Refactor cyral_user_account

cyral/internal/serviceaccount/constants.go

@@ -0,0 +1,11 @@
+package serviceaccount
+
+const (
+	resourceName = "cyral_service_account"
+
+	// Schema keys
+	ServiceAccountResourceDisplayNameKey   = "display_name"
+	ServiceAccountResourcePermissionIDsKey = "permission_ids"
+	ServiceAccountResourceClientIDKey      = "client_id"
+	ServiceAccountResourceClientSecretKey  = "client_secret"
+)

cyral/internal/serviceaccount/resource.go

@@ -0,0 +1,74 @@
+package serviceaccount
+
+import (
+	"fmt"
+
+	"github.com/cyralinc/terraform-provider-cyral/cyral/client"
+	"github.com/cyralinc/terraform-provider-cyral/cyral/core"
+	"github.com/cyralinc/terraform-provider-cyral/cyral/core/types/resourcetype"
+	"github.com/cyralinc/terraform-provider-cyral/cyral/utils"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+var resourceContextHandler = core.DefaultContextHandler{
+	ResourceName:                 resourceName,
+	ResourceType:                 resourcetype.Resource,
+	SchemaReaderFactory:          func() core.SchemaReader { return &ServiceAccount{} },
+	SchemaWriterFactoryGetMethod: func(_ *schema.ResourceData) core.SchemaWriter { return &ServiceAccount{} },
+	BaseURLFactory: func(d *schema.ResourceData, c *client.Client) string {
+		return fmt.Sprintf("https://%s/v1/users/serviceAccounts", c.ControlPlane)
+	},
+}
+
+func resourceSchema() *schema.Resource {
+	return &schema.Resource{
+		Description: "Manages a Cyral Service Account (A.k.a: " +
+			"[Cyral API Access Key](https://cyral.com/docs/api-ref/api-intro/#api-access-key)). See also " +
+			"data source [`cyral_permission`](../data-sources/permission.md)." +
+			"\n\n-> **Note** This resource does not support importing, since the client secret cannot " +
+			"be read after the resource creation.",
+		CreateContext: resourceContextHandler.CreateContext(),
+		ReadContext:   resourceContextHandler.ReadContext(),
+		UpdateContext: resourceContextHandler.UpdateContext(),
+		DeleteContext: resourceContextHandler.DeleteContext(),
+
+		Schema: map[string]*schema.Schema{
+			ServiceAccountResourceDisplayNameKey: {
+				Description: "The service account display name.",
+				Type:        schema.TypeString,
+				Required:    true,
+			},
+			ServiceAccountResourcePermissionIDsKey: {
+				Description: "A list of permission IDs that will be assigned to this service account. See " +
+					"also data source [`cyral_permission`](../data-sources/permission.md).",
+				Type:     schema.TypeSet,
+				Required: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			utils.IDKey: {
+				Description: fmt.Sprintf(
+					"The resource identifier. It's equal to `%s`.",
+					ServiceAccountResourceClientIDKey,
+				),
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			ServiceAccountResourceClientIDKey: {
+				Description: "The service account client ID.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			ServiceAccountResourceClientSecretKey: {
+				Description: "The service account client secret. **Note**: This resource is not able to recognize " +
+					"changes to the client secret after its creation, so keep in mind that if the client secret is " +
+					"rotated, the value present in this attribute will be outdated. If you need to rotate the client " +
+					"secret it's recommended that you recreate this terraform resource.",
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+		},
+	}
+}

cyral/internal/serviceaccount/schema_loader.go

@@ -0,0 +1,26 @@
+package serviceaccount
+
+import (
+	"github.com/cyralinc/terraform-provider-cyral/cyral/core"
+)
+
+type packageSchema struct {
+}
+
+func (p *packageSchema) Name() string {
+	return "serviceaccount"
+}
+
+func (p *packageSchema) Schemas() []*core.SchemaDescriptor {
+	return []*core.SchemaDescriptor{
+		{
+			Name:   resourceName,
+			Type:   core.ResourceSchemaType,
+			Schema: resourceSchema,
+		},
+	}
+}
+
+func PackageSchema() core.PackageSchema {
+	return &packageSchema{}
+}

cyral/provider/provider.go

@@ -17,7 +17,6 @@ import (
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/regopolicy"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/role"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/samlconfiguration"
-	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/serviceaccount"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/sidecar"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/sidecar/health"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/sidecar/instance"
@@ -144,7 +143,6 @@ func getResourceMap(ps []core.PackageSchema) map[string]*schema.Resource {
 	schemaMap["cyral_rego_policy_instance"] = regopolicy.ResourceRegoPolicyInstance()
 	schemaMap["cyral_role"] = role.ResourceRole()
 	schemaMap["cyral_role_sso_groups"] = role.ResourceRoleSSOGroups()
-	schemaMap["cyral_service_account"] = serviceaccount.ResourceServiceAccount()
 
 	tflog.Debug(ctx, "End getResourceMap")
 

cyral/provider/schema_loader.go

@@ -23,6 +23,7 @@ import (
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/network"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/useraccount"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/samlcertificate"
+	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/serviceaccount"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/sidecar"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/sidecar/credentials"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/sidecar/listener"
@@ -51,6 +52,7 @@ func packagesSchemas() []core.PackageSchema {
 		policy.PackageSchema(),
 		repository.PackageSchema(),
 		samlcertificate.PackageSchema(),
+		serviceaccount.PackageSchema(),
 		sidecar.PackageSchema(),
 		slack.PackageSchema(),
 		teams.PackageSchema(),