaseURLFactory             URLFactoryFunc
+	ReadUpdateDeleteURLFactory URLFactoryFunc
+
+	// Http method for update operations. If not provided, assumes http.MethodPut
+	UpdateMethod string
 }
 
 func DefaultSchemaWriterFactory(d *schema.ResourceData) SchemaWriter {
@@ -64,8 +68,8 @@ func (dch DefaultContextHandler) defaultOperationHandler(
 		var url string
 		if httpMethod == http.MethodPost {
 			url = dch.BaseURLFactory(d, c)
-		} else if dch.GetPutDeleteURLFactory != nil {
-			url = dch.GetPutDeleteURLFactory(d, c)
+		} else if dch.ReadUpdateDeleteURLFactory != nil {
+			url = dch.ReadUpdateDeleteURLFactory(d, c)
 		} else {
 			url = fmt.Sprintf("%s/%s", dch.BaseURLFactory(d, c), d.Id())
 		}
@@ -122,8 +126,12 @@ func (dch DefaultContextHandler) UpdateContext() schema.UpdateContextFunc {
 
 func (dch DefaultContextHandler) UpdateContextCustomErrorHandling(getErrorHandler RequestErrorHandler,
 	putErrorHandler RequestErrorHandler) schema.UpdateContextFunc {
+	updateMethod := http.MethodPut
+	if dch.UpdateMethod != "" {
+		updateMethod = dch.UpdateMethod
+	}
 	return UpdateResource(
-		dch.defaultOperationHandler(ot.Update, http.MethodPut, dch.SchemaReaderFactory, nil, putErrorHandler),
+		dch.defaultOperationHandler(ot.Update, updateMethod, dch.SchemaReaderFactory, nil, putErrorHandler),
 		dch.defaultOperationHandler(ot.Update, http.MethodGet, nil, dch.SchemaWriterFactoryGetMethod, getErrorHandler),
 	)
 }

diff --git a/cyral/internal/datalabel/resource.go b/cyral/internal/datalabel/resource.go
@@ -15,7 +15,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
-var getPutDeleteURLFactory = func(d *schema.ResourceData, c *client.Client) string {
+var readUpdateDeleteURLFactory = func(d *schema.ResourceData, c *client.Client) string {
 	return fmt.Sprintf("https://%s/v1/datalabels/%s",
 		c.ControlPlane,
 		d.Get("name").(string))
@@ -27,7 +27,7 @@ func resourceSchema() *schema.Resource {
 		ResourceType:                 resourcetype.Resource,
 		SchemaReaderFactory:          func() core.SchemaReader { return &DataLabel{} },
 		SchemaWriterFactoryGetMethod: func(_ *schema.ResourceData) core.SchemaWriter { return &DataLabel{} },
-		GetPutDeleteURLFactory:       getPutDeleteURLFactory,
+		ReadUpdateDeleteURLFactory:   readUpdateDeleteURLFactory,
 	}
 	return &schema.Resource{
 		Description: "Manages data labels. Data labels are part of the Cyral [Data Map](https://cyral.com/docs/policy/datamap).",
@@ -36,7 +36,7 @@ func resourceSchema() *schema.Resource {
 				ResourceName:        resourceName,
 				Type:                operationtype.Create,
 				HttpMethod:          http.MethodPut,
-				URLFactory:          getPutDeleteURLFactory,
+				URLFactory:          readUpdateDeleteURLFactory,
 				SchemaReaderFactory: func() core.SchemaReader { return &DataLabel{} },
 				SchemaWriterFactory: func(_ *schema.ResourceData) core.SchemaWriter { return &DataLabel{} },
 			}, readDataLabelConfig,
@@ -116,7 +116,7 @@ var readDataLabelConfig = core.ResourceOperationConfig{
 	ResourceName:        resourceName,
 	Type:                operationtype.Read,
 	HttpMethod:          http.MethodGet,
-	URLFactory:          getPutDeleteURLFactory,
+	URLFactory:          readUpdateDeleteURLFactory,
 	SchemaWriterFactory: func(_ *schema.ResourceData) core.SchemaWriter { return &DataLabel{} },
 	RequestErrorHandler: &core.IgnoreHttpNotFound{ResName: "Data Label"},
 }
diff --git a/...n/data_source_cyral_saml_configuration.go → ...d/data_source_cyral_saml_configuration.go b/...n/data_source_cyral_saml_configuration.go → ...d/data_source_cyral_saml_configuration.go
@@ -1,4 +1,4 @@
-package samlconfiguration
+package deprecated
 
 import (
 	"context"
@@ -7,7 +7,6 @@ import (
 	"net/http"
 
