Support Cloud Logs data access rules (IBM-Cloud#5469)

* add data-access-rule changes (#8) * add data-access-rule changes * update go mod and sum * add docs * modify test cases * add tests * add data-access-rule changes * fix data access rules resource and datasource --------- Co-authored-by: hkavya26 <hkavya26@in.ibm.com> * remove commented line --------- Co-authored-by: niranjan-ibm <143492258+niranjan-ibm@users.noreply.github.com>
powervs-ibm · Jun 26, 2024 · 9f8e9dc · 9f8e9dc
1 parent 89be78d
commit 9f8e9dc
Show file tree

Hide file tree

Showing 7 changed files with 922 additions and 0 deletions.
diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go
@@ -954,6 +954,7 @@ func Provider() *schema.Provider {
 			"ibm_logs_dashboard_folders":  logs.AddLogsInstanceFields(logs.DataSourceIbmLogsDashboardFolders()),
 			"ibm_logs_data_usage_metrics": logs.AddLogsInstanceFields(logs.DataSourceIbmLogsDataUsageMetrics()),
 			"ibm_logs_enrichments":        logs.AddLogsInstanceFields(logs.DataSourceIbmLogsEnrichments()),
+			"ibm_logs_data_access_rules":  logs.AddLogsInstanceFields(logs.DataSourceIbmLogsDataAccessRules()),
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -1526,6 +1527,7 @@ func Provider() *schema.Provider {
 			"ibm_logs_dashboard_folder":   logs.AddLogsInstanceFields(logs.ResourceIbmLogsDashboardFolder()),
 			"ibm_logs_data_usage_metrics": logs.AddLogsInstanceFields(logs.ResourceIbmLogsDataUsageMetrics()),
 			"ibm_logs_enrichment":         logs.AddLogsInstanceFields(logs.ResourceIbmLogsEnrichment()),
+			"ibm_logs_data_access_rule":   logs.AddLogsInstanceFields(logs.ResourceIbmLogsDataAccessRule()),
 		},
 
 		ConfigureFunc: providerConfigure,
@@ -1966,6 +1968,7 @@ func Validator() validate.ValidatorDict {
 				"ibm_logs_view_folder":      logs.ResourceIbmLogsViewFolderValidator(),
 				"ibm_logs_dashboard_folder": logs.ResourceIbmLogsDashboardFolderValidator(),
 				"ibm_logs_enrichment":       logs.ResourceIbmLogsEnrichmentValidator(),
+				"ibm_logs_data_access_rule": logs.ResourceIbmLogsDataAccessRuleValidator(),
 			},
 			DataSourceValidatorDictionary: map[string]*validate.ResourceValidator{
 				"ibm_is_subnet":                     vpc.DataSourceIBMISSubnetValidator(),

