Add cloudflare_account_member resource

README.md

@@ -42,7 +42,7 @@ If you wish to work on the provider, you'll first need [Go](http://www.golang.or
 To compile the provider, run `make build`. This will build the provider and put the provider binary in the `$GOPATH/bin` directory.
 
 ```sh
-$ make bin
+$ make build
 ...
 $ $GOPATH/bin/terraform-provider-cloudflare
 ...

cloudflare/provider.go

@@ -5,6 +5,7 @@ import (
 	"os"
 
 	"fmt"
+
 	"github.com/cloudflare/cloudflare-go"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/terraform"
@@ -90,6 +91,7 @@ func Provider() terraform.ResourceProvider {
 			"cloudflare_load_balancer":          resourceCloudflareLoadBalancer(),
 			"cloudflare_load_balancer_pool":     resourceCloudflareLoadBalancerPool(),
 			"cloudflare_zone_settings_override": resourceCloudflareZoneSettingsOverride(),
+			"cloudflare_account_member":         resourceCloudflareAccountMember(),
 		},
 
 		ConfigureFunc: providerConfigure,

cloudflare/resource_cloudflare_account_member.go

@@ -0,0 +1,110 @@
+package cloudflare
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceCloudflareAccountMember() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceCloudflareAccountMemberCreate,
+		Read:   resourceCloudflareAccountMemberRead,
+		Update: resourceCloudflareAccountMemberUpdate,
+		Delete: resourceCloudflareAccountMemberDelete,
+
+		SchemaVersion: 0,
+		Schema: map[string]*schema.Schema{
+			"email_address": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"role_ids": {
+				Type:     schema.TypeList,
+				Required: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func resourceCloudflareAccountMemberRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*cloudflare.API)
+
+	_, err := client.AccountMember(client.OrganizationID, d.Id())
+	if err != nil {
+		if strings.Contains(err.Error(), "Member not found") ||
+			strings.Contains(err.Error(), "HTTP status 404") {
+			log.Printf("[WARN] Removing account member from state because it's not present in API")
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	d.SetId(d.Id())
+
+	return nil
+}
+
+func resourceCloudflareAccountMemberDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*cloudflare.API)
+
+	log.Printf("[INFO] Deleting Cloudflare account member ID: %s", d.Id())
+
+	err := client.DeleteAccountMember(client.OrganizationID, d.Id())
+	if err != nil {
+		return fmt.Errorf("error deleting Cloudflare account member: %s", err)
+	}
+
+	return nil
+}
+
+func resourceCloudflareAccountMemberCreate(d *schema.ResourceData, meta interface{}) error {
+	memberEmailAddress := d.Get("email_address").(string)
+	requestedMemberRoles := d.Get("role_ids").([]interface{})
+
+	client := meta.(*cloudflare.API)
+
+	var accountMemberRoleIDs []string
+	for _, roleID := range requestedMemberRoles {
+		accountMemberRoleIDs = append(accountMemberRoleIDs, roleID.(string))
+	}
+
+	r, err := client.CreateAccountMember(client.OrganizationID, memberEmailAddress, accountMemberRoleIDs)
+
+	if err != nil {
+		return fmt.Errorf("error creating Cloudflare account member: %s", err)
+	}
+
+	if r.ID == "" {
+		return fmt.Errorf("failed to find ID in create response; resource was empty")
+	}
+
+	d.SetId(r.ID)
+
+	return resourceCloudflareAccountMemberRead(d, meta)
+}
+
+func resourceCloudflareAccountMemberUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*cloudflare.API)
+	accountRoles := []cloudflare.AccountRole{}
+	memberRoles := d.Get("role_ids").([]interface{})
+
+	for _, r := range memberRoles {
+		accountRole, _ := client.AccountRole(client.OrganizationID, r.(string))
+		accountRoles = append(accountRoles, accountRole)
+	}
+
+	updatedAccountMember := cloudflare.AccountMember{Roles: accountRoles}
+	_, err := client.UpdateAccountMember(client.OrganizationID, d.Id(), updatedAccountMember)
+	if err != nil {
+		return fmt.Errorf("failed to update Cloudflare account member: %s", err)
+	}
+
+	return resourceCloudflareAccountMemberRead(d, meta)
+}

website/cloudflare.erb

@@ -42,6 +42,9 @@
             <li<%= sidebar_current("docs-cloudflare-resource-zone-settings-override") %>>
               <a href="/docs/providers/cloudflare/r/zone_settings_override.html">cloudflare_zone_settings_override</a>
             </li>
+            <li<%= sidebar_current("docs-cloudflare-resource-account-member") %>>
+              <a href="/docs/providers/cloudflare/r/account_member.html">cloudflare_account_member</a>
+            </li>
           </ul>
         </li>
       </ul>

website/docs/r/account_member.markdown

@@ -0,0 +1,30 @@
+---
+layout: "cloudflare"
+page_title: "Cloudflare: cloudflare_account_member"
+sidebar_current: "docs-cloudflare-resource-account-member"
+description: |-
+  Provides a resource which manages Cloudflare account members.
+---
+
+# cloudflare_account_member
+
+Provides a resource which manages Cloudflare account members.
+
+## Example Usage
+
+```hcl
+resource "cloudflare_account_member" "example_user" {
+  email_address = "[email protected]"
+  role_ids = [
+    "68b329da9893e34099c7d8ad5cb9c940",
+    "d784fa8b6d98d27699781bd9a7cf19f0"
+  ]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `email_address` - (Required) The email address of the user who you wish to manage. Note: Following creation, this field becomes read only via the API and cannot be updated.
+* `role_ids` - (Required) Array of account role IDs that you want to assign to a member.