Add IAM Service support

huaweicloud/config.go

@@ -296,7 +296,7 @@ func (c *Config) dnsV2Client(region string) (*golangsdk.ServiceClient, error) {
 
 func (c *Config) identityV3Client(region string) (*golangsdk.ServiceClient, error) {
 	return huaweisdk.NewIdentityV3(c.HwClient, golangsdk.EndpointOpts{
-		Region:       c.determineRegion(region),
+		//Region:       c.determineRegion(region),
 		Availability: c.getHwEndpointType(),
 	})
 }

huaweicloud/data_source_huaweicloud_identity_role_v3.go

@@ -0,0 +1,89 @@
+package huaweicloud
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/huaweicloud/golangsdk/openstack/identity/v3/roles"
+)
+
+func dataSourceIdentityRoleV3() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceIdentityRoleV3Read,
+
+		Schema: map[string]*schema.Schema{
+			"domain_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"region": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+// dataSourceIdentityRoleV3Read performs the role lookup.
+func dataSourceIdentityRoleV3Read(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	identityClient, err := config.identityV3Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud identity client: %s", err)
+	}
+
+	listOpts := roles.ListOpts{
+		DomainID: d.Get("domain_id").(string),
+		Name:     d.Get("name").(string),
+	}
+
+	log.Printf("[DEBUG] List Options: %#v", listOpts)
+
+	var role roles.Role
+	allPages, err := roles.List(identityClient, listOpts).AllPages()
+	if err != nil {
+		return fmt.Errorf("Unable to query roles: %s", err)
+	}
+
+	allRoles, err := roles.ExtractRoles(allPages)
+	if err != nil {
+		return fmt.Errorf("Unable to retrieve roles: %s", err)
+	}
+
+	if len(allRoles) < 1 {
+		return fmt.Errorf("Your query returned no results. " +
+			"Please change your search criteria and try again.")
+	}
+
+	if len(allRoles) > 1 {
+		log.Printf("[DEBUG] Multiple results found: %#v", allRoles)
+		return fmt.Errorf("Your query returned more than one result. Please try a more " +
+			"specific search criteria, or set `most_recent` attribute to true.")
+	}
+	role = allRoles[0]
+
+	log.Printf("[DEBUG] Single Role found: %s", role.ID)
+	return dataSourceIdentityRoleV3Attributes(d, config, &role)
+}
+
+// dataSourceIdentityRoleV3Attributes populates the fields of an Role resource.
+func dataSourceIdentityRoleV3Attributes(d *schema.ResourceData, config *Config, role *roles.Role) error {
+	log.Printf("[DEBUG] huaweicloud_identity_role_v3 details: %#v", role)
+
+	d.SetId(role.ID)
+	d.Set("name", role.Name)
+	d.Set("domain_id", role.DomainID)
+	d.Set("region", GetRegion(d, config))
+
+	return nil
+}

huaweicloud/data_source_huaweicloud_identity_role_v3_test.go

@@ -0,0 +1,50 @@
+package huaweicloud
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccHuaweiCloudIdentityV3RoleDataSource_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPreCheckAdminOnly(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccHuaweiCloudIdentityV3RoleDataSource_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIdentityV3DataSourceID("data.huaweicloud_identity_role_v3.role_1"),
+					resource.TestCheckResourceAttr(
+						"data.huaweicloud_identity_role_v3.role_1", "name", "admin"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIdentityV3DataSourceID(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Can't find role data source: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("Role data source ID not set")
+		}
+
+		return nil
+	}
+}
+
+const testAccHuaweiCloudIdentityV3RoleDataSource_basic = `
+data "huaweicloud_identity_role_v3" "role_1" {
+    name = "admin"
+}
+`

huaweicloud/provider.go

@@ -223,6 +223,7 @@ func Provider() terraform.ResourceProvider {
 			"huaweicloud_dcs_az_v1":                 dataSourceDcsAZV1(),
 			"huaweicloud_dcs_maintainwindow_v1":     dataSourceDcsMaintainWindowV1(),
 			"huaweicloud_dcs_product_v1":            dataSourceDcsProductV1(),
+			"huaweicloud_identity_role_v3":          dataSourceIdentityRoleV3(),
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -298,6 +299,11 @@ func Provider() terraform.ResourceProvider {
 			"huaweicloud_maas_task_v1":                       resourceMaasTaskV1(),
 			"huaweicloud_dws_cluster":                        resourceDwsCluster(),
 			"huaweicloud_mls_instance":                       resourceMlsInstance(),
+			"huaweicloud_identity_project_v3":                resourceIdentityProjectV3(),
+			"huaweicloud_identity_role_assignment_v3":        resourceIdentityRoleAssignmentV3(),
+			"huaweicloud_identity_user_v3":                   resourceIdentityUserV3(),
+			"huaweicloud_identity_group_v3":                  resourceIdentityGroupV3(),
+			"huaweicloud_identity_group_membership_v3":       resourceIdentityGroupMembershipV3(),
 		},
 
