Fox for ip restrictionhttps://github.com//issues/1780

IBM-Cloud · Aug 12, 2020 · 7ebb91e · 7ebb91e
1 parent 1147c52
commit 7ebb91e
Show file tree

Hide file tree

Showing 10 changed files with 41 additions and 63 deletions.
diff --git a/go.sum b/go.sum
@@ -363,6 +363,7 @@ github.com/hashicorp/terraform-config-inspect v0.0.0-20191212124732-c6ae6269b9d7
 github.com/hashicorp/terraform-config-inspect v0.0.0-20191212124732-c6ae6269b9d7/go.mod h1:p+ivJws3dpqbp1iP84+npOyAmTTOLMgCzrXd3GSdn/A=
 github.com/hashicorp/terraform-plugin-sdk v1.6.0 h1:Um5hsAL7kKsfTHtan8lybY/d03F2bHu4fjRB1H6Ag4U=
 github.com/hashicorp/terraform-plugin-sdk v1.6.0/go.mod h1:H5QLx/uhwfxBZ59Bc5SqT19M4i+fYt7LZjHTpbLZiAg=
+github.com/hashicorp/terraform-plugin-sdk v1.15.0 h1:bmYnTT7MqNXlUHDc7pT8E6uKT2g/upjlRLypJFK1OQU=
 github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596 h1:hjyO2JsNZUKT1ym+FAdlBEkGPevazYsmVgIMw7dVELg=
 github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg=
 github.com/hashicorp/vault v0.10.4/go.mod h1:KfSyffbKxoVyspOdlaGVjIuwLobi07qD1bAbosPMpP0=

diff --git a/ibm/data_source_ibm_iam_user_policy.go b/ibm/data_source_ibm_iam_user_policy.go
@@ -94,14 +94,14 @@ func dataSourceIBMIAMUserPolicyRead(d *schema.ResourceData, meta interface{}) er
 
 	accountID := userDetails.userAccount
 
-	user, err := getAccountUser(accountID, userEmail, meta)
+	ibmUniqueID, err := getIBMUniqueId(accountID, userEmail, meta)
 	if err != nil {
 		return err
 	}
 
 	policies, err := iampapClient.V1Policy().List(iampapv1.SearchParams{
 		AccountID: accountID,
-		IAMID:     user.IbmUniqueId,
+		IAMID:     ibmUniqueID,
 		Type:      iampapv1.AccessPolicyType,
 	})
 	if err != nil {

diff --git a/ibm/data_source_ibm_iam_user_policy_test.go b/ibm/data_source_ibm_iam_user_policy_test.go
@@ -35,7 +35,7 @@ func TestAccIBMIAMUserPolicyDataSource_Multiple_Policies(t *testing.T) {
 			resource.TestStep{
 				Config: testAccCheckIBMIAMUserPolicyDataSourceMultiplePolicies(name),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("data.ibm_iam_user_policy.testacc_ds_user_policy", "policies.#", "2"),
+					resource.TestCheckResourceAttr("data.ibm_iam_user_policy.testacc_ds_user_policy", "policies.#", "6"),
 				),
 			},
 		},

diff --git a/ibm/data_source_ibm_iam_user_profile.go b/ibm/data_source_ibm_iam_user_profile.go
@@ -90,13 +90,11 @@ func dataSourceIBMIAMUserProfileRead(d *schema.ResourceData, meta interface{}) e
 		return err
 	}
 
-	user, err := getAccountUser(accountID, userEmail, meta)
+	iamID, err := getIBMUniqueId(accountID, userEmail, meta)
 	if err != nil {
 		return err
 	}
 
-	iamID := user.IbmUniqueId
-
 	userInfo, error := client.GetUserProfile(accountID, iamID)
 	if error != nil {
 		return error

diff --git a/ibm/data_source_ibm_iam_user_profile_test.go b/ibm/data_source_ibm_iam_user_profile_test.go
@@ -7,14 +7,14 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 )
 
-func TestAccIBMIAMUserSettingsDataSource_Basic(t *testing.T) {
+func TestAccIBMIAMUserProfileDataSource_Basic(t *testing.T) {
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccCheckIBMIAMUserSettingsDataSourceConfig(),
+				Config: testAccCheckIBMIAMUserProfileDataSourceConfig(),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.ibm_iam_user_profile.user_profile", "allowed_ip_addresses.#", "2"),
 					resource.TestCheckResourceAttr("data.ibm_iam_user_profile.user_profile", "state", "ACTIVE"),
@@ -26,7 +26,7 @@ func TestAccIBMIAMUserSettingsDataSource_Basic(t *testing.T) {
 	})
 }
 
