add decrypt support for git repo

pluralsh · Jan 3, 2024 · a25f14d · a25f14d
1 parent 145e9c5
commit a25f14d
Show file tree

Hide file tree

Showing 11 changed files with 1,612 additions and 62 deletions.
diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
diff --git a/internal/client/client.go b/internal/client/client.go
@@ -12,7 +12,7 @@ type Client struct {
 	*gqlclient.Client
 }
 
-func (c *Client) CreateServiceDeployment(ctx context.Context, id, handle *string, attrs gqlclient.ServiceDeploymentAttributes) (*gqlclient.ServiceDeploymentFragment, error) {
+func (c *Client) CreateServiceDeployment(ctx context.Context, id, handle *string, attrs gqlclient.ServiceDeploymentAttributes) (*gqlclient.ServiceDeploymentExtended, error) {
 	if len(lo.FromPtr(id)) == 0 && len(lo.FromPtr(handle)) == 0 {
 		return nil, fmt.Errorf("could not create service deployment: id or handle not provided")
 	}

diff --git a/internal/datasource/config.go b/internal/datasource/config.go
@@ -10,19 +10,16 @@ import (
 
 	"github.com/mitchellh/go-homedir"
 
-	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
-	"github.com/hashicorp/terraform-plugin-framework/path"
-	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 
 	"gopkg.in/yaml.v2"
 )
 
 type config struct {
-	Email types.String `tfsdk:"email", yaml:"email"`
-	Token types.String `tfsdk:"token", yaml:"email"`
+	Email types.String `tfsdk:"email" yaml:"email"`
+	Token types.String `tfsdk:"token" yaml:"email"`
 }
 
 func NewConfigDataSource() datasource.DataSource {
@@ -45,7 +42,6 @@ func (d *configDataSource) Schema(_ context.Context, _ datasource.SchemaRequest,
 				Optional:            true,
 				Computed:            true,
 				MarkdownDescription: "The email used to authenticate to plural.",
-				Validators:          []validator.String{stringvalidator.ExactlyOneOf(path.MatchRoot("email"))},
 			},
 			"token": schema.StringAttribute{
 				MarkdownDescription: "Access token used to authenticate to plural.",

diff --git a/internal/datasource/group.go b/internal/datasource/group.go
@@ -76,9 +76,8 @@ func (d *groupDataSource) Read(ctx context.Context, req datasource.ReadRequest,
 		)
 	}
 
-	// First try to fetch cluster by ID if it was provided.
 	var group *console.GroupFragment
-	if !data.Id.IsNull() {
+	if !data.Name.IsNull() {
 		if c, err := d.client.GetGroup(ctx, data.Name.ValueString()); err != nil {
 			resp.Diagnostics.AddWarning("Client Error", fmt.Sprintf("Unable to read group by name, got error: %s", err))
 		} else {

diff --git a/internal/datasource/user.go b/internal/datasource/user.go
@@ -83,7 +83,7 @@ func (d *userDataSource) Read(ctx context.Context, req datasource.ReadRequest, r
 
 	// First try to fetch cluster by ID if it was provided.
 	var user *console.UserFragment
-	if !data.Id.IsNull() {
+	if !data.Email.IsNull() {
 		if c, err := d.client.GetUser(ctx, data.Email.ValueString()); err != nil {
 			resp.Diagnostics.AddWarning("Client Error", fmt.Sprintf("Unable to read user by email, got error: %s", err))
 		} else {

diff --git a/internal/resource/git_repository.go b/internal/resource/git_repository.go
@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
@@ -61,7 +62,6 @@ func (r *GitRepositoryResource) Schema(_ context.Context, _ resource.SchemaReque
 					stringvalidator.ConflictsWith(
 						path.MatchRoot("username"), path.MatchRoot("password"),
 					),
-					stringvalidator.AlsoRequires(path.MatchRoot("passphrase")),
 				},
 			},
 			"passphrase": schema.StringAttribute{
@@ -99,6 +99,13 @@ func (r *GitRepositoryResource) Schema(_ context.Context, _ resource.SchemaReque
 					stringvalidator.AlsoRequires(path.MatchRoot("username")),
 				},
 			},
+			"decrypt": schema.BoolAttribute{
+				Description:         "If set to \"true\" then runs plural crypto unlock on the repo after clone.",
+				MarkdownDescription: "If set to `true` then runs `plural crypto unlock` on the repo after clone.",
+				Optional:            true,
+				Computed:            true,
+				Default:             booldefault.StaticBool(false),
+			},
 			"url_format": schema.StringAttribute{
 				Optional:            true,
 				Description:         "Similar to https_Path, a manually supplied url format for custom git. Should be something like {url}/tree/{ref}/{folder}.",