diff --git a/ibm/service/logs/data_source_ibm_logs_data_access_rules.go b/ibm/service/logs/data_source_ibm_logs_data_access_rules.go
@@ -0,0 +1,172 @@
+// Copyright IBM Corp. 2024 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+/*
+ * IBM OpenAPI Terraform Generator Version: 3.91.0-d9755c53-20240605-153412
+ */
+
+package logs
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
+	"github.com/IBM/logs-go-sdk/logsv0"
+)
+
+func DataSourceIbmLogsDataAccessRules() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceIbmLogsDataAccessRulesRead,
+
+		Schema: map[string]*schema.Schema{
+			"logs_data_access_rules_id": &schema.Schema{
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "Array of data access rule IDs.",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"data_access_rules": &schema.Schema{
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "Data Access Rule details.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Data Access Rule ID.",
+						},
+						"display_name": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Data Access Rule Display Name.",
+						},
+						"description": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Optional Data Access Rule Description.",
+						},
+						"filters": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "List of filters that the Data Access Rule is composed of.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"entity_type": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "Filter's Entity Type.",
+									},
+									"expression": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "Filter's Expression.",
+									},
+								},
+							},
+						},
+						"default_expression": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Default expression to use when no filter matches the query.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceIbmLogsDataAccessRulesRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	logsClient, err := meta.(conns.ClientSession).LogsV0()
+	if err != nil {
+		// Error is coming from SDK client, so it doesn't need to be discriminated.
+		tfErr := flex.TerraformErrorf(err, err.Error(), "(Data) ibm_logs_data_access_rules", "read")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
+	}
+
+	region := getLogsInstanceRegion(logsClient, d)
+	instanceId := d.Get("instance_id").(string)
+	logsClient = getClientWithLogsInstanceEndpoint(logsClient, instanceId, region, getLogsInstanceEndpointType(logsClient, d))
+
+	listDataAccessRulesOptions := &logsv0.ListDataAccessRulesOptions{}
+
+	if _, ok := d.GetOk("logs_data_access_rules_id"); ok {
+		var id []strfmt.UUID
+		for _, v := range d.Get("logs_data_access_rules_id").([]interface{}) {
+			idItem := strfmt.UUID(v.(string))
+			id = append(id, idItem)
+		}
+		listDataAccessRulesOptions.SetID(id)
+	}
+
+	dataAccessRuleCollection, _, err := logsClient.ListDataAccessRulesWithContext(context, listDataAccessRulesOptions)
+	if err != nil {
+		tfErr := flex.TerraformErrorf(err, fmt.Sprintf("ListDataAccessRulesWithContext failed: %s", err.Error()), "(Data) ibm_logs_data_access_rules", "read")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
+	}
+
+	d.SetId(dataSourceIbmLogsDataAccessRulesID(d))
+
+	dataAccessRules := []map[string]interface{}{}
+	if dataAccessRuleCollection.DataAccessRules != nil {
+		for _, modelItem := range dataAccessRuleCollection.DataAccessRules {
+			modelMap, err := DataSourceIbmLogsDataAccessRulesDataAccessRuleToMap(&modelItem)
+			if err != nil {
+				return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_logs_data_access_rules", "read", "data_access_rules-to-map").GetDiag()
+			}
+			dataAccessRules = append(dataAccessRules, modelMap)
+		}
+	}
+	if err = d.Set("data_access_rules", dataAccessRules); err != nil {
+		return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting data_access_rules: %s", err), "(Data) ibm_logs_data_access_rules", "read", "set-data_access_rules").GetDiag()
+	}
+
+	return nil
+}
+
+// dataSourceIbmLogsDataAccessRulesID returns a reasonable ID for the list.
+func dataSourceIbmLogsDataAccessRulesID(d *schema.ResourceData) string {
+	return time.Now().UTC().String()
+}
+
+func DataSourceIbmLogsDataAccessRulesDataAccessRuleToMap(model *logsv0.DataAccessRule) (map[string]interface{}, error) {
+	modelMap := make(map[string]interface{})
+	modelMap["id"] = model.ID.String()
+	modelMap["display_name"] = *model.DisplayName
+	if model.Description != nil {
+		modelMap["description"] = *model.Description
+	}
+	if model.Filters != nil {
+		filters := []map[string]interface{}{}
+		for _, filtersItem := range model.Filters {
+			filtersItemMap, err := DataSourceIbmLogsDataAccessRulesDataAccessRuleFilterToMap(&filtersItem)
+			if err != nil {
+				return modelMap, err
+			}
