-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add juju_access_offer resource #633
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "juju_access_offer Resource - terraform-provider-juju" | ||
subcategory: "" | ||
description: |- | ||
A resource that represent a Juju Access Offer. Warning: Do not repeat users across different access levels. | ||
--- | ||
|
||
# juju_access_offer (Resource) | ||
|
||
A resource that represent a Juju Access Offer. Warning: Do not repeat users across different access levels. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "juju_access_offer" "this" { | ||
offer_url = juju_offer.my_application_offer.url | ||
consume = [juju_user.dev.name] | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `offer_url` (String) The url of the offer for access management. If this is changed the resource will be deleted and a new resource will be created. | ||
|
||
### Optional | ||
|
||
- `admin` (Set of String) List of users to grant admin access. "admin" user is not allowed. | ||
- `consume` (Set of String) List of users to grant consume access. "admin" user is not allowed. | ||
- `read` (Set of String) List of users to grant read access. "admin" user is not allowed. | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The ID of this resource. | ||
|
||
## Import | ||
|
||
Import is supported using the following syntax: | ||
|
||
```shell | ||
# Access Offers can be imported by using the Offer URL as in the juju show-offers output. | ||
# Example: | ||
# $juju show-offer mysql | ||
# Store URL Access Description Endpoint Interface Role | ||
# mycontroller admin/db.mysql admin MariaDB Server is one of the most ... mysql mysql provider | ||
$ terraform import juju_access_offer.db admin/db.mysql | ||
``` |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# Access Offers can be imported by using the Offer URL as in the juju show-offers output. | ||
# Example: | ||
# $juju show-offer mysql | ||
# Store URL Access Description Endpoint Interface Role | ||
# mycontroller admin/db.mysql admin MariaDB Server is one of the most ... mysql mysql provider | ||
$ terraform import juju_access_offer.db admin/db.mysql |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
resource "juju_access_offer" "this" { | ||
offer_url = juju_offer.my_application_offer.url | ||
consume = [juju_user.dev.name] | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -54,6 +54,7 @@ type ReadOfferResponse struct { | |
ModelName string | ||
Name string | ||
OfferURL string | ||
Users []crossmodel.OfferUserDetails | ||
} | ||
|
||
type DestroyOfferInput struct { | ||
|
@@ -74,12 +75,20 @@ type RemoveRemoteOfferInput struct { | |
OfferURL string | ||
} | ||
|
||
// GrantRevokeOfferInput represents input for granting or revoking access to an offer. | ||
type GrantRevokeOfferInput struct { | ||
amandahla marked this conversation as resolved.
Show resolved
Hide resolved
|
||
Users []string | ||
Access string | ||
OfferURL string | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this should be URL's, you can revoke many at once There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since we discussed changing the schema in the last terraform office hours, I think this no longer apply, WDYT? |
||
} | ||
|
||
func newOffersClient(sc SharedClient) *offersClient { | ||
return &offersClient{ | ||
SharedClient: sc, | ||
} | ||
} | ||
|
||
// CreateOffer creates offer managed by the offer resource. | ||
func (c offersClient) CreateOffer(input *CreateOfferInput) (*CreateOfferResponse, []error) { | ||
var errs []error | ||
|
||
|
@@ -152,6 +161,7 @@ func (c offersClient) CreateOffer(input *CreateOfferInput) (*CreateOfferResponse | |
return &resp, nil | ||
} | ||
|
||
// ReadOffer reads offer managed by the offer resource. | ||
func (c offersClient) ReadOffer(input *ReadOfferInput) (*ReadOfferResponse, error) { | ||
conn, err := c.GetConnection(nil) | ||
if err != nil { | ||
|
@@ -170,6 +180,7 @@ func (c offersClient) ReadOffer(input *ReadOfferInput) (*ReadOfferResponse, erro | |
response.ApplicationName = result.ApplicationName | ||
