Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement connection and subscription resources for jira and slack. #1116

Merged
merged 12 commits into from
Oct 15, 2024

Conversation

trentdibacco
Copy link
Contributor

@trentdibacco trentdibacco commented Oct 10, 2024

Warning

Dependent on #1113 being merged first which upgrade the dependency of hcp-sdk-go to v0.116.0 and fixes a resource related to that change.

🛠️ Description

Preview of Manage a Vault Radar Connections and Subscription via the HCP Terraform Provider.

This add two resources that are tightly related to each other. Integration connections and integration subscriptions.
This introduces two types of connections and subscriptions with plans for more to come later.

The resources introduced in this PR are:

  • hcp_vault_radar_integration_jira_connection
  • hcp_vault_radar_integration_jira_subscription
  • hcp_vault_radar_integration_slack_connection
  • hcp_vault_radar_integration_slack_subscription

Note

My apologies in advance for making a PR that introduces more than one resource, but connection and subscriptions don't make sense on their own, and the difference between jira and slack is rather small and I wanted to prove out a way implement these two types with a common implementation.

Note

This is a preview, and my intent is for this resource not to show up in the in the online documentations.
Therefore, I did not set the subcategory in the markup.

New Resource Checklist

  • Plugin Framework
  • Minimal LOC: (No, but they are tightly related).
  • Acceptance Tests:
  • Documentation:
  • Well-formed Code: go fmt.

Schema

  • Uses Globally Unique ID: Uses GUID returned by server.
  • Validates Fields Where Possible: Minimal
  • Supports Optional Project ID Input:

CRUD Operations

  • Uses Context-Aware CRUD Functions:
  • Uses Context For API Calls:
  • Uses DRY API Calls:
  • Handles Existing Resource Prior To Create:
  • Refreshes Attributes During Read:
  • Handles Removed Resource During Read:
  • Handles Failed State During Read:
  • Handles Nonexistent Resource Prior To Delete:

Documentation

  • Includes Descriptions For Resource And Fields:
  • Includes Example:
  • Includes Generated Docs:

🏗️ Acceptance tests

Note

These acceptance tests works, but requires external environments not avail to CI/CD.
These tests are being skipped because of pre-existing conditions that would be require for the test to succeed.

  • Requires Project already setup with Radar.
  • Requires a Service Account with an Admin role on the Project.
  • A Jira instance with access token
  • A Slack instance with bot token
  • Requires the following environment variables to be set:
    • HCP_PROJECT_ID
    • RADAR_INTEGRATION_JIRA_BASE_URL
    • RADAR_INTEGRATION_JIRA_EMAIL
    • RADAR_INTEGRATION_JIRA_TOKEN
    • RADAR_INTEGRATION_JIRA_PROJECT_KEY
    • RADAR_INTEGRATION_JIRA_ISSUE_TYPE
    • RADAR_INTEGRATION_JIRA_ASSIGNEE
    • RADAR_INTEGRATION_SLACK_TOKEN
    • RADAR_INTEGRATION_SLACK_CHANNEL

Note

I've created a ticket to note how we can address this in the future.
https://hashicorp.atlassian.net/browse/VAULT-31051

  • Have you added an acceptance test for the functionality being added?
  • Have you run the acceptance tests on this branch?

Output from acceptance testing:

make testacc TESTARGS='-run=TestRadarIntegrationJiraConnection' 
...
=== RUN   TestRadarIntegrationJiraConnection
--- PASS: TestRadarIntegrationJiraConnection (14.06s)
...
make testacc TESTARGS='-run=TestRadarIntegrationJiraSubscription'
=== RUN   TestRadarIntegrationJiraSubscription
--- PASS: TestRadarIntegrationJiraSubscription (8.03s)
...
make testacc TESTARGS='-run=TestRadarIntegrationSlackConnection'
=== RUN   TestRadarIntegrationSlackConnection
--- PASS: TestRadarIntegrationSlackConnection (5.93s)
...
make testacc TESTARGS='-run=TestRadarIntegrationSlackSubscription'
=== RUN   TestRadarIntegrationSlackSubscription
--- PASS: TestRadarIntegrationSlackSubscription (7.73s)
...

@trentdibacco trentdibacco requested review from a team as code owners October 10, 2024 20:58
Base automatically changed from dh/update-hcp-sdk-go to main October 11, 2024 16:53
@dhuckins dhuckins requested a review from a team as a code owner October 11, 2024 16:53
@trentdibacco trentdibacco removed the request for review from a team October 11, 2024 16:56
Comment on lines +22 to +27
resource "hcp_vault_radar_integration_jira_connection" "jira_connection" {
name = "example connection to jira"
email = "[email protected]"
token = var.jira_token
base_url = "https://example.atlassian.net"
}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this resource supposed to only work for Jira server as well? For Jira server, the users need to create a personal access token and email is not required

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what you mean by jira server, and I went by what was required in the integration jira connection in the UI and the python schema.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jira server is the self-hosted variant of Atlassian Jira. I am not sure we currently support Jira server but going by the integration type (jira), I thought we want to use the same terraform resource for both Jira Cloud and Server. If not, the resource name should contain jira_cloud right

Copy link

@kathytong-hashicorp kathytong-hashicorp Oct 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think Jira Server also supports Basic Auth, we may have never made the update to support personal access tokens?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

K, going to leave it as like this then.

Copy link

@kartheek-hc kartheek-hc Oct 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basic auth is not a preferred way to make requests to the Jira server API. Same story for Confluence server onboarding, we only support personal access token not basic auth

However, as basic authentication repeatedly sends the username and password on each request, which could be cached in the web browser, it is not the most secure method of authentication we support.

We recommend you use OAuth over basic authentication for most cases. OAuth requires more work to implement, but it uses a token-based workflow that is much more secure.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think Jira Server also supports Basic Auth, we may have never made the update to support personal access tokens?

I think the APIs that we use validate the assignee field on the subscription only work for Jira Cloud. We probably have to make some changes before Jira server integration is fully supported

Copy link
Member

@jasonpilz jasonpilz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@trentdibacco trentdibacco merged commit b52e294 into main Oct 15, 2024
6 checks passed
@trentdibacco trentdibacco deleted the radar/add_connection_subscription branch October 15, 2024 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants