Migrate: IAM Identity Client to new SDK

IBM-Cloud · Jul 14, 2021 · e8618a3 · e8618a3
1 parent 213137d
commit e8618a3
Show file tree

Hide file tree

Showing 9 changed files with 113 additions and 71 deletions.
diff --git a/ibm/data_source_ibm_iam_access_group.go b/ibm/data_source_ibm_iam_access_group.go
@@ -8,8 +8,8 @@ import (
 
 	"log"
 
-	"github.com/IBM-Cloud/bluemix-go/crn"
 	"github.com/IBM-Cloud/bluemix-go/models"
+	"github.com/IBM/platform-services-go-sdk/iamidentityv1"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -130,27 +130,41 @@ func dataIBMIAMAccessGroupRead(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 
-	iamClient, err := meta.(ClientSession).IAMAPI()
+	iamClient, err := meta.(ClientSession).IAMIdentityV1API()
 	if err != nil {
 		return err
 	}
 
-	boundTo := crn.New(userDetails.cloudName, userDetails.cloudType)
-	boundTo.ScopeType = crn.ScopeAccount
-	boundTo.Scope = userDetails.userAccount
+	start := ""
+	allrecs := []iamidentityv1.ServiceID{}
+	var pg int64 = 100
+	for {
+		listServiceIDOptions := iamidentityv1.ListServiceIdsOptions{
+			AccountID: &userDetails.userAccount,
+			Pagesize:  &pg,
+		}
+		if start != "" {
+			listServiceIDOptions.Pagetoken = &start
+		}
 
-	serviceIDs, err := iamClient.ServiceIds().List(boundTo.String())
-	if err != nil {
-		return err
+		serviceIDs, resp, err := iamClient.ListServiceIds(&listServiceIDOptions)
+		if err != nil {
+			return fmt.Errorf("[ERROR] Error listing Service Ids %s %s", err, resp)
+		}
+		start = GetNextIAM(serviceIDs.Next)
+		allrecs = append(allrecs, serviceIDs.Serviceids...)
+		if start == "" {
+			break
+		}
 	}
 
 	retreivedGroups, err := iamuumClient.AccessGroup().List(accountID)
 	if err != nil {
-		return fmt.Errorf("Error retrieving access groups: %s", err)
+		return fmt.Errorf("[ERROR] Error retrieving access groups: %s", err)
 	}
 
 	if len(retreivedGroups) == 0 {
-		return fmt.Errorf("No access group in account")
+		return fmt.Errorf("[ERROR] No access group in account")
 	}
 	var agName string
 	var matchGroups []models.AccessGroupV2
@@ -165,7 +179,7 @@ func dataIBMIAMAccessGroupRead(d *schema.ResourceData, meta interface{}) error {
 		matchGroups = retreivedGroups
 	}
 	if len(matchGroups) == 0 {
-		return fmt.Errorf("No Access Groups with name %s in Account", agName)
+		return fmt.Errorf("[ERROR] No Access Groups with name %s in Account", agName)
 	}
 
 	grpMap := make([]map[string]interface{}, 0, len(matchGroups))
@@ -179,7 +193,7 @@ func dataIBMIAMAccessGroupRead(d *schema.ResourceData, meta interface{}) error {
 		if err != nil {
 			log.Println("Error retrieving access group rules: ", err)
 		}
-		ibmID, serviceID := flattenMembersData(members, res, serviceIDs)
+		ibmID, serviceID := flattenMembersData(members, res, allrecs)
 
 		grpInstance := map[string]interface{}{
 			"id":              grp.ID,

diff --git a/ibm/data_source_ibm_iam_access_group_test.go b/ibm/data_source_ibm_iam_access_group_test.go
@@ -18,7 +18,7 @@ func TestAccIBMIAMAccessGroupDataSource_Basic(t *testing.T) {
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccCheckIBMIAMAccessGroupDataSourceConfig(name),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.ibm_iam_access_group.accgroupdata", "access_group_name", name),

diff --git a/ibm/data_source_ibm_iam_service_id.go b/ibm/data_source_ibm_iam_service_id.go
@@ -6,7 +6,7 @@ package ibm
 import (
 	"fmt"
 
-	"github.com/IBM-Cloud/bluemix-go/crn"
+	"github.com/IBM/platform-services-go-sdk/iamidentityv1"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -35,6 +35,7 @@ func dataSourceIBMIAMServiceID() *schema.Resource {
 							Description: "bound to of the serviceID",
 							Type:        schema.TypeString,
 							Computed:    true,
+							Deprecated:  "bound_to attribute in service_ids list has been deprecated",
 						},
 
