ENG-14612: Implement cyral_policy_wizards resource (#593)

* ENG-14612: Implement cyral_policy_wizards resource

* add acceptance test

* generate documentation

* fix not-found case

* move test file

* restructure packages

* use standard variable naming convention

* Rename package policyv2 to policy

---------

Co-authored-by: Wilson de Carvalho <[email protected]>

cyral/internal/policy/v2/constants.go → cyral/internal/policy/constants.go

@@ -1,4 +1,4 @@
-package policyv2
+package policy
 
 const (
 	resourceName   = "cyral_policy_v2"

cyral/internal/policy/v2/datasource.go → cyral/internal/policy/datasource.go

@@ -1,4 +1,4 @@
-package policyv2
+package policy
 
 import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"

cyral/internal/policy/v2/model.go → cyral/internal/policy/model.go

@@ -1,4 +1,4 @@
-package policyv2
+package policy
 
 import (
 	"context"

cyral/internal/policy/v2/resource.go → cyral/internal/policy/resource.go

@@ -1,4 +1,4 @@
-package policyv2
+package policy
 
 import (
 	"context"

cyral/internal/policy/v2/resource_test.go → cyral/internal/policy/resource_test.go

@@ -1,4 +1,4 @@
-package policyv2_test
+package policy_test
 
 import (
 	"fmt"

cyral/internal/policy/v2/schema_loader.go → cyral/internal/policy/schema_loader.go

@@ -1,4 +1,4 @@
-package policyv2
+package policy
 
 import "github.com/cyralinc/terraform-provider-cyral/cyral/core"
 

cyral/internal/policyset/schema_loader.go → cyral/internal/policy/set/schema_loader.go

@@ -17,7 +17,6 @@ func (p *packageSchema) Schemas() []*core.SchemaDescriptor {
 			Type:   core.DataSourceSchemaType,
 			Schema: dataSourceSchema,
 		},
-
 		{
 			Name:   resourceName,
 			Type:   core.ResourceSchemaType,

cyral/internal/policy/wizard/constants.go

@@ -0,0 +1,5 @@
+package wizard
+
+const (
+	dataSourceName = "cyral_policy_wizards"
+)

cyral/internal/policy/wizard/datasource.go

@@ -0,0 +1,64 @@
+package wizard
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/cyralinc/terraform-provider-cyral/cyral/core"
+	"github.com/cyralinc/terraform-provider-cyral/cyral/core/types/resourcetype"
+)
+
+var dsContextHandler = core.ContextHandler{
+	ResourceName: dataSourceName,
+	ResourceType: resourcetype.DataSource,
+	Read:         readPolicyWizards,
+}
+
+func dataSourceSchema() *schema.Resource {
+	return &schema.Resource{
+		Description: "This data source provides information policy wizards",
+		ReadContext: dsContextHandler.ReadContext,
+		Schema: map[string]*schema.Schema{
+			"wizard_id": {
+				Description: "id of the policy wizard of interest.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			"wizards": {
+				Description: "Set of supported policy wizards.",
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Elem: &schema.Resource{
+					Description: "Information about a policy wizard.",
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Description: "Identifier for the policy wizard, use as the value of wizard_id parameter in the policy set resource.",
+							Type:        schema.TypeString,
+							Required:    true,
+						},
+						"name": {
+							Description: "Name of the policy wizard.",
+							Type:        schema.TypeString,
+							Computed:    true,
+						},
+						"description": {
+							Description: "Description of the policy wizard.",
+							Type:        schema.TypeString,
+							Computed:    true,
+						},
+						"tags": {
+							Description: "Tags associated with the policy wizard.",
+							Type:        schema.TypeList,
+							Computed:    true,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+						},
+						"parameter_schema": {
+							Description: "JSON schema for the policy wizard parameters.",
+							Type:        schema.TypeString,
+							Computed:    true,
+						},
+					},
+				},
+			},
+		},
+	}
+}