 		ConfigureFunc: configureProvider,

huaweicloud/resource_huaweicloud_identity_group_membership_v3.go

@@ -0,0 +1,166 @@
+package huaweicloud
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/huaweicloud/golangsdk"
+	"github.com/huaweicloud/golangsdk/openstack/identity/v3/users"
+)
+
+func resourceIdentityGroupMembershipV3() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceIdentityGroupMembershipV3Create,
+		Read:   resourceIdentityGroupMembershipV3Read,
+		Update: resourceIdentityGroupMembershipV3Update,
+		Delete: resourceIdentityGroupMembershipV3Delete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"group": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"users": &schema.Schema{
+				Type:     schema.TypeSet,
+				Required: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func resourceIdentityGroupMembershipV3Create(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	identityClient, err := config.identityV3Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud identity client: %s", err)
+	}
+
+	group := d.Get("group").(string)
+	userList := expandStringList(d.Get("users").(*schema.Set).List())
+
+	if err := addUsersToGroup(identityClient, group, userList); err != nil {
+		return err
+	}
+
+	d.SetId(resource.UniqueId())
+
+	return resourceIdentityGroupMembershipV3Read(d, meta)
+}
+
+func resourceIdentityGroupMembershipV3Read(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	identityClient, err := config.identityV3Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud identity client: %s", err)
+	}
+	group := d.Get("group").(string)
+	userList := d.Get("users").(*schema.Set)
+	var ul []string
+
+	allPages, err := users.ListInGroup(identityClient, group, users.ListOpts{}).AllPages()
+	if err != nil {
+		if _, b := err.(golangsdk.ErrDefault404); b {
+			d.SetId("")
+			return nil
+		} else {
+			return fmt.Errorf("Unable to query groups: %s", err)
+		}
+	}
+
+	allUsers, err := users.ExtractUsers(allPages)
+	if err != nil {
+		return fmt.Errorf("Unable to retrieve users: %s", err)
+	}
+
+	for _, u := range allUsers {
+		if userList.Contains(u.ID) {
+			ul = append(ul, u.ID)
+		}
+	}
+
+	if err := d.Set("users", ul); err != nil {
+		return fmt.Errorf("Error setting user list from IAM (%s), error: %s", group, err)
+	}
+
+	return nil
+}
+
+func resourceIdentityGroupMembershipV3Update(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	identityClient, err := config.identityV3Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud identity client: %s", err)
+	}
+
+	if d.HasChange("users") {
+		group := d.Get("group").(string)
+
+		o, n := d.GetChange("users")
+		if o == nil {
+			o = new(schema.Set)
+		}
+		if n == nil {
+			n = new(schema.Set)
+		}
+
+		os := o.(*schema.Set)
+		ns := n.(*schema.Set)
+		remove := expandStringList(os.Difference(ns).List())
+		add := expandStringList(ns.Difference(os).List())
+
+		if err := removeUsersFromGroup(identityClient, group, remove); err != nil {
+			return fmt.Errorf("Error update user-group-membership: %s", err)
+		}
+
+		if err := addUsersToGroup(identityClient, group, add); err != nil {
+			return fmt.Errorf("Error update user-group-membership: %s", err)
+		}
+	}
+
+	return resourceIdentityGroupMembershipV3Read(d, meta)
+}
+
+func resourceIdentityGroupMembershipV3Delete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	identityClient, err := config.identityV3Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud identity client: %s", err)
+	}
+
+	group := d.Get("group").(string)
+	users := expandStringList(d.Get("users").(*schema.Set).List())
+
+	if err := removeUsersFromGroup(identityClient, group, users); err != nil {
+		return fmt.Errorf("Error delete user-group-membership: %s", err)
+	}
+
+	d.SetId("")
+	return nil
+}
+
+func addUsersToGroup(identityClient *golangsdk.ServiceClient, group string, userList []string) error {
+	for _, u := range userList {
+		if r := users.AddToGroup(identityClient, group, u).ExtractErr(); r != nil {
+			return fmt.Errorf("Error add user %s to group %s: %s ", group, u, r)
+		}
+	}
+	return nil
+}
+
+func removeUsersFromGroup(identityClient *golangsdk.ServiceClient, group string, userList []string) error {
+	for _, u := range userList {
+		if r := users.RemoveFromGroup(identityClient, group, u).ExtractErr(); r != nil {
+			return fmt.Errorf("Error remove user %s from group %s: %s", group, u, r)
+		}
+	}
+	return nil
+}
+
+//func checkMembership(identityClient *golangsdk.ServiceClient, group string, user string)  error {