 	"github.com/cyralinc/terraform-provider-cyral/cyral/client"
-	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/deprecated"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/utils"
 	"github.com/google/uuid"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
@@ -21,6 +20,8 @@ var (
 
 func DataSourceSAMLConfiguration() *schema.Resource {
 	return &schema.Resource{
+		DeprecationMessage: "This data source has been deprecated. It will be removed in the next major version of " +
+			"the provider.",
 		Description: "Parses a SAML metadata URL or a Base64 document into a SAML configuration." +
 			"\n\nSee also the remaining SAML-related resources and data sources.",
 		ReadContext: dataSourceSAMLConfigurationRead,
@@ -182,7 +183,7 @@ func dataSourceSAMLConfigurationRead(ctx context.Context, d *schema.ResourceData
 		return utils.CreateError("Unable to retrieve saml configuration", fmt.Sprintf("%v", err))
 	}
 
-	response := deprecated.SAMLConfiguration{}
+	response := SAMLConfiguration{}
 	if err := json.Unmarshal(body, &response); err != nil {
 		return utils.CreateError("Unable to unmarshall JSON", fmt.Sprintf("%v", err))
 	}
@@ -197,14 +198,14 @@ func dataSourceSAMLConfigurationRead(ctx context.Context, d *schema.ResourceData
 	return diag.Diagnostics{}
 }
 
-func getSAMLMetadataRequestFromSchema(d *schema.ResourceData) deprecated.ParseSAMLMetadataRequest {
-	return deprecated.ParseSAMLMetadataRequest{
+func getSAMLMetadataRequestFromSchema(d *schema.ResourceData) ParseSAMLMetadataRequest {
+	return ParseSAMLMetadataRequest{
 		SamlMetadataURL:            d.Get("saml_metadata_url").(string),
 		Base64SamlMetadataDocument: d.Get("base_64_saml_metadata_document").(string),
 	}
 }
 
-func setSAMLConfigurationToSchema(d *schema.ResourceData, data deprecated.SAMLConfiguration) {
+func setSAMLConfigurationToSchema(d *schema.ResourceData, data SAMLConfiguration) {
 	if data.Config != nil {
 		d.Set("disable_using_jwks_url", data.Config.DisableUsingJWKSUrl)
 		d.Set("sync_mode", data.Config.SyncMode)

diff --git a/...a_source_cyral_saml_configuration_test.go → ...a_source_cyral_saml_configuration_test.go b/...a_source_cyral_saml_configuration_test.go → ...a_source_cyral_saml_configuration_test.go
@@ -1,4 +1,4 @@
-package samlconfiguration_test
+package deprecated_test
 
 import (
 	"fmt"

diff --git a/cyral/internal/deprecated/data_source_cyral_sidecar_cft_template.go b/cyral/internal/deprecated/data_source_cyral_sidecar_cft_template.go
@@ -19,7 +19,7 @@ const CloudFormationDeploymentMethod = "cft-ec2"
 
 func DataSourceSidecarCftTemplate() *schema.Resource {
 	return &schema.Resource{
-		DeprecationMessage: "This data source was deprecated. It will be removed in the next major version of " +
+		DeprecationMessage: "This data source has been deprecated. It will be removed in the next major version of " +
 			"the provider and no longer works for control planes `v4.13` and later.",
 		Description: "Retrieves the CloudFormation deployment template for a given sidecar. This data source only " +
 			"supports sidecars with `cft-ec2` deployment method. For Terraform template, use our " +

diff --git a/cyral/internal/deprecated/data_source_cyral_sidecar_instance_ids.go b/cyral/internal/deprecated/data_source_cyral_sidecar_instance_ids.go
@@ -25,7 +25,7 @@ type DeprecatedSidecarInstances struct {
 
 func DataSourceSidecarInstanceIDs() *schema.Resource {
 	return &schema.Resource{
-		DeprecationMessage: "This data source was deprecated. It will be removed in the next major version of " +
+		DeprecationMessage: "This data source has been deprecated. It will be removed in the next major version of " +
 			"the provider. Use the data source `cyral_sidecar_instance` instead",
 		Description: "Retrieves the IDs of all the current instances of a given sidecar.",
 		ReadContext: dataSourceSidecarInstanceIDsRead,