cyral/internal/policy/wizard/datasource_test.go

@@ -0,0 +1,80 @@
+package wizard_test
+
+import (
+	"testing"
+
+	"github.com/cyralinc/terraform-provider-cyral/cyral/provider"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccPolicyWizardsDataSource(t *testing.T) {
+	dsName := "data.cyral_policy_wizards.wizard_list"
+	resource.ParallelTest(t, resource.TestCase{
+		ProviderFactories: provider.ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: `
+data "cyral_policy_wizards" "wizard_list" {
+}
+`,
+				Check: checkAllWizards(dsName),
+			},
+			{
+				Config: `
+data "cyral_policy_wizards" "wizard_list" {
+  wizard_id = "data-firewall"
+}
+`,
+				Check: checkOneWizard(dsName, "data-firewall"),
+			},
+			{
+				Config: `
+data "cyral_policy_wizards" "wizard_list" {
+  wizard_id = "XXX"
+}
+`,
+				Check: resource.TestCheckResourceAttr(dsName, "wizards.#", "0"),
+			},
+		},
+	})
+}
+
+// checkAllWizards ensures that a few well known wizard ids are present in the
+// datasource state. It does not attempt to make very exhaustive checks because
+// wizard names, descriptions (and even the wizard list) is subject to change.
+func checkAllWizards(dsName string) resource.TestCheckFunc {
+	return resource.ComposeTestCheckFunc(
+		resource.TestCheckTypeSetElemNestedAttrs(
+			dsName, "wizards.*",
+			map[string]string{
+				"id": "data-firewall",
+			},
+		),
+		resource.TestCheckTypeSetElemNestedAttrs(
+			dsName, "wizards.*",
+			map[string]string{
+				"id": "data-masking",
+			},
+		),
+		resource.TestCheckTypeSetElemNestedAttrs(
+			dsName, "wizards.*",
+			map[string]string{
+				"id": "user-segmentation",
+			},
+		),
+	)
+}
+
+// checkOneWizard ensures that the data source state contains only one wizard
+// with the given id.
+func checkOneWizard(dsName, id string) resource.TestCheckFunc {
+	return resource.ComposeTestCheckFunc(
+		resource.TestCheckResourceAttr(dsName, "wizards.#", "1"),
+		resource.TestCheckTypeSetElemNestedAttrs(
+			dsName, "wizards.*",
+			map[string]string{
+				"id": id,
+			},
+		),
+	)
+}

cyral/internal/policy/wizard/model.go

@@ -0,0 +1,66 @@
+package wizard
+
+import (
+	"context"
+
+	methods "buf.build/gen/go/cyral/policy/grpc/go/policy/v1/policyv1grpc"
+	msg "buf.build/gen/go/cyral/policy/protocolbuffers/go/policy/v1"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	"github.com/cyralinc/terraform-provider-cyral/cyral/client"
+)
+
+func readPolicyWizards(ctx context.Context, cl *client.Client, rd *schema.ResourceData) error {
+	var wizardList []*msg.PolicyWizard
+
+	wizId := rd.Get("wizard_id").(string)
+	grpcClient := methods.NewPolicyWizardServiceClient(cl.GRPCClient())
+	if wizId != "" {
+		req := &msg.ReadPolicyWizardRequest{
+			Id: wizId,
+		}
+		resp, err := grpcClient.ReadPolicyWizard(ctx, req)
+		if err != nil && status.Code(err) != codes.NotFound {
+			return err
+		}
+		if status.Code(err) != codes.NotFound {
+			wizardList = []*msg.PolicyWizard{resp.GetPolicyWizard()}
+		}
+	} else {
+		req := &msg.ListPolicyWizardsRequest{}
+		resp, err := grpcClient.ListPolicyWizards(ctx, req)
+		if err != nil {
+			return err
+		}
+		wizardList = resp.GetPolicyWizards()
+	}
+	updateSchema(wizardList, rd)
+	return nil
+}
+
+func wizardToMap(wiz *msg.PolicyWizard) map[string]any {
+	return map[string]any{
+		"id":               wiz.GetId(),
+		"name":             wiz.GetName(),
+		"description":      wiz.GetDescription(),
+		"parameter_schema": wiz.GetParameterSchema(),
+		"tags": func() []any {
+			tags := make([]any, 0, len(wiz.GetTags()))
+			for _, t := range wiz.GetTags() {
+				tags = append(tags, t)
+			}
+			return tags
+		}(),
+	}
+}
+
+func updateSchema(wizards []*msg.PolicyWizard, rd *schema.ResourceData) {
+	wizardList := make([]any, 0, len(wizards))
+	for _, wiz := range wizards {
+		wizardList = append(wizardList, wizardToMap(wiz))
+	}
+	rd.Set("wizards", wizardList)
+	rd.SetId("cyral-wizard-list")
+}