diff --git a/internal/resource/git_repository_model.go b/internal/resource/git_repository_model.go
@@ -14,6 +14,7 @@ type gitRepository struct {
 	Password   types.String `tfsdk:"password"`
 	UrlFormat  types.String `tfsdk:"url_format"`
 	HttpsPath  types.String `tfsdk:"https_path"`
+	Decrypt    types.Bool   `tfsdk:"decrypt"`
 }
 
 func (g *gitRepository) From(response *gqlclient.GitRepositoryFragment) {
@@ -30,5 +31,6 @@ func (g *gitRepository) Attributes() gqlclient.GitAttributes {
 		Password:   g.Password.ValueStringPointer(),
 		HTTPSPath:  g.HttpsPath.ValueStringPointer(),
 		URLFormat:  g.UrlFormat.ValueStringPointer(),
+		Decrypt:    g.Decrypt.ValueBoolPointer(),
 	}
 }
diff --git a/internal/resource/service_deployment.go b/internal/resource/service_deployment.go
@@ -59,13 +59,14 @@ func (r *ServiceDeploymentResource) Create(ctx context.Context, req resource.Cre
 		return
 	}
 
-	sd, err := r.client.CreateServiceDeployment(ctx, data.Cluster.Id.ValueStringPointer(), data.Cluster.Handle.ValueStringPointer(), data.Attributes(resp.Diagnostics))
+	attrs := data.Attributes(ctx, resp.Diagnostics)
+	sd, err := r.client.CreateServiceDeployment(ctx, data.Cluster.Id.ValueStringPointer(), data.Cluster.Handle.ValueStringPointer(), attrs)
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to create ServiceDeployment, got error: %s", err))
 		return
 	}
 
-	data.FromCreate(sd)
+	data.FromCreate(sd, resp.Diagnostics)
 	resp.Diagnostics.Append(resp.State.Set(ctx, data)...)
 }
 
@@ -82,7 +83,7 @@ func (r *ServiceDeploymentResource) Read(ctx context.Context, req resource.ReadR
 		return
 	}
 
-	data.FromGet(response.ServiceDeployment)
+	data.FromGet(response.ServiceDeployment, resp.Diagnostics)
 	resp.Diagnostics.Append(resp.State.Set(ctx, data)...)
 }
 
@@ -93,7 +94,7 @@ func (r *ServiceDeploymentResource) Update(ctx context.Context, req resource.Upd
 		return
 	}
 
-	_, err := r.client.UpdateServiceDeployment(ctx, data.Id.ValueString(), data.UpdateAttributes())
+	_, err := r.client.UpdateServiceDeployment(ctx, data.Id.ValueString(), data.UpdateAttributes(ctx, resp.Diagnostics))
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to update ServiceDeployment, got error: %s", err))
 		return

diff --git a/internal/resource/service_deployment_model.go b/internal/resource/service_deployment_model.go
@@ -3,29 +3,32 @@ package resource
 import (
 	"context"
 
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
 
 	"terraform-provider-plural/internal/common"
 
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	gqlclient "github.com/pluralsh/console-client-go"
 	"github.com/pluralsh/polly/algorithms"
+	"github.com/samber/lo"
 )
 