-func testAccCheckIBMIAMUserSettingsDataSourceConfig() string {
+func testAccCheckIBMIAMUserProfileDataSourceConfig() string {
 	return fmt.Sprintf(`
 
 	resource "ibm_iam_user_settings" "user_settings" {

diff --git a/ibm/resource_ibm_iam_access_group_members.go b/ibm/resource_ibm_iam_access_group_members.go
@@ -222,11 +222,11 @@ func resourceIBMIAMAccessGroupMembersUpdate(d *schema.ResourceData, meta interfa
 			return err
 		}
 		for _, u := range removeUsers {
-			user, err := getAccountUser(accountID, u, meta)
+			ibmUniqueId, err := getIBMUniqueId(accountID, u, meta)
 			if err != nil {
 				return err
 			}
-			err = iamuumClient.AccessGroupMember().Remove(grpID, user.IbmUniqueId)
+			err = iamuumClient.AccessGroupMember().Remove(grpID, ibmUniqueId)
 			if err != nil {
 				return err
 			}
@@ -271,11 +271,12 @@ func resourceIBMIAMAccessGroupMembersDelete(d *schema.ResourceData, meta interfa
 	users := expandStringList(d.Get("ibm_ids").(*schema.Set).List())
 
 	for _, name := range users {
-		user, err := getAccountUser(userDetails.userAccount, name, meta)
+
+		ibmUniqueID, err := getIBMUniqueId(userDetails.userAccount, name, meta)
 		if err != nil {
 			return err
 		}
-		err = iamuumClient.AccessGroupMember().Remove(grpID, user.IbmUniqueId)
+		err = iamuumClient.AccessGroupMember().Remove(grpID, ibmUniqueID)
 		if err != nil {
 			return err
 		}

diff --git a/ibm/resource_ibm_iam_user_policy.go b/ibm/resource_ibm_iam_user_policy.go
@@ -3,7 +3,6 @@ package ibm
 import (
 	"fmt"
 
-	"github.com/IBM-Cloud/bluemix-go/api/account/accountv1"
 	"github.com/IBM-Cloud/bluemix-go/api/iampap/iampapv1"
 	"github.com/IBM-Cloud/bluemix-go/bmxerror"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -133,7 +132,7 @@ func resourceIBMIAMUserPolicyCreate(d *schema.ResourceData, meta interface{}) er
 
 	policy.Type = iampapv1.AccessPolicyType
 
-	user, err := getAccountUser(accountID, userEmail, meta)
+	ibmUniqueID, err := getIBMUniqueId(accountID, userEmail, meta)
 	if err != nil {
 		return err
 	}
@@ -143,7 +142,7 @@ func resourceIBMIAMUserPolicyCreate(d *schema.ResourceData, meta interface{}) er
 			Attributes: []iampapv1.Attribute{
 				{
 					Name:  "iam_id",
-					Value: user.IbmUniqueId,
+					Value: ibmUniqueID,
 				},
 			},
 		},
@@ -225,7 +224,10 @@ func resourceIBMIAMUserPolicyUpdate(d *schema.ResourceData, meta interface{}) er
 			return err
 		}
 
-		user, err := getAccountUser(accountID, userEmail, meta)
+		ibmUniqueID, err := getIBMUniqueId(accountID, userEmail, meta)
+		if err != nil {
+			return err
+		}
 
 		policy.Resources[0].SetAccountID(accountID)
 
@@ -234,7 +236,7 @@ func resourceIBMIAMUserPolicyUpdate(d *schema.ResourceData, meta interface{}) er
 				Attributes: []iampapv1.Attribute{
 					{
 						Name:  "iam_id",
-						Value: user.IbmUniqueId,
+						Value: ibmUniqueID,
 					},
 				},
 			},
@@ -300,18 +302,20 @@ func resourceIBMIAMUserPolicyExists(d *schema.ResourceData, meta interface{}) (b
 
 }
 
-func getAccountUser(accountID, userEmail string, meta interface{}) (*accountv1.AccountUser, error) {
-
-	accountv1Client, err := meta.(ClientSession).BluemixAcccountv1API()
+func getIBMUniqueId(accountID, userEmail string, meta interface{}) (string, error) {
+	userManagement, err := meta.(ClientSession).UserManagementAPI()
 	if err != nil {
-		return nil, err
+		return "", err
 	}
-	accUser, err := accountv1Client.Accounts().FindAccountUserByUserId(accountID, userEmail)
+	client := userManagement.UserInvite()
+	res, err := client.GetUsers(accountID)
 	if err != nil {
-		return nil, err
-	} else if accUser == nil {
-		return nil, fmt.Errorf("User %s is not found under current account", userEmail)
+		return "", err
 	}
-
-	return accUser, nil
+	for _, userInfo := range res.Resources {
+		if userInfo.Email == userEmail {
+			return userInfo.IamID, nil
+		}
+	}
+	return "", fmt.Errorf("User %s is not found under account %s", userEmail, accountID)
 }
diff --git a/ibm/resource_ibm_iam_user_settings.go b/ibm/resource_ibm_iam_user_settings.go
@@ -57,13 +57,11 @@ func resourceIBMIAMUserSettingsCreate(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	user, err := getAccountUser(accountID, userEmail, meta)
+	iamID, err := getIBMUniqueId(accountID, userEmail, meta)
 	if err != nil {
 		return err
 	}
 
