mirror of
https://github.com/bpg/terraform-provider-proxmox.git
synced 2025-07-04 21:14:05 +00:00
afcbb415a3
* feat: add ACL resource Signed-off-by: hrmny <8845940+ForsakenHarmony@users.noreply.github.com> * chore: move code under /access, cleanup acc tests Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> --------- Signed-off-by: hrmny <8845940+ForsakenHarmony@users.noreply.github.com> Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> Co-authored-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
126 lines
3.0 KiB
Go
126 lines
3.0 KiB
Go
/*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
package access
|
|
|
|
import (
|
|
"fmt"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/gorilla/schema"
|
|
"github.com/hashicorp/terraform-plugin-framework/types"
|
|
|
|
proxmoxtypes "github.com/bpg/terraform-provider-proxmox/proxmox/types"
|
|
|
|
"github.com/bpg/terraform-provider-proxmox/proxmox/access"
|
|
)
|
|
|
|
type aclResourceModel struct {
|
|
ID types.String `tfsdk:"id"`
|
|
|
|
GroupID types.String `tfsdk:"group_id"`
|
|
Path string `tfsdk:"path"`
|
|
Propagate bool `tfsdk:"propagate"`
|
|
RoleID string `tfsdk:"role_id"`
|
|
TokenID types.String `tfsdk:"token_id"`
|
|
UserID types.String `tfsdk:"user_id"`
|
|
}
|
|
|
|
type aclResourceIDFields struct {
|
|
EntityID string `schema:"entity_id"`
|
|
RoleID string `schema:"role_id"`
|
|
}
|
|
|
|
const aclIDFormat = "{path}?entity_id={group|user@realm|user@realm!token}?role_id={role}"
|
|
|
|
func (r *aclResourceModel) generateID() error {
|
|
encoder := schema.NewEncoder()
|
|
|
|
fields := aclResourceIDFields{
|
|
EntityID: r.GroupID.ValueString() + r.TokenID.ValueString() + r.UserID.ValueString(),
|
|
RoleID: r.RoleID,
|
|
}
|
|
v := url.Values{}
|
|
|
|
err := encoder.Encode(fields, v)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to encode ACL resource ID: %w", err)
|
|
}
|
|
|
|
r.ID = types.StringValue(r.Path + "