 						"crn": {
@@ -74,41 +75,57 @@ func dataSourceIBMIAMServiceID() *schema.Resource {
 }
 
 func dataSourceIBMIAMServiceIDRead(d *schema.ResourceData, meta interface{}) error {
-	iamClient, err := meta.(ClientSession).IAMAPI()
-	if err != nil {
-		return err
-	}
+
 	name := d.Get("name").(string)
 
 	userDetails, err := meta.(ClientSession).BluemixUserDetails()
 	if err != nil {
 		return err
 	}
 
-	boundTo := crn.New(userDetails.cloudName, userDetails.cloudType)
-	boundTo.ScopeType = crn.ScopeAccount
-	boundTo.Scope = userDetails.userAccount
-
-	serviceIDS, err := iamClient.ServiceIds().FindByName(boundTo.String(), name)
+	iamClient, err := meta.(ClientSession).IAMIdentityV1API()
 	if err != nil {
 		return err
 	}
 
-	if len(serviceIDS) == 0 {
-		return fmt.Errorf("No serviceID found with name [%s]", name)
+	start := ""
+	allrecs := []iamidentityv1.ServiceID{}
+	var pg int64 = 100
+	for {
+		listServiceIDOptions := iamidentityv1.ListServiceIdsOptions{
+			AccountID: &userDetails.userAccount,
+			Pagesize:  &pg,
+			Name:      &name,
+		}
+		if start != "" {
+			listServiceIDOptions.Pagetoken = &start
+		}
+
+		serviceIDs, resp, err := iamClient.ListServiceIds(&listServiceIDOptions)
+		if err != nil {
+			return fmt.Errorf("[ERROR] Error listing Service Ids %s %s", err, resp)
+		}
+		start = GetNextIAM(serviceIDs.Next)
+		allrecs = append(allrecs, serviceIDs.Serviceids...)
+		if start == "" {
+			break
+		}
+	}
+	if len(allrecs) == 0 {
+		return fmt.Errorf("[ERROR] No serviceID found with name [%s]", name)
 
 	}
 
-	serviceIDListMap := make([]map[string]interface{}, 0, len(serviceIDS))
-	for _, serviceID := range serviceIDS {
+	serviceIDListMap := make([]map[string]interface{}, 0, len(allrecs))
+	for _, serviceID := range allrecs {
 		l := map[string]interface{}{
-			"id":          serviceID.UUID,
-			"bound_to":    serviceID.BoundTo,
-			"version":     serviceID.Version,
+			"id": serviceID.ID,
+			// "bound_to":    serviceID.BoundTo,
+			"version":     serviceID.EntityTag,
 			"description": serviceID.Description,
 			"crn":         serviceID.CRN,
 			"locked":      serviceID.Locked,
-			"iam_id":      serviceID.IAMID,
+			"iam_id":      serviceID.IamID,
 		}
 		serviceIDListMap = append(serviceIDListMap, l)
 	}

diff --git a/ibm/data_source_ibm_iam_service_id_test.go b/ibm/data_source_ibm_iam_service_id_test.go
@@ -18,7 +18,7 @@ func TestAccIBMIAMServiceIDDataSource_basic(t *testing.T) {
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccCheckIBMIAMServiceIDDataSourceConfig(name),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.ibm_iam_service_id.testacc_ds_service_id", "name", name),
@@ -37,7 +37,7 @@ func TestAccIBMIAMServiceIDDataSource_same_name(t *testing.T) {
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccCheckIBMIAMServiceIDDataSourceSameName(name),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.ibm_iam_service_id.testacc_ds_service_id", "name", name),

diff --git a/ibm/data_source_ibm_iam_service_policy.go b/ibm/data_source_ibm_iam_service_policy.go
@@ -9,6 +9,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
 	"github.com/IBM/go-sdk-core/v5/core"
+	"github.com/IBM/platform-services-go-sdk/iamidentityv1"
 	"github.com/IBM/platform-services-go-sdk/iampolicymanagementv1"
 )
 