cyral/internal/policy/wizard/schema_loader.go

@@ -0,0 +1,24 @@
+package wizard
+
+import "github.com/cyralinc/terraform-provider-cyral/cyral/core"
+
+type packageSchema struct {
+}
+
+func (p *packageSchema) Name() string {
+	return "policyset"
+}
+
+func (p *packageSchema) Schemas() []*core.SchemaDescriptor {
+	return []*core.SchemaDescriptor{
+		{
+			Name:   dataSourceName,
+			Type:   core.DataSourceSchemaType,
+			Schema: dataSourceSchema,
+		},
+	}
+}
+
+func PackageSchema() core.PackageSchema {
+	return &packageSchema{}
+}

cyral/provider/provider.go

@@ -180,8 +180,6 @@ func getCredentials(d *schema.ResourceData) (string, string, diag.Diagnostics) {
 	return clientID, clientSecret, diags
 }
 
-var provider = Provider()
-
 var ProviderFactories = map[string]func() (*schema.Provider, error){
 	"cyral": func() (*schema.Provider, error) {
 		return Provider(), nil

cyral/provider/schema_loader.go

@@ -15,8 +15,9 @@ import (
 	integration_slack "github.com/cyralinc/terraform-provider-cyral/cyral/internal/integration/slack"
 	integration_teams "github.com/cyralinc/terraform-provider-cyral/cyral/internal/integration/teams"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/permission"
-	policyv2 "github.com/cyralinc/terraform-provider-cyral/cyral/internal/policy/v2"
-	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/policyset"
+	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/policy"
+	policyset "github.com/cyralinc/terraform-provider-cyral/cyral/internal/policy/set"
+	policywizard "github.com/cyralinc/terraform-provider-cyral/cyral/internal/policy/wizard"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/regopolicy"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository"
 	repository_accessgateway "github.com/cyralinc/terraform-provider-cyral/cyral/internal/repository/accessgateway"
@@ -56,8 +57,9 @@ func packagesSchemas() []core.PackageSchema {
 		integration_slack.PackageSchema(),
 		integration_teams.PackageSchema(),
 		permission.PackageSchema(),
-		policyv2.PackageSchema(),
+		policy.PackageSchema(),
 		policyset.PackageSchema(),
+		policywizard.PackageSchema(),
 		regopolicy.PackageSchema(),
 		repository.PackageSchema(),
 		repository_accessgateway.PackageSchema(),

docs/data-sources/policy_wizards.md

@@ -0,0 +1,36 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "cyral_policy_wizards Data Source - terraform-provider-cyral"
+subcategory: ""
+description: |-
+    This data source provides information policy wizards
+---
+
+# cyral_policy_wizards (Data Source)
+
+This data source provides information policy wizards
+
+<!-- schema generated by tfplugindocs -->
+
+## Schema
+
+### Optional
+
+-   `wizard_id` (String) id of the policy wizard of interest.
+
+### Read-Only
+
+-   `id` (String) The ID of this resource.
+-   `wizards` (Set of Object) Set of supported policy wizards. (see [below for nested schema](#nestedatt--wizards))
+
+<a id="nestedatt--wizards"></a>
+
+### Nested Schema for `wizards`
+
+Read-Only:
+
+-   `description` (String)
+-   `id` (String)
+-   `name` (String)
+-   `parameter_schema` (String)
+-   `tags` (List of String)