Add OIDC auth method and account resource (#105)

add OIDC auth method and account resources
hashicorp · May 5, 2021 · 3d42195 · 3d42195
1 parent 9bc08d4
commit 3d42195
Show file tree

Hide file tree

Showing 14 changed files with 1,866 additions and 210 deletions.
diff --git a/go.mod b/go.mod
@@ -20,6 +20,7 @@ require (
 	github.com/hashicorp/boundary v0.2.0
 	github.com/hashicorp/boundary/api v0.0.9
 	github.com/hashicorp/boundary/sdk v0.0.4
+	github.com/hashicorp/cap v0.0.0-20210408110729-0dd65efe5473
 	github.com/hashicorp/go-immutable-radix v1.3.0 // indirect
 	github.com/hashicorp/go-kms-wrapping v0.6.1
 	github.com/hashicorp/golang-lru v0.5.4 // indirect

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -54,16 +54,20 @@ func New() *schema.Provider {
 			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
-			"boundary_account":      resourceAccount(),
-			"boundary_auth_method":  resourceAuthMethod(),
-			"boundary_group":        resourceGroup(),
-			"boundary_host":         resourceHost(),
-			"boundary_host_catalog": resourceHostCatalog(),
-			"boundary_host_set":     resourceHostset(),
-			"boundary_role":         resourceRole(),
-			"boundary_scope":        resourceScope(),
-			"boundary_target":       resourceTarget(),
-			"boundary_user":         resourceUser(),
+			"boundary_account":              resourceAccount(),
+			"boundary_account_password":     resourceAccountPassword(),
+			"boundary_account_oidc":         resourceAccountOidc(),
+			"boundary_auth_method":          resourceAuthMethod(),
+			"boundary_auth_method_password": resourceAuthMethodPassword(),
+			"boundary_auth_method_oidc":     resourceAuthMethodOidc(),
+			"boundary_group":                resourceGroup(),
+			"boundary_host":                 resourceHost(),
+			"boundary_host_catalog":         resourceHostCatalog(),
+			"boundary_host_set":             resourceHostset(),
+			"boundary_role":                 resourceRole(),
+			"boundary_scope":                resourceScope(),
+			"boundary_target":               resourceTarget(),
+			"boundary_user":                 resourceUser(),
 		},
 	}
 

diff --git a/internal/provider/resource_account.go b/internal/provider/resource_account.go
@@ -10,12 +10,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
-const (
-	accountTypePassword = "password"
-	accountLoginNameKey = "login_name"
-	accountPasswordKey  = "password"
-)
-
 func resourceAccount() *schema.Resource {
 	return &schema.Resource{
 		Description: "The account resource allows you to configure a Boundary account.",
@@ -60,11 +54,14 @@ func resourceAccount() *schema.Resource {
 				Description: "The login name for this account.",
 				Type:        schema.TypeString,
 				Optional:    true,
+				Deprecated:  "Will be removed in favor of using attributes parameter",
 			},
 			accountPasswordKey: {
 				Description: "The account password. Only set on create, changes will not be reflected when updating account.",
 				Type:        schema.TypeString,
 				Optional:    true,
+				Deprecated:  "Will be removed in favor of using attributes parameter",
+
 				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
 					if d.Id() == "" {
 						// This is a new resource do not suppress password diff
@@ -91,6 +88,7 @@ func setFromAccountResponseMap(d *schema.ResourceData, raw map[string]interface{
 		return err
 	}
 
+	// TODO(malnick) - remove after deprecation cycle in favor of attributes
 	switch raw["type"].(string) {
 	case accountTypePassword:
 		if attrsVal, ok := raw["attributes"]; ok {
@@ -115,51 +113,24 @@ func resourceAccountCreate(ctx context.Context, d *schema.ResourceData, meta int
 		return diag.Errorf("no auth method ID provided")
 	}
 
-	var loginName *string
-	if keyVal, ok := d.GetOk(accountLoginNameKey); ok {
-		key := keyVal.(string)
-		loginName = &key
-	}
-
-	var password *string
-	if keyVal, ok := d.GetOk(accountPasswordKey); ok {
-		key := keyVal.(string)
-		password = &key
-	}
-
 	opts := []accounts.Option{}
 