response.OfferURL = result.OfferURL | ||
response.Endpoint = result.Endpoints[0].Name | ||
response.Users = result.Users | ||
|
||
//no model name is returned but it can be parsed from the resulting offer URL to ensure parity | ||
//TODO: verify if we can fetch information another way | ||
|
@@ -182,6 +193,7 @@ func (c offersClient) ReadOffer(input *ReadOfferInput) (*ReadOfferResponse, erro | |
return &response, nil | ||
} | ||
|
||
// DestroyOffer destroys offer managed by the offer resource. | ||
func (c offersClient) DestroyOffer(input *DestroyOfferInput) error { | ||
conn, err := c.GetConnection(nil) | ||
if err != nil { | ||
|
@@ -249,7 +261,7 @@ func parseModelFromURL(url string) (result string, success bool) { | |
return result, true | ||
} | ||
|
||
// This function allows the integration resource to consume the offers managed by the offer resource | ||
// ConsumeRemoteOffer allows the integration resource to consume the offers managed by the offer resource. | ||
func (c offersClient) ConsumeRemoteOffer(input *ConsumeRemoteOfferInput) (*ConsumeRemoteOfferResponse, error) { | ||
modelConn, err := c.GetConnection(&input.ModelName) | ||
if err != nil { | ||
|
@@ -330,7 +342,7 @@ func (c offersClient) ConsumeRemoteOffer(input *ConsumeRemoteOfferInput) (*Consu | |
return &response, nil | ||
} | ||
|
||
// This function allows the integration resource to destroy the offers managed by the offer resource | ||
// RemoveRemoteOffer allows the integration resource to destroy the offers managed by the offer resource. | ||
func (c offersClient) RemoveRemoteOffer(input *RemoveRemoteOfferInput) []error { | ||
var errors []error | ||
conn, err := c.GetConnection(&input.ModelName) | ||
|
@@ -390,3 +402,53 @@ func (c offersClient) RemoveRemoteOffer(input *RemoveRemoteOfferInput) []error { | |
|
||
return nil | ||
} | ||
|
||
// GrantOffer adds access to an offer managed by the access offer resource. | ||
// No action or error is returned if the access was already granted to the user. | ||
func (c offersClient) GrantOffer(input *GrantRevokeOfferInput) error { | ||
conn, err := c.GetConnection(nil) | ||
if err != nil { | ||
return err | ||
} | ||
defer func() { _ = conn.Close() }() | ||
|
||
client := applicationoffers.NewClient(conn) | ||
|
||
for _, user := range input.Users { | ||
err = client.GrantOffer(user, input.Access, input.OfferURL) | ||
if err != nil { | ||
// ignore if user was already granted | ||
if strings.Contains(err.Error(), "user already has") { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i don't think the juju api client returns an error in that case... maybe @hmlanigan knows about this There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I got this error while testing and the python library does something similar: |
||
continue | ||
} | ||
return err | ||
} | ||
} | ||
|
||
return nil | ||
} | ||
|
||
// RevokeOffer revokes access to an offer managed by the access offer resource. | ||
// No action or error if the access was already revoked for the user. | ||
func (c offersClient) RevokeOffer(input *GrantRevokeOfferInput) error { | ||
conn, err := c.GetConnection(nil) | ||
if err != nil { | ||
return err | ||
} | ||
defer func() { _ = conn.Close() }() | ||
|
||
client := applicationoffers.NewClient(conn) | ||
|
||
for _, user := range input.Users { | ||
err = client.RevokeOffer(user, input.Access, input.OfferURL) | ||
if err != nil { | ||
// ignore if user was already revoked | ||
if strings.Contains(err.Error(), "not found") { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same question as above - i'm not sure what error is returned in the case where user does not have access to an offer There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I also got this while testing, I assumed that this one is from here: |
||
continue | ||
} | ||
return err | ||
} | ||
} | ||
|
||
return nil | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
todo: add
examples/resource/juju_access_offer
directory withresource.tf
andimport.sh
files, content will be added to this markdown file duringmake install
.