diff --git a/cyral/internal/integration/awsiam/constants.go b/cyral/internal/integration/awsiam/constants.go
@@ -0,0 +1,9 @@
+package awsiam
+
+const (
+	resourceName = "cyral_integration_aws_iam"
+
+	AWSIAMIntegrationNameKey        = "name"
+	AWSIAMIntegratioNDescriptionKey = "description"
+	AWSIAMIntegrationARNsKey        = "role_arns"
+)
diff --git a/cyral/internal/integration/awsiam/model.go b/cyral/internal/integration/awsiam/model.go
@@ -0,0 +1,53 @@
+package awsiam
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+type AWSIAMIntegrationWrapper struct {
+	Integration *AWSIAMIntegration `json:"iamIntegration"`
+}
+
+type AWSIAMIntegration struct {
+	ID          string   `json:"id,omitempty"`
+	Name        string   `json:"name"`
+	Description string   `json:"description"`
+	IAMRoleARNs []string `json:"iamRoleARNs"`
+}
+
+func (wrapper AWSIAMIntegrationWrapper) WriteToSchema(d *schema.ResourceData) error {
+	integration := wrapper.Integration
+
+	d.SetId(integration.ID)
+
+	if err := d.Set(AWSIAMIntegrationNameKey, integration.Name); err != nil {
+		return fmt.Errorf("error setting '%s': %w", AWSIAMIntegrationNameKey, err)
+	}
+
+	if err := d.Set(AWSIAMIntegratioNDescriptionKey, integration.Description); err != nil {
+		return fmt.Errorf("error setting '%s': %w", AWSIAMIntegratioNDescriptionKey, err)
+	}
+
+	if err := d.Set(AWSIAMIntegrationARNsKey, integration.IAMRoleARNs); err != nil {
+		return fmt.Errorf("error setting '%s': %w", AWSIAMIntegrationARNsKey, err)
+	}
+	return nil
+}
+
+func (wrapper *AWSIAMIntegrationWrapper) ReadFromSchema(d *schema.ResourceData) error {
+	wrapper.Integration = &AWSIAMIntegration{}
+
+	wrapper.Integration.Name = d.Get(AWSIAMIntegrationNameKey).(string)
+	wrapper.Integration.Description = d.Get(AWSIAMIntegratioNDescriptionKey).(string)
+
+	arns := d.Get(AWSIAMIntegrationARNsKey).([]interface{})
+	stringARNs := make([]string, 0, len(arns))
+	for _, arn := range arns {
+		stringARNs = append(stringARNs, arn.(string))
+	}
+
+	wrapper.Integration.IAMRoleARNs = stringARNs
+	return nil
+}
diff --git a/...iam/resource_cyral_integration_aws_iam.go → ...l/internal/integration/awsiam/resource.go b/...iam/resource_cyral_integration_aws_iam.go → ...l/internal/integration/awsiam/resource.go
@@ -10,59 +10,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
-const (
-	AWSIAMIntegrationNameKey        = "name"
-	AWSIAMIntegratioNDescriptionKey = "description"
-	AWSIAMIntegrationARNsKey        = "role_arns"
-)
-
-type AWSIAMIntegrationWrapper struct {
-	Integration *AWSIAMIntegration `json:"iamIntegration"`
-}
-
-type AWSIAMIntegration struct {
-	ID          string   `json:"id,omitempty"`
-	Name        string   `json:"name"`
-	Description string   `json:"description"`
-	IAMRoleARNs []string `json:"iamRoleARNs"`
-}
-
-func (wrapper *AWSIAMIntegrationWrapper) WriteToSchema(d *schema.ResourceData) error {
-	integration := wrapper.Integration
-
-	d.SetId(integration.ID)
-
-	if err := d.Set(AWSIAMIntegrationNameKey, integration.Name); err != nil {
-		return fmt.Errorf("error setting '%s': %w", AWSIAMIntegrationNameKey, err)
-	}
-
-	if err := d.Set(AWSIAMIntegratioNDescriptionKey, integration.Description); err != nil {
-		return fmt.Errorf("error setting '%s': %w", AWSIAMIntegratioNDescriptionKey, err)
-	}
-
-	if err := d.Set(AWSIAMIntegrationARNsKey, integration.IAMRoleARNs); err != nil {
-		return fmt.Errorf("error setting '%s': %w", AWSIAMIntegrationARNsKey, err)
-	}
-	return nil
-}
-
-func (wrapper *AWSIAMIntegrationWrapper) ReadFromSchema(d *schema.ResourceData) error {
-	wrapper.Integration = &AWSIAMIntegration{}
-
-	wrapper.Integration.Name = d.Get(AWSIAMIntegrationNameKey).(string)
-	wrapper.Integration.Description = d.Get(AWSIAMIntegratioNDescriptionKey).(string)
-
-	arns := d.Get(AWSIAMIntegrationARNsKey).([]interface{})
-	stringARNs := make([]string, 0, len(arns))
-	for _, arn := range arns {
-		stringARNs = append(stringARNs, arn.(string))
-	}
-
-	wrapper.Integration.IAMRoleARNs = stringARNs
-	return nil
-}
-
-func ResourceIntegrationAWSIAM() *schema.Resource {
+func resourceSchema() *schema.Resource {
 	contextHandler := core.DefaultContextHandler{
 		ResourceName:                 "AWS IAM Integration",
 		ResourceType:                 resourcetype.Resource,

