feat: Add team resource (#15)

Signed-off-by: Hiroki Suezawa <[email protected]>
sysdiglabs · Mar 6, 2020 · 7866876 · 7866876
1 parent a6aef79
commit 7866876
Show file tree

Hide file tree

Showing 7 changed files with 488 additions and 0 deletions.
diff --git a/examples/team.tf b/examples/team.tf
@@ -0,0 +1,19 @@
+resource "sysdig_secure_team" "sample" {
+  name               = "sample-team"
+  description        = "sample"
+  scope_by           = "container"
+  filter             = "container.image.repo = \"sysdig/agent\""
+  use_sysdig_capture = false
+
+  user_roles {
+    email = "[email protected]"
+    role  = "ROLE_TEAM_STANDARD"
+  }
+
+  user_roles {
+    email = "[email protected]"
+    role  = "ROLE_TEAM_EDIT"
+  }
+
+}
+
diff --git a/sysdig/provider.go b/sysdig/provider.go
@@ -44,6 +44,7 @@ func Provider() terraform.ResourceProvider {
 			"sysdig_secure_rule_syscall":         resourceSysdigSecureRuleSyscall(),
 			"sysdig_secure_rule_falco":           resourceSysdigSecureRuleFalco(),
 			"sysdig_user":                        resourceSysdigUser(),
+			"sysdig_secure_team":                 resourceSysdigSecureTeam(),
 
 			"sysdig_monitor_alert_downtime":      resourceSysdigMonitorAlertDowntime(),
 			"sysdig_monitor_alert_metric":        resourceSysdigMonitorAlertMetric(),

diff --git a/sysdig/resource_sysdig_secure_team.go b/sysdig/resource_sysdig_secure_team.go
@@ -0,0 +1,167 @@
+package sysdig
+
+import (
+	"github.com/draios/terraform-provider-sysdig/sysdig/secure"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"strconv"
+	"time"
+)
+
+func resourceSysdigSecureTeam() *schema.Resource {
+	timeout := 30 * time.Second
+
+	return &schema.Resource{
+		Create: resourceSysdigTeamCreate,
+		Update: resourceSysdigTeamUpdate,
+		Read:   resourceSysdigTeamRead,
+		Delete: resourceSysdigTeamDelete,
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"theme": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "#73A1F7",
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"scope_by": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "container",
+			},
+			"filter": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"use_sysdig_capture": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+			"user_roles": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"email": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"role": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "ROLE_TEAM_STANDARD",
+						},
+					},
+				},
+			},
+			"default_team": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+			"version": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceSysdigTeamCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	team := teamFromResourceData(d)
+
+	team, err := client.CreateTeam(team)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(strconv.Itoa(team.ID))
+	d.Set("version", team.Version)
+
+	return nil
+}
+
+// Retrieves the information of a resource form the file and loads it in Terraform
+func resourceSysdigTeamRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	id, _ := strconv.Atoi(d.Id())
+	t, err := client.GetTeamById(id)
+
+	if err != nil {
+		d.SetId("")
+		return err
+	}
+
+	d.Set("version", t.Version)
+	d.Set("theme", t.Theme)
+	d.Set("name", t.Name)
+	d.Set("description", t.Description)
+	d.Set("scope_by", t.ScopeBy)
+	d.Set("filter", t.Filter)
+	d.Set("canUseSysdigCapture", t.CanUseSysdigCapture)
+	d.Set("default_team", t.DefaultTeam)
+	d.Set("user_roles", t.UserRoles)
+
+	return nil
+}
+
+func resourceSysdigTeamUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	t := teamFromResourceData(d)
+
+	t.Version = d.Get("version").(int)
+	t.ID, _ = strconv.Atoi(d.Id())
+
+	_, err := client.UpdateTeam(t)
+
+	return err
+}
+
+func resourceSysdigTeamDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	id, _ := strconv.Atoi(d.Id())
+
+	return client.DeleteTeam(id)
+}
+
+func teamFromResourceData(d *schema.ResourceData) secure.Team {
+	t := secure.Team{
+		Theme:               d.Get("theme").(string),
+		Name:                d.Get("name").(string),
+		Description:         d.Get("description").(string),
+		ScopeBy:             d.Get("scope_by").(string),
+		Filter:              d.Get("filter").(string),
+		CanUseSysdigCapture: d.Get("use_sysdig_capture").(bool),
+		DefaultTeam:         d.Get("default_team").(bool),
+		Products:            []string{"SDS"},
+	}
+
+	userRoles := []secure.UserRoles{}
+	for _, userRole := range d.Get("user_roles").(*schema.Set).List() {
+		ur := userRole.(map[string]interface{})
+		userRoles = append(userRoles, secure.UserRoles{
+			Email: ur["email"].(string),
+			Role:  ur["role"].(string),
+		})
+	}
+	t.UserRoles = userRoles
+
+	return t
+}
diff --git a/sysdig/resource_sysdig_secure_team_test.go b/sysdig/resource_sysdig_secure_team_test.go
@@ -0,0 +1,106 @@
+package sysdig_test
+
+import (
+	"fmt"
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+	"os"
+	"testing"
+)
+
+func TestAccTeam(t *testing.T) {
+	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		Providers: map[string]terraform.ResourceProvider{
+			"sysdig": sysdig.Provider(),
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: teamWithName(rText()),
+			},
+			{
+				Config: teamWithOneUser(rText()),
+			},
+			{
+				Config: teamWithTwoUser(rText()),
+			},
+			{
+				Config: teamMinimumConfiguration(rText()),
+			},
+		},
+	})
+}
+
+func teamWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_team" "sample" {
+  name               = "sample-%s"
+  description        = "%s"
+  scope_by           = "container"
+  filter             = "container.image.repo = \"sysdig/agent\""
+}`, name, name)
+}
+
+func teamWithOneUser(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_user" "sample" {
+  email      = "[email protected]"
+}
+
+resource "sysdig_secure_team" "sample" {
+  name               = "sample-%s"
+  description        = "%s"
+  scope_by           = "container"
+  filter             = "container.image.repo = \"sysdig/agent\""
+  use_sysdig_capture = false
+
+  user_roles {
+    email = sysdig_user.sample.email
+    role  = "ROLE_TEAM_EDIT"
+  }
+}`, name, name)
+}
+
+func teamWithTwoUser(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_user" "sample1" {
+  email      = "[email protected]"
+}
+
+resource "sysdig_user" "sample2" {
+  email      = "[email protected]"
+}
+
+resource "sysdig_secure_team" "sample" {
+  name               = "sample-%s"
+  description        = "%s"
+  scope_by           = "container"
+  filter             = "container.image.repo = \"sysdig/agent\""
+  use_sysdig_capture = false
+
+  user_roles {
+    email = sysdig_user.sample1.email
+    role  = "ROLE_TEAM_EDIT"
+  }
+
+  user_roles {
+    email = sysdig_user.sample2.email
+    role  = "ROLE_TEAM_MANAGER"
+  }
+}`, name, name)
+}
+
+func teamMinimumConfiguration(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_team" "sample" {
+  name      = "sample-%s"
+}`, name)
+}
diff --git a/sysdig/secure/client.go b/sysdig/secure/client.go
@@ -25,6 +25,11 @@ type SysdigSecureClient interface {
 	GetUserById(int) (User, error)
 	DeleteUser(int) error
 	UpdateUser(User) (User, error)
+
+	CreateTeam(Team) (Team, error)
+	GetTeamById(int) (Team, error)
+	DeleteTeam(int) error
+	UpdateTeam(Team) (Team, error)
 }
 