@@ -102,15 +103,18 @@ func dataSourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{})
 	if v, ok := d.GetOk("iam_service_id"); ok && v != nil {
 
 		serviceIDUUID := v.(string)
-		iamClient, err := meta.(ClientSession).IAMAPI()
+		iamClient, err := meta.(ClientSession).IAMIdentityV1API()
 		if err != nil {
 			return err
 		}
-		serviceID, err := iamClient.ServiceIds().Get(serviceIDUUID)
+		getServiceIDOptions := iamidentityv1.GetServiceIDOptions{
+			ID: &serviceIDUUID,
+		}
+		serviceID, resp, err := iamClient.GetServiceID(&getServiceIDOptions)
 		if err != nil {
-			return err
+			return fmt.Errorf("[ERROR] Error] Error Getting Service Id %s %s", err, resp)
 		}
-		iamID = serviceID.IAMID
+		iamID = *serviceID.IamID
 	}
 	if v, ok := d.GetOk("iam_id"); ok && v != nil {
 		iamID = v.(string)

diff --git a/ibm/data_source_ibm_iam_service_policy_test.go b/ibm/data_source_ibm_iam_service_policy_test.go
@@ -18,7 +18,7 @@ func TestAccIBMIAMServicePolicyDataSource_Basic(t *testing.T) {
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccCheckIBMIAMServicePolicyDataSourceConfig(name),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.ibm_iam_service_policy.testacc_ds_service_policy", "policies.#", "1"),
@@ -35,7 +35,7 @@ func TestAccIBMIAMServicePolicyDataSource_Multiple_Policies(t *testing.T) {
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccCheckIBMIAMServicePolicyDataSourceMultiplePolicies(name),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.ibm_iam_service_policy.testacc_ds_service_policy", "policies.#", "2"),

diff --git a/ibm/resource_ibm_iam_service_policy.go b/ibm/resource_ibm_iam_service_policy.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/IBM/go-sdk-core/v5/core"
+	"github.com/IBM/platform-services-go-sdk/iamidentityv1"
 	"github.com/IBM/platform-services-go-sdk/iampolicymanagementv1"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -25,7 +26,7 @@ func resourceIBMIAMServicePolicy() *schema.Resource {
 			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
 				resources, resourceAttributes, err := importServicePolicy(d, meta)
 				if err != nil {
-					return nil, fmt.Errorf("Error reading resource ID: %s", err)
+					return nil, fmt.Errorf("[ERROR] Error reading resource ID: %s", err)
 				}
 				d.Set("resources", resources)
 				d.Set("resource_attributes", resourceAttributes)
@@ -158,15 +159,18 @@ func resourceIBMIAMServicePolicyCreate(d *schema.ResourceData, meta interface{})
 	if v, ok := d.GetOk("iam_service_id"); ok && v != nil {
 		serviceIDUUID := v.(string)
 
-		iamClient, err := meta.(ClientSession).IAMAPI()
+		iamClient, err := meta.(ClientSession).IAMIdentityV1API()
 		if err != nil {
 			return err
 		}
-		serviceID, err := iamClient.ServiceIds().Get(serviceIDUUID)
+		getServiceIDOptions := iamidentityv1.GetServiceIDOptions{
+			ID: &serviceIDUUID,
+		}
+		serviceID, resp, err := iamClient.GetServiceID(&getServiceIDOptions)
 		if err != nil {
-			return err
+			return fmt.Errorf("[ERROR] Error] Error Getting Service Id %s %s", err, resp)
 		}
-		iamID = serviceID.IAMID
+		iamID = *serviceID.IamID
 	}
 	if v, ok := d.GetOk("iam_id"); ok && v != nil {
 		iamID = v.(string)
@@ -215,7 +219,7 @@ func resourceIBMIAMServicePolicyCreate(d *schema.ResourceData, meta interface{})
 
 	servicePolicy, res, err := iamPolicyManagementClient.CreatePolicy(createPolicyOptions)
 	if err != nil {
-		return fmt.Errorf("Error creating servicePolicy: %s %s", err, res)
+		return fmt.Errorf("[ERROR] Error creating servicePolicy: %s %s", err, res)
 	}
 
 	getPolicyOptions := iamPolicyManagementClient.NewGetPolicyOptions(
@@ -246,7 +250,7 @@ func resourceIBMIAMServicePolicyCreate(d *schema.ResourceData, meta interface{})
 			iamID := v.(string)
 			d.SetId(fmt.Sprintf("%s/%s", iamID, *servicePolicy.ID))
 		}
-		return fmt.Errorf("error fetching service  policy: %s %s", err, res)
+		return fmt.Errorf("[ERROR] Error fetching service  policy: %s %s", err, res)
 	}
 	if v, ok := d.GetOk("iam_service_id"); ok && v != nil {
 		serviceIDUUID := v.(string)
@@ -294,7 +298,7 @@ func resourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{}) e
 		servicePolicy, res, err = iamPolicyManagementClient.GetPolicy(getPolicyOptions)
 	}
 	if err != nil || servicePolicy == nil {
-		return fmt.Errorf("Error retrieving servicePolicy: %s %s", err, res)
+		return fmt.Errorf("[ERROR] Error retrieving servicePolicy: %s %s", err, res)
 	}
 	if strings.HasPrefix(serviceIDUUID, "iam-") {
 		d.Set("iam_id", serviceIDUUID)
@@ -340,15 +344,18 @@ func resourceIBMIAMServicePolicyUpdate(d *schema.ResourceData, meta interface{})
 		if v, ok := d.GetOk("iam_service_id"); ok && v != nil {
 			serviceIDUUID := v.(string)
 
