From 66d090bf08e551aa70d21808c73506db4f431505 Mon Sep 17 00:00:00 2001 From: hkavya26 Date: Thu, 30 Sep 2021 19:26:32 +0530 Subject: [PATCH] Revert authorisation policy role migration --- ibm/config.go | 17 +++++++++++ ...ource_ibm_iam_authorization.policy_test.go | 28 +++++++++++++++++ ibm/resource_ibm_iam_authorization_policy.go | 30 ++++++++----------- 3 files changed, 57 insertions(+), 18 deletions(-) diff --git a/ibm/config.go b/ibm/config.go index 9ff2e4e390..cdab2d3791 100644 --- a/ibm/config.go +++ b/ibm/config.go @@ -83,6 +83,7 @@ import ( "github.com/IBM-Cloud/bluemix-go/api/globalsearch/globalsearchv2" "github.com/IBM-Cloud/bluemix-go/api/globaltagging/globaltaggingv3" "github.com/IBM-Cloud/bluemix-go/api/hpcs" + "github.com/IBM-Cloud/bluemix-go/api/iam/iamv1" "github.com/IBM-Cloud/bluemix-go/api/icd/icdv4" "github.com/IBM-Cloud/bluemix-go/api/mccp/mccpv2" "github.com/IBM-Cloud/bluemix-go/api/resource/resourcev1/catalog" @@ -199,6 +200,7 @@ type ClientSession interface { GlobalTaggingAPI() (globaltaggingv3.GlobalTaggingServiceAPI, error) GlobalTaggingAPIv1() (globaltaggingv1.GlobalTaggingV1, error) ICDAPI() (icdv4.ICDServiceAPI, error) + IAMAPI() (iamv1.IAMServiceAPI, error) IAMPolicyManagementV1API() (*iampolicymanagement.IamPolicyManagementV1, error) IAMAccessGroupsV2() (*iamaccessgroups.IamAccessGroupsV2, error) MccpAPI() (mccpv2.MccpServiceAPI, error) @@ -317,6 +319,9 @@ type clientSession struct { userManagementErr error userManagementAPI usermanagementv2.UserManagementAPI + iamConfigErr error + iamServiceAPI iamv1.IAMServiceAPI + icdConfigErr error icdServiceAPI icdv4.ICDServiceAPI @@ -604,6 +609,11 @@ func (sess clientSession) UserManagementAPI() (usermanagementv2.UserManagementAP return sess.userManagementAPI, sess.userManagementErr } +// IAMAPI provides IAM PAP APIs ... +func (sess clientSession) IAMAPI() (iamv1.IAMServiceAPI, error) { + return sess.iamServiceAPI, sess.iamConfigErr +} + // IAM Policy Management func (sess clientSession) IAMPolicyManagementV1API() (*iampolicymanagement.IamPolicyManagementV1, error) { return sess.iamPolicyManagementAPI, sess.iamPolicyManagementErr @@ -1012,6 +1022,7 @@ func (c *Config) ClientSession() (interface{}, error) { session.catalogManagementClientErr = errEmptyBluemixCredentials session.powerConfigErr = errEmptyBluemixCredentials session.ibmpiConfigErr = errEmptyBluemixCredentials + session.iamConfigErr = errEmptyBluemixCredentials session.userManagementErr = errEmptyBluemixCredentials session.certManagementErr = errEmptyBluemixCredentials session.vpcErr = errEmptyBluemixCredentials @@ -1530,6 +1541,12 @@ func (c *Config) ClientSession() (interface{}, error) { } session.resourceControllerServiceAPIv2 = ResourceControllerAPIv2 + iam, err := iamv1.New(sess.BluemixSession) + if err != nil { + session.iamConfigErr = fmt.Errorf("Error occured while configuring Bluemix IAM Service: %q", err) + } + session.iamServiceAPI = iam + userManagementAPI, err := usermanagementv2.New(sess.BluemixSession) if err != nil { session.userManagementErr = fmt.Errorf("Error occured while configuring user management service: %q", err) diff --git a/ibm/resource_ibm_iam_authorization.policy_test.go b/ibm/resource_ibm_iam_authorization.policy_test.go index baed584195..06ad54b69b 100644 --- a/ibm/resource_ibm_iam_authorization.policy_test.go +++ b/ibm/resource_ibm_iam_authorization.policy_test.go @@ -109,6 +109,25 @@ func TestAccIBMIAMAuthorizationPolicy_ResourceType(t *testing.T) { }, }) } +func TestAccIBMIAMAuthorizationPolicyDelegatorRole(t *testing.T) { + var conf iampolicymanagementv1.Policy + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckIBMIAMAuthorizationPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMIAMAuthorizationPolicyDelegatorRole(), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMIAMAuthorizationPolicyExists("ibm_iam_authorization_policy.policy", conf), + resource.TestCheckResourceAttr("ibm_iam_authorization_policy.policy", "source_service_name", "databases-for-redis"), + resource.TestCheckResourceAttr("ibm_iam_authorization_policy.policy", "target_service_name", "kms"), + ), + }, + }, + }) +} func testAccCheckIBMIAMAuthorizationPolicyDestroy(s *terraform.State) error { iamPolicyManagementClient, err := testAccProvider.Meta().