 type ServiceDeployment struct {
-	Id            types.String                      `tfsdk:"id"`
-	Name          types.String                      `tfsdk:"name"`
-	Namespace     types.String                      `tfsdk:"namespace"`
-	Version       types.String                      `tfsdk:"version"`
-	DocsPath      types.String                      `tfsdk:"docs_path"`
-	Protect       types.Bool                        `tfsdk:"protect"`
-	Kustomize     *ServiceDeploymentKustomize       `tfsdk:"kustomize"`
-	Configuration []*ServiceDeploymentConfiguration `tfsdk:"configuration"`
-	Cluster       *ServiceDeploymentCluster         `tfsdk:"cluster"`
-	Repository    *ServiceDeploymentRepository      `tfsdk:"repository"`
-	Bindings      *ServiceDeploymentBindings        `tfsdk:"bindings"`
-	SyncConfig    *ServiceDeploymentSyncConfig      `tfsdk:"sync_config"`
-	Helm          *ServiceDeploymentHelm            `tfsdk:"helm"`
+	Id            types.String                 `tfsdk:"id"`
+	Name          types.String                 `tfsdk:"name"`
+	Namespace     types.String                 `tfsdk:"namespace"`
+	Version       types.String                 `tfsdk:"version"`
+	DocsPath      types.String                 `tfsdk:"docs_path"`
+	Protect       types.Bool                   `tfsdk:"protect"`
+	Kustomize     *ServiceDeploymentKustomize  `tfsdk:"kustomize"`
+	Configuration types.Map                    `tfsdk:"configuration"`
+	Cluster       *ServiceDeploymentCluster    `tfsdk:"cluster"`
+	Repository    *ServiceDeploymentRepository `tfsdk:"repository"`
+	Bindings      *ServiceDeploymentBindings   `tfsdk:"bindings"`
+	SyncConfig    *ServiceDeploymentSyncConfig `tfsdk:"sync_config"`
+	Helm          *ServiceDeploymentHelm       `tfsdk:"helm"`
 }
 
 func (this *ServiceDeployment) VersionString() *string {
@@ -37,28 +40,28 @@ func (this *ServiceDeployment) VersionString() *string {
 	return result
 }
 
-func (this *ServiceDeployment) FromCreate(response *gqlclient.ServiceDeploymentFragment) {
+func (this *ServiceDeployment) FromCreate(response *gqlclient.ServiceDeploymentExtended, d diag.Diagnostics) {
 	this.Id = types.StringValue(response.ID)
 	this.Name = types.StringValue(response.Name)
 	this.Namespace = types.StringValue(response.Namespace)
 	this.Protect = types.BoolPointerValue(response.Protect)
 	this.Version = types.StringValue(response.Version)
 	this.Kustomize.From(response.Kustomize)
-	this.Configuration = ToServiceDeploymentConfiguration(response.Configuration)
+	this.Configuration = ToServiceDeploymentConfiguration(response.Configuration, d)
 	this.Repository.From(response.Repository, response.Git)
 }
 
-func (this *ServiceDeployment) FromGet(response *gqlclient.ServiceDeploymentExtended) {
+func (this *ServiceDeployment) FromGet(response *gqlclient.ServiceDeploymentExtended, d diag.Diagnostics) {
 	this.Id = types.StringValue(response.ID)
 	this.Name = types.StringValue(response.Name)
 	this.Namespace = types.StringValue(response.Namespace)
 	this.Protect = types.BoolPointerValue(response.Protect)
 	this.Kustomize.From(response.Kustomize)
-	this.Configuration = ToServiceDeploymentConfiguration(response.Configuration)
+	this.Configuration = ToServiceDeploymentConfiguration(response.Configuration, d)
 	this.Repository.From(response.Repository, response.Git)
 }
 
-func (this *ServiceDeployment) Attributes(d diag.Diagnostics) gqlclient.ServiceDeploymentAttributes {
+func (this *ServiceDeployment) Attributes(ctx context.Context, d diag.Diagnostics) gqlclient.ServiceDeploymentAttributes {
 	if this == nil {
 		return gqlclient.ServiceDeploymentAttributes{}
 	}
@@ -78,14 +81,14 @@ func (this *ServiceDeployment) Attributes(d diag.Diagnostics) gqlclient.ServiceD
 		RepositoryID:  repositoryId,
 		Git:           this.Repository.Attributes(),
 		Kustomize:     this.Kustomize.Attributes(),
-		Configuration: ToServiceDeploymentConfigAttributes(this.Configuration),
+		Configuration: this.ToServiceDeploymentConfigAttributes(ctx, d),
 		ReadBindings:  this.Bindings.ReadAttributes(),
 		WriteBindings: this.Bindings.WriteAttributes(),
 		Helm:          this.Helm.Attributes(),
 	}
 }
 