+			filters = append(filters, filtersItemMap)
+		}
+		modelMap["filters"] = filters
+	}
+	modelMap["default_expression"] = *model.DefaultExpression
+	return modelMap, nil
+}
+
+func DataSourceIbmLogsDataAccessRulesDataAccessRuleFilterToMap(model *logsv0.DataAccessRuleFilter) (map[string]interface{}, error) {
+	modelMap := make(map[string]interface{})
+	modelMap["entity_type"] = *model.EntityType
+	modelMap["expression"] = *model.Expression
+	return modelMap, nil
+}
diff --git a/ibm/service/logs/data_source_ibm_logs_data_access_rules_test.go b/ibm/service/logs/data_source_ibm_logs_data_access_rules_test.go
@@ -0,0 +1,104 @@
+// Copyright IBM Corp. 2024 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+/*
+ * IBM OpenAPI Terraform Generator Version: 3.91.0-d9755c53-20240605-153412
+ */
+
+package logs_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest"
+)
+
+func TestAccIbmLogsDataAccessRulesDataSourceBasic(t *testing.T) {
+	dataAccessRuleDisplayName := fmt.Sprintf("tf_display_name_%d", acctest.RandIntRange(10, 100))
+	dataAccessRuleDefaultExpression := "<v1>true"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheckCloudLogs(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCheckIbmLogsDataAccessRulesDataSourceConfigBasic(dataAccessRuleDisplayName, dataAccessRuleDefaultExpression),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "id"),
+					resource.TestCheckResourceAttrSet("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "data_access_rules.#"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccIbmLogsDataAccessRulesDataSourceAllArgs(t *testing.T) {
+	dataAccessRuleDisplayName := fmt.Sprintf("tf_display_name_%d", acctest.RandIntRange(10, 100))
+	dataAccessRuleDescription := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100))
+	dataAccessRuleDefaultExpression := "<v1>true"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheckCloudLogs(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCheckIbmLogsDataAccessRulesDataSourceConfig(dataAccessRuleDisplayName, dataAccessRuleDescription, dataAccessRuleDefaultExpression),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "id"),
+					resource.TestCheckResourceAttrSet("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "logs_data_access_rules_id.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "data_access_rules.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "data_access_rules.0.id"),
+					resource.TestCheckResourceAttr("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "data_access_rules.0.display_name", dataAccessRuleDisplayName),
+					resource.TestCheckResourceAttr("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "data_access_rules.0.description", dataAccessRuleDescription),
+					resource.TestCheckResourceAttr("data.ibm_logs_data_access_rules.logs_data_access_rules_instance", "data_access_rules.0.default_expression", dataAccessRuleDefaultExpression),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIbmLogsDataAccessRulesDataSourceConfigBasic(dataAccessRuleDisplayName string, dataAccessRuleDefaultExpression string) string {
+	return fmt.Sprintf(`
+		 resource "ibm_logs_data_access_rule" "logs_data_access_rule_instance" {
+			 instance_id  = "%s"
+			 region       = "%s"
+			 display_name = "%s"
+			 filters {
+				 entity_type = "logs"
+				 expression  = "<v1> foo == 'bar'"
+			 }
+			 default_expression = "%s"
+		 }
+ 
+		 data "ibm_logs_data_access_rules" "logs_data_access_rules_instance" {
+			 instance_id 			  = ibm_logs_data_access_rule.logs_data_access_rule_instance.instance_id
+			 region      			  = ibm_logs_data_access_rule.logs_data_access_rule_instance.region
+		 }
+	 `, acc.LogsInstanceId, acc.LogsInstanceRegion, dataAccessRuleDisplayName, dataAccessRuleDefaultExpression)
+}
+
+func testAccCheckIbmLogsDataAccessRulesDataSourceConfig(dataAccessRuleDisplayName string, dataAccessRuleDescription string, dataAccessRuleDefaultExpression string) string {
+	return fmt.Sprintf(`
+		 resource "ibm_logs_data_access_rule" "logs_data_access_rule_instance" {
+			 instance_id  = "%s"
+			 region       = "%s"
+			 display_name = "%s"
+			 description  = "%s"
+			 filters {
+				 entity_type = "logs"
+				 expression  = "<v1> foo == 'bar'"
+			 }
+			 default_expression = "%s"
+		 }
+ 
+		 data "ibm_logs_data_access_rules" "logs_data_access_rules_instance" {
+			 instance_id 			  = ibm_logs_data_access_rule.logs_data_access_rule_instance.instance_id
+			 region      			  = ibm_logs_data_access_rule.logs_data_access_rule_instance.region
+			 logs_data_access_rules_id = [ibm_logs_data_access_rule.logs_data_access_rule_instance.access_rule_id]
+		 }
+	 `, acc.LogsInstanceId, acc.LogsInstanceRegion, dataAccessRuleDisplayName, dataAccessRuleDescription, dataAccessRuleDefaultExpression)
+}