[IAM] Add opentelekomcloud_identity_mapping_v3 resource

opentelekomcloud/acceptance/iam/resource_opentelekomcloud_identity_mapping_v3_test.go

@@ -0,0 +1,82 @@
+package acceptance
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/identity/v3/federation/mappings"
+
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/env"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
+)
+
+func TestAccIdentityV3MappingBasic(t *testing.T) {
+	resourceName := "opentelekomcloud_identity_mapping_v3.mapping"
+	mappingID := tools.RandomString("mapping-", 3)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			common.TestAccPreCheck(t)
+			common.TestAccPreCheckAdminOnly(t)
+		},
+		Providers:    common.TestAccProviders,
+		CheckDestroy: testAccCheckIdentityV3MappingDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIdentityV3MappingBasic(mappingID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "", ""),
+				),
+			},
+			{
+				Config: testAccIdentityV3MappingUpdate(mappingID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "", ""),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIdentityV3MappingDestroy(s *terraform.State) error {
+	config := common.TestAccProvider.Meta().(*cfg.Config)
+	client, err := config.IdentityV3Client(env.OS_REGION_NAME)
+	if err != nil {
+		return fmt.Errorf("error creating identity v3 client: %w", err)
+	}
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "opentelekomcloud_identity_mapping_v3" {
+			continue
+		}
+
+		_, err := mappings.Get(client, rs.Primary.ID).Extract()
+		if err == nil {
+			return fmt.Errorf("mapping still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccIdentityV3MappingBasic(mappingID string) string {
+	return fmt.Sprintf(`
+resource "opentelekomcloud_identity_mapping_v3" "mapping" {
+  mapping_id = "%s"
+  rules      = jsonencode([{"local":[{"user":{"name":"{0}"}},{"groups":"[\"admin\",\"manager\"]"}],"remote":[{"type":"uid"}]}])
+}
+`, mappingID)
+}
+
+func testAccIdentityV3MappingUpdate(mappingID string) string {
+	return fmt.Sprintf(`
+resource "opentelekomcloud_identity_mapping_v3" "mapping" {
+  mapping_id = "%s"
+  rules      = jsonencode([{"local":[{"user":{"name":"samltestid-{0}"}},{"groups":"[\"admin\",\"manager\"]"}],"remote":[{"type":"uid"}]}])
+}
+`, mappingID)
+}

opentelekomcloud/provider.go

@@ -325,6 +325,7 @@ func Provider() terraform.ResourceProvider {
 			"opentelekomcloud_identity_credential_v3":             iam.ResourceIdentityCredentialV3(),
 			"opentelekomcloud_identity_group_v3":                  iam.ResourceIdentityGroupV3(),
 			"opentelekomcloud_identity_group_membership_v3":       iam.ResourceIdentityGroupMembershipV3(),
+			"opentelekomcloud_identity_mapping_v3":                iam.ResourceIdentityMappingV3(),
 			"opentelekomcloud_identity_project_v3":                iam.ResourceIdentityProjectV3(),
 			"opentelekomcloud_identity_provider_v3":               iam.ResourceIdentityProviderV3(),
 			"opentelekomcloud_identity_role_v3":                   iam.ResourceIdentityRoleV3(),

opentelekomcloud/services/iam/resource_opentelekomcloud_identity_mapping_v3.go

@@ -0,0 +1,143 @@
+package iam
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/identity/v3/federation/mappings"
+
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
+)
+
+const mappingError = "error %s identity mapping v3: %w"
+
+func ResourceIdentityMappingV3() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceIdentityMappingV3Create,
+		Read:   resourceIdentityMappingV3Read,
+		Update: resourceIdentityMappingV3Update,
+		Delete: resourceIdentityMappingV3Delete,
+
+		Schema: map[string]*schema.Schema{
+			"mapping_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"rules": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: common.ValidateJsonString,
+				StateFunc: func(v interface{}) string {
+					jsonString, _ := common.NormalizeJsonString(v)
+					return jsonString
+				},
+			},
+		},
+	}
+}
+
+func resourceIdentityMappingV3Create(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*cfg.Config)
+	client, err := config.IdentityV3Client(config.GetRegion(d))
+	if err != nil {
+		return fmt.Errorf(clientCreationFail, err)
+	}
+
+	rulesRaw := d.Get("rules").(string)
+	rulesBytes := []byte(rulesRaw)
+	rules := make([]mappings.RuleOpts, 1)
+	if err := json.Unmarshal(rulesBytes, &rules); err != nil {
+		return err
+	}
+
+	createOpts := mappings.CreateOpts{
+		Rules: rules,
+	}
+	mappingID := d.Get("mapping_id").(string)
+	mapping, err := mappings.Create(client, mappingID, createOpts).Extract()
+	if err != nil {
+		return fmt.Errorf(mappingError, "creating", err)
+	}
+
+	d.SetId(mapping.ID)
+
+	return resourceIdentityMappingV3Read(d, meta)
+}
+
+func resourceIdentityMappingV3Read(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*cfg.Config)
+	client, err := config.IdentityV3Client(config.GetRegion(d))
+	if err != nil {
+		return fmt.Errorf(clientCreationFail, err)
+	}
+
+	mapping, err := mappings.Get(client, d.Id()).Extract()
+	if err != nil {
+		if _, ok := err.(golangsdk.ErrDefault404); ok {
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf(mappingError, "reading", err)
+	}
+
+	rules, err := json.Marshal(mapping.Rules)
+	if err != nil {
+		return err
+	}
+	if err := d.Set("rules", rules); err != nil {
+		return err
+	}
+
+	if err := d.Set("links", mapping.Links); err != nil {
+		return fmt.Errorf("error setting identity mapping links: %w", err)
+	}
+
+	return nil
+}
+
+func resourceIdentityMappingV3Update(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*cfg.Config)
+	client, err := config.IdentityV3Client(config.GetRegion(d))
+	if err != nil {
+		return fmt.Errorf(clientCreationFail, err)
+	}
+	changes := false
+	updateOpts := mappings.UpdateOpts{}
+
+	if d.HasChange("rules") {
+		changes = true
+		rulesRaw := d.Get("rules").(string)
+		rulesBytes := []byte(rulesRaw)
+		rules := make([]mappings.RuleOpts, 1)
+		if err := json.Unmarshal(rulesBytes, &rules); err != nil {
+			return err
+		}
+		updateOpts.Rules = rules
+	}
+	if changes {
+		_, err := mappings.Update(client, d.Id(), updateOpts).Extract()
+		if err != nil {
+			return err
+		}
+	}
+
+	return resourceIdentityMappingV3Read(d, meta)
+}
+
+func resourceIdentityMappingV3Delete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*cfg.Config)
+	client, err := config.IdentityV3Client(config.GetRegion(d))
+	if err != nil {
+		return fmt.Errorf(clientCreationFail, err)
+	}
+
+	if err := mappings.Delete(client, d.Id()).ExtractErr(); err != nil {
+		return fmt.Errorf(mappingError, "deleting", err)
+	}
+
+	return nil
+}