-			iamClient, err := meta.(ClientSession).IAMAPI()
+			iamClient, err := meta.(ClientSession).IAMIdentityV1API()
 			if err != nil {
 				return err
 			}
-			serviceID, err := iamClient.ServiceIds().Get(serviceIDUUID)
+			getServiceIDOptions := iamidentityv1.GetServiceIDOptions{
+				ID: &serviceIDUUID,
+			}
+			serviceID, resp, err := iamClient.GetServiceID(&getServiceIDOptions)
 			if err != nil {
-				return err
+				return fmt.Errorf("[ERROR] Error] Error Getting Service Id %s %s", err, resp)
 			}
-			iamID = serviceID.IAMID
+			iamID = *serviceID.IamID
 		}
 		if v, ok := d.GetOk("iam_id"); ok && v != nil {
 			iamID = v.(string)
@@ -395,7 +402,7 @@ func resourceIBMIAMServicePolicyUpdate(d *schema.ResourceData, meta interface{})
 			if response != nil && response.StatusCode == 404 {
 				return nil
 			}
-			return fmt.Errorf("Error retrieving Policy: %s\n%s", err, response)
+			return fmt.Errorf("[ERROR] Error retrieving Policy: %s\n%s", err, response)
 		}
 
 		servicePolicyETag := response.Headers.Get("ETag")
@@ -410,7 +417,7 @@ func resourceIBMIAMServicePolicyUpdate(d *schema.ResourceData, meta interface{})
 
 		_, _, err = iamPolicyManagementClient.UpdatePolicy(updatePolicyOptions)
 		if err != nil {
-			return fmt.Errorf("Error updating service policy: %s", err)
+			return fmt.Errorf("[ERROR] Error updating service policy: %s", err)
 		}
 
 	}
@@ -437,7 +444,7 @@ func resourceIBMIAMServicePolicyDelete(d *schema.ResourceData, meta interface{})
 
 	_, err = iamPolicyManagementClient.DeletePolicy(deletePolicyOptions)
 	if err != nil {
-		return fmt.Errorf("Error deleting service policy: %s", err)
+		return fmt.Errorf("[ERROR] Error deleting service policy: %s", err)
 	}
 
 	d.SetId("")
@@ -455,7 +462,7 @@ func resourceIBMIAMServicePolicyExists(d *schema.ResourceData, meta interface{})
 		return false, err
 	}
 	if len(parts) < 2 {
-		return false, fmt.Errorf("Incorrect ID %s: Id should be a combination of serviceID(OR)iamID/PolicyID", d.Id())
+		return false, fmt.Errorf("[ERROR] Incorrect ID %s: Id should be a combination of serviceID(OR)iamID/PolicyID", d.Id())
 	}
 	serviceIDUUID := parts[0]
 	servicePolicyID := parts[1]
@@ -469,7 +476,7 @@ func resourceIBMIAMServicePolicyExists(d *schema.ResourceData, meta interface{})
 		if resp != nil && resp.StatusCode == 404 {
 			return false, nil
 		}
-		return false, fmt.Errorf("Error communicating with the API: %s\n%s", err, resp)
+		return false, fmt.Errorf("[ERROR] Error communicating with the API: %s\n%s", err, resp)
 	}
 
 	if servicePolicy != nil && servicePolicy.State != nil && *servicePolicy.State == "deleted" {
@@ -497,7 +504,7 @@ func importServicePolicy(d *schema.ResourceData, meta interface{}) (interface{},
 	)
 	servicePolicy, _, err := iamPolicyManagementClient.GetPolicy(getPolicyOptions)
 	if err != nil {
-		return nil, nil, fmt.Errorf("Error retrieving servicePolicy: %s", err)
+		return nil, nil, fmt.Errorf("[ERROR] Error retrieving servicePolicy: %s", err)
 	}
 	resources := flattenPolicyResource(servicePolicy.Resources)
 	resource_attributes := flattenPolicyResourceAttributes(servicePolicy.Resources)