diff --git a/...esource_cyral_integration_aws_iam_test.go → ...ernal/integration/awsiam/resource_test.go b/...esource_cyral_integration_aws_iam_test.go → ...ernal/integration/awsiam/resource_test.go
diff --git a/cyral/internal/integration/awsiam/schema_loader.go b/cyral/internal/integration/awsiam/schema_loader.go
@@ -0,0 +1,24 @@
+package awsiam
+
+import "github.com/cyralinc/terraform-provider-cyral/cyral/core"
+
+type packageSchema struct {
+}
+
+func (p *packageSchema) Name() string {
+	return "integration.awsiam"
+}
+
+func (p *packageSchema) Schemas() []*core.SchemaDescriptor {
+	return []*core.SchemaDescriptor{
+		{
+			Name:   resourceName,
+			Type:   core.ResourceSchemaType,
+			Schema: resourceSchema,
+		},
+	}
+}
+
+func PackageSchema() core.PackageSchema {
+	return &packageSchema{}
+}
diff --git a/cyral/internal/integration/confextension/constants.go b/cyral/internal/integration/confextension/constants.go
@@ -0,0 +1,9 @@
+package confextension
+
+const (
+	authorizationPurpose = "authorization"
+	builtinCategory      = "builtin"
+
+	PagerDutyTemplateType = "pagerduty"
+	DuoMFATemplateType    = "duoMfa"
+)
diff --git a/cyral/internal/integration/confextension/mfaduo/constants.go b/cyral/internal/integration/confextension/mfaduo/constants.go
@@ -0,0 +1,5 @@
+package mfaduo
+
+const (
+	resourceName = "cyral_integration_mfa_duo"
+)
diff --git a/...duo/resource_cyral_integration_mfa_duo.go → ...egration/confextension/mfaduo/resource.go b/...duo/resource_cyral_integration_mfa_duo.go → ...egration/confextension/mfaduo/resource.go
@@ -1,23 +1,18 @@
 package mfaduo
 
 import (
-	"github.com/cyralinc/terraform-provider-cyral/cyral/core"
 	ce "github.com/cyralinc/terraform-provider-cyral/cyral/internal/integration/confextension"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
-func ResourceIntegrationMFADuo() *schema.Resource {
+func resourceSchema() *schema.Resource {
 	return &schema.Resource{
-		Description: "Manages [integration with Duo MFA](https://cyral.com/docs/mfa/duo).",
-		CreateContext: core.CreateResource(
-			ce.ConfExtensionIntegrationCreate(ce.DuoMFATemplateType),
-			ce.ConfExtensionIntegrationRead(ce.DuoMFATemplateType)),
-		ReadContext: core.ReadResource(ce.ConfExtensionIntegrationRead(ce.DuoMFATemplateType)),
-		UpdateContext: core.UpdateResource(
-			ce.ConfExtensionIntegrationUpdate(ce.DuoMFATemplateType),
-			ce.ConfExtensionIntegrationRead(ce.DuoMFATemplateType)),
-		DeleteContext: core.DeleteResource(ce.ConfExtensionIntegrationDelete(ce.DuoMFATemplateType)),
+		Description:   "Manages [integration with Duo MFA](https://cyral.com/docs/mfa/duo).",
+		CreateContext: ce.CreateResource(resourceName, ce.DuoMFATemplateType),
+		ReadContext:   ce.ReadResource(resourceName, ce.DuoMFATemplateType),
+		UpdateContext: ce.UpdateResource(resourceName, ce.DuoMFATemplateType),
+		DeleteContext: ce.DeleteResource(resourceName, ce.DuoMFATemplateType),
 
 		Schema: map[string]*schema.Schema{
 			"id": {

diff --git a/...esource_cyral_integration_mfa_duo_test.go → ...ion/confextension/mfaduo/resource_test.go b/...esource_cyral_integration_mfa_duo_test.go → ...ion/confextension/mfaduo/resource_test.go