-	var typeStr string
-	if typeVal, ok := d.GetOk(TypeKey); ok {
-		typeStr = typeVal.(string)
-	} else {
-		return diag.Errorf("no type provided")
+	if nameVal, ok := d.GetOk(NameKey); ok {
+		opts = append(opts, accounts.WithName(nameVal.(string)))
 	}
-	switch typeStr {
-	case accountTypePassword:
-		if loginName != nil {
-			opts = append(opts, accounts.WithPasswordAccountLoginName(*loginName))
-		}
-		if password != nil {
-			opts = append(opts, accounts.WithPasswordAccountPassword(*password))
-			if err := d.Set(accountPasswordKey, *password); err != nil {
-				return diag.FromErr(err)
-			}
-		}
-	default:
-		return diag.Errorf("invalid type provided")
+
+	if descVal, ok := d.GetOk(DescriptionKey); ok {
+		opts = append(opts, accounts.WithDescription(descVal.(string)))
 	}
 
-	nameVal, ok := d.GetOk(NameKey)
-	if ok {
-		nameStr := nameVal.(string)
-		opts = append(opts, accounts.WithName(nameStr))
+	// TODO(malnick) - remove after deprecation cycle
+	if name, ok := d.GetOk(accountLoginNameKey); ok {
+		opts = append(opts, accounts.WithPasswordAccountLoginName(name.(string)))
 	}
 
-	descVal, ok := d.GetOk(DescriptionKey)
-	if ok {
-		descStr := descVal.(string)
-		opts = append(opts, accounts.WithDescription(descStr))
+	// TODO(malnick) - remove after deprecation cycle
+	if pass, ok := d.GetOk(accountPasswordKey); ok {
+		opts = append(opts, accounts.WithPasswordAccountPassword(pass.(string)))
 	}
 
 	aClient := accounts.NewClient(md.client)
@@ -208,66 +179,38 @@ func resourceAccountUpdate(ctx context.Context, d *schema.ResourceData, meta int
 
 	opts := []accounts.Option{}
 
-	var name *string
 	if d.HasChange(NameKey) {
 		opts = append(opts, accounts.DefaultName())
 		nameVal, ok := d.GetOk(NameKey)
 		if ok {
-			nameStr := nameVal.(string)
-			name = &nameStr
-			opts = append(opts, accounts.WithName(nameStr))
+			opts = append(opts, accounts.WithName(nameVal.(string)))
 		}
 	}
 
-	var desc *string
 	if d.HasChange(DescriptionKey) {
 		opts = append(opts, accounts.DefaultDescription())
 		descVal, ok := d.GetOk(DescriptionKey)
 		if ok {
-			descStr := descVal.(string)
-			desc = &descStr
-			opts = append(opts, accounts.WithDescription(descStr))
+			opts = append(opts, accounts.WithDescription(descVal.(string)))
 		}
 	}
 
-	var loginName *string
+	// TODO(malnick) - remove after deprecation cycle
 	if d.HasChange(accountLoginNameKey) {
-		switch d.Get(TypeKey).(string) {
-		case accountTypePassword:
-			opts = append(opts, accounts.DefaultPasswordAccountLoginName())
-			keyVal, ok := d.GetOk(accountLoginNameKey)
-			if ok {
-				keyStr := keyVal.(string)
-				loginName = &keyStr
-				opts = append(opts, accounts.WithPasswordAccountLoginName(keyStr))
-			}
-		default:
-			return diag.Errorf(`"login_name" cannot be used with this type of account`)
+		opts = append(opts, accounts.DefaultPasswordAccountLoginName())
+		if keyVal, ok := d.GetOk(accountLoginNameKey); ok {
+			opts = append(opts, accounts.WithPasswordAccountLoginName(keyVal.(string)))
 		}
 	}
 
 	if len(opts) > 0 {
 		opts = append(opts, accounts.WithAutomaticVersioning(true))
-		_, err := aClient.Update(ctx, d.Id(), 0, opts...)
+		aur, err := aClient.Update(ctx, d.Id(), 0, opts...)
 		if err != nil {
 			return diag.Errorf("error updating account: %v", err)
 		}
-	}
 
-	if d.HasChange(NameKey) {
-		if err := d.Set(NameKey, name); err != nil {
-			return diag.FromErr(err)
-		}
-	}
-	if d.HasChange(DescriptionKey) {
-		if err := d.Set(DescriptionKey, desc); err != nil {
-			return diag.FromErr(err)
-		}
-	}
-	if d.HasChange(accountLoginNameKey) {
-		if err := d.Set(accountLoginNameKey, loginName); err != nil {
-			return diag.FromErr(err)
-		}
+		setFromAccountResponseMap(d, aur.GetResponse().Map)
 	}
 
 	return nil