-func (this *ServiceDeployment) UpdateAttributes() gqlclient.ServiceUpdateAttributes {
+func (this *ServiceDeployment) UpdateAttributes(ctx context.Context, d diag.Diagnostics) gqlclient.ServiceUpdateAttributes {
 	if this == nil {
 		return gqlclient.ServiceUpdateAttributes{}
 	}
@@ -94,7 +97,7 @@ func (this *ServiceDeployment) UpdateAttributes() gqlclient.ServiceUpdateAttribu
 		Version:       this.Version.ValueStringPointer(),
 		Protect:       this.Protect.ValueBoolPointer(),
 		Git:           this.Repository.Attributes(),
-		Configuration: ToServiceDeploymentConfigAttributes(this.Configuration),
+		Configuration: this.ToServiceDeploymentConfigAttributes(ctx, d),
 		Kustomize:     this.Kustomize.Attributes(),
 		Helm:          this.Helm.Attributes(),
 	}
@@ -108,25 +111,25 @@ type ServiceDeploymentConfiguration struct {
 func ToServiceDeploymentConfiguration(configuration []*struct {
 	Name  string "json:\"name\" graphql:\"name\""
 	Value string "json:\"value\" graphql:\"value\""
-}) []*ServiceDeploymentConfiguration {
-	result := make([]*ServiceDeploymentConfiguration, len(configuration))
-	for i, c := range configuration {
-		result[i] = &ServiceDeploymentConfiguration{
-			Name:  types.StringValue(c.Name),
-			Value: types.StringValue(c.Value),
-		}
+}, d diag.Diagnostics) basetypes.MapValue {
+	resultMap := make(map[string]attr.Value, len(configuration))
+	for _, c := range configuration {
+		resultMap[c.Name] = types.StringValue(c.Value)
 	}
 
+	result, tagsDiagnostics := types.MapValue(types.StringType, resultMap)
+	d.Append(tagsDiagnostics...)
+
 	return result
 }
 
-func ToServiceDeploymentConfigAttributes(configuration []*ServiceDeploymentConfiguration) []*gqlclient.ConfigAttributes {
-	result := make([]*gqlclient.ConfigAttributes, len(configuration))
-	for i, c := range configuration {
-		result[i] = &gqlclient.ConfigAttributes{
-			Name:  c.Name.ValueString(),
-			Value: c.Value.ValueStringPointer(),
-		}
+func (this *ServiceDeployment) ToServiceDeploymentConfigAttributes(ctx context.Context, d diag.Diagnostics) []*gqlclient.ConfigAttributes {
+	result := make([]*gqlclient.ConfigAttributes, 0)
+	elements := make(map[string]types.String, len(this.Configuration.Elements()))
+	d.Append(this.Configuration.ElementsAs(ctx, &elements, false)...)
+
+	for k, v := range elements {
+		result = append(result, &gqlclient.ConfigAttributes{Name: k, Value: lo.ToPtr(v.ValueString())})
 	}
 
 	return result

diff --git a/internal/resource/service_deployment_schema.go b/internal/resource/service_deployment_schema.go
@@ -52,22 +52,25 @@ func (r *ServiceDeploymentResource) schema() schema.Schema {
 				Optional:            true,
 				Description:         "Path to the documentation in the target git repository.",
 				MarkdownDescription: "Path to the documentation in the target git repository.",
-				PlanModifiers: []planmodifier.String{
-					stringplanmodifier.RequiresReplace(),
-				},
 			},
 			"protect": schema.BoolAttribute{
 				Optional:            true,
 				Description:         "If true, deletion of this service is not allowed.",
 				MarkdownDescription: "If true, deletion of this service is not allowed.",
 			},
-			"kustomize":     r.schemaKustomize(),
-			"configuration": r.schemaConfiguration(),
-			"cluster":       r.schemaCluster(),
-			"repository":    r.schemaRepository(),
-			"bindings":      r.schemaBindings(),
-			"sync_config":   r.schemaSyncConfig(),
-			"helm":          r.schemaHelm(),
+			"kustomize": r.schemaKustomize(),
+			"configuration": schema.MapAttribute{
+				Description:         "Key-value configuration used to parameterize this service (stored securely by default).",
+				MarkdownDescription: "Key-value configuration used to parameterize this service (stored securely by default).",
+				Optional:            true,
+				Computed:            true,
+				ElementType:         types.StringType,
+			},
+			"cluster":     r.schemaCluster(),
+			"repository":  r.schemaRepository(),
+			"bindings":    r.schemaBindings(),
+			"sync_config": r.schemaSyncConfig(),
+			"helm":        r.schemaHelm(),
 		},
 	}
 }