(ClientSession).IAMPolicyManagementV1API() @@ -214,6 +233,15 @@ func testAccCheckIBMIAMAuthorizationPolicyResourceType() string { } ` } +func testAccCheckIBMIAMAuthorizationPolicyDelegatorRole() string { + return ` + resource "ibm_iam_authorization_policy" "policy" { + source_service_name = "databases-for-redis" + target_service_name = "kms" + roles = ["Reader", "AuthorizationDelegator"] + } + ` +} func testAccCheckIBMIAMAuthorizationPolicyResourceGroup(sResourceGroup, tResourceGroup string) string { return fmt.Sprintf(` diff --git a/ibm/resource_ibm_iam_authorization_policy.go b/ibm/resource_ibm_iam_authorization_policy.go index c13526e26a..16c75d7a35 100644 --- a/ibm/resource_ibm_iam_authorization_policy.go +++ b/ibm/resource_ibm_iam_authorization_policy.go @@ -10,6 +10,7 @@ import ( "github.com/IBM/go-sdk-core/v5/core" "github.com/IBM/platform-services-go-sdk/iampolicymanagementv1" + "github.com/IBM-Cloud/bluemix-go/models" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -322,25 +323,18 @@ func resourceIBMIAMAuthorizationPolicyExists(d *schema.ResourceData, meta interf func getAuthorizationRolesByName(roleNames []string, sourceServiceName string, targetServiceName string, meta interface{}) ([]iampolicymanagementv1.PolicyRole, error) { - iamPolicyManagementClient, err := meta.(ClientSession).IAMPolicyManagementV1API() + iamClient, err := meta.(ClientSession).IAMAPI() if err != nil { return []iampolicymanagementv1.PolicyRole{}, err } - userDetails, err := meta.(ClientSession).BluemixUserDetails() + iamRepo := iamClient.ServiceRoles() + roles, err := iamRepo.ListAuthorizationRoles(sourceServiceName, targetServiceName) + convertedRoles := convertRoleModels(roles) if err != nil { return []iampolicymanagementv1.PolicyRole{}, err } - listRoleOptions := &iampolicymanagementv1.ListRolesOptions{ - AccountID: &userDetails.userAccount, - ServiceName: &targetServiceName, - } - roleList, resp, err := iamPolicyManagementClient.ListRoles(listRoleOptions) - if err != nil || roleList == nil { - return []iampolicymanagementv1.PolicyRole{}, fmt.Errorf("[ERROR] Error in listing roles %s, %s", err, resp) - } - serviceRoles := roleList.ServiceRoles - convertedRoles := convertRoleModels(serviceRoles) - filteredRoles, err := getRolesFromRoleNames(roleNames, convertedRoles) + filteredRoles := []iampolicymanagementv1.PolicyRole{} + filteredRoles, err = getRolesFromRoleNames(roleNames, convertedRoles) if err != nil { return []iampolicymanagementv1.PolicyRole{}, err } @@ -348,12 +342,12 @@ func getAuthorizationRolesByName(roleNames []string, sourceServiceName string, t } // ConvertRoleModels will transform role models returned from "/v1/roles" to the model used by policy -func convertRoleModels(serviceRoles []iampolicymanagementv1.Role) []iampolicymanagementv1.PolicyRole { - results := make([]iampolicymanagementv1.PolicyRole, len(serviceRoles)) - for i, r := range serviceRoles { +func convertRoleModels(roles []models.PolicyRole) []iampolicymanagementv1.PolicyRole { + results := make([]iampolicymanagementv1.PolicyRole, len(roles)) + for i, r := range roles { results[i] = iampolicymanagementv1.PolicyRole{ - RoleID: r.CRN, - DisplayName: r.DisplayName, + RoleID: core.StringPtr(r.ID.String()), + DisplayName: core.StringPtr(r.DisplayName), } } return results