 func NewSysdigSecureClient(sysdigSecureAPIToken string, url string) SysdigSecureClient {

diff --git a/sysdig/secure/models.go b/sysdig/secure/models.go
@@ -220,3 +220,57 @@ func UserFromJSON(body []byte) User {
 type userWrapper struct {
 	User User `json:"user"`
 }
+
+// -------- Team --------
+type Team struct {
+	ID                  int         `json:"id,omitempty"`
+	Version             int         `json:"version,omitempty"`
+	Theme               string      `json:"theme"`
+	Name                string      `json:"name"`
+	Description         string      `json:"description"`
+	ScopeBy             string      `json:"show"`
+	Filter              string      `json:"filter"`
+	CanUseSysdigCapture bool        `json:"canUseSysdigCapture"`
+	UserRoles           []UserRoles `json:"userRoles,omitempty"`
+	DefaultTeam         bool        `json:"default"`
+	Products            []string    `json:"products"`
+}
+
+type UserRoles struct {
+	UserId int    `json:"userId"`
+	Email  string `json:"userName",omitempty`
+	Role   string `json:"role"`
+}
+
+func (t *Team) ToJSON() io.Reader {
+	payload, _ := json.Marshal(*t)
+	return bytes.NewBuffer(payload)
+}
+
+func TeamFromJSON(body []byte) Team {
+	var result teamWrapper
+	json.Unmarshal(body, &result)
+
+	return result.Team
+}
+
+type teamWrapper struct {
+	Team Team `json:"team"`
+}
+
+// -------- UsersList --------
+type UsersList struct {
+	ID    int    `json:"id"`
+	Email string `json:"username"`
+}
+
+func UsersListFromJSON(body []byte) []UsersList {
+	var result usersListWrapper
+	json.Unmarshal(body, &result)
+
+	return result.UsersList
+}
+
+type usersListWrapper struct {
+	UsersList []UsersList `json:"users"`
+}