-	iamID := user.IbmUniqueId
-
 	UserSettingsPayload := v2.UserSettingOptions{}
 
 	if ip, ok := d.GetOk(iamUserSettingAllowedIPAddresses); ok && ip != nil {
@@ -106,13 +104,11 @@ func resourceIBMIAMUserSettingsRead(d *schema.ResourceData, meta interface{}) er
 		return err
 	}
 
-	user, err := getAccountUser(accountID, d.Id(), meta)
+	iamID, err := getIBMUniqueId(accountID, d.Id(), meta)
 	if err != nil {
 		return err
 	}
 
-	iamID := user.IbmUniqueId
-
 	UserSettings, UserSettingError := client.GetUserSettings(accountID, iamID)
 	if UserSettingError != nil {
 		return UserSettingError
@@ -138,13 +134,11 @@ func resourceIBMIAMUserSettingsUpdate(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	user, err := getAccountUser(accountID, d.Id(), meta)
+	iamID, err := getIBMUniqueId(accountID, d.Id(), meta)
 	if err != nil {
 		return err
 	}
 
-	iamID := user.IbmUniqueId
-
 	hasChanged := false
 
 	userSettingPayload := v2.UserSettingOptions{}
@@ -183,13 +177,11 @@ func resourceIBMIAMUserSettingsDelete(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	user, err := getAccountUser(accountID, d.Id(), meta)
+	iamID, err := getIBMUniqueId(accountID, d.Id(), meta)
 	if err != nil {
 		return err
 	}
 
-	iamID := user.IbmUniqueId
-
 	userSettingPayload := v2.UserSettingOptions{}
 
 	_, UserSettingError := client.ManageUserSettings(accountID, iamID, userSettingPayload)
@@ -212,13 +204,11 @@ func resourceIBMIAMUserSettingsExists(d *schema.ResourceData, meta interface{})
 		return false, err
 	}
 
-	user, err := getAccountUser(accountID, d.Id(), meta)
+	iamID, err := getIBMUniqueId(accountID, d.Id(), meta)
 	if err != nil {
 		return false, err
 	}
 
-	iamID := user.IbmUniqueId
-
 	_, settingErr := client.GetUserSettings(accountID, iamID)
 
 	if settingErr != nil {

diff --git a/ibm/resource_ibm_iam_user_settings_test.go b/ibm/resource_ibm_iam_user_settings_test.go
@@ -56,18 +56,10 @@ func testAccCheckIBMIAMUserSettingsDestroy(s *terraform.State) error {
 
 		accountID := userDetails.userAccount
 
-		accountv1Client, err := testAccProvider.Meta().(ClientSession).BluemixAcccountv1API()
+		iamID, err := getIBMUniqueId(accountID, usermail, testAccProvider.Meta())
 		if err != nil {
 			return err
 		}
-		accUser, err := accountv1Client.Accounts().FindAccountUserByUserId(accountID, usermail)
-		if err != nil {
-			return err
-		} else if accUser == nil {
-			return fmt.Errorf("User %s is not found under current account", usermail)
-		}
-
-		iamID := accUser.IbmUniqueId
 
 		UserSetting, UserSettingError := client.GetUserSettings(accountID, iamID)
 		if UserSettingError == nil && UserSetting.AllowedIPAddresses != "" {
@@ -106,18 +98,10 @@ func testAccCheckIBMIAMUserSettingsExists(n string, ip string) resource.TestChec
 
 		accountID := userDetails.userAccount
 
-		accountv1Client, err := testAccProvider.Meta().(ClientSession).BluemixAcccountv1API()
+		iamID, err := getIBMUniqueId(accountID, usermail, testAccProvider.Meta())
 		if err != nil {
 			return err
 		}
-		accUser, err := accountv1Client.Accounts().FindAccountUserByUserId(accountID, usermail)
-		if err != nil {
-			return err
-		} else if accUser == nil {
-			return fmt.Errorf("User %s is not found under current account", usermail)
-		}
-
-		iamID := accUser.IbmUniqueId
 
 		UserSetting, UserSettingError := client.GetUserSettings(accountID, iamID)
 		if UserSettingError != nil {

diff --git a/ibm/structures.go b/ibm/structures.go
@@ -1113,11 +1113,11 @@ func flattenAccessGroupMembers(list []models.AccessGroupMemberV2, users []accoun
 func flattenUserIds(accountID string, users []string, meta interface{}) ([]string, error) {
 	userids := make([]string, len(users))
 	for i, name := range users {
-		user, err := getAccountUser(accountID, name, meta)
+		iamID, err := getIBMUniqueId(accountID, name, meta)
 		if err != nil {
 			return nil, err
 		}
-		userids[i] = user.IbmUniqueId
+		userids[i] = iamID
 	}
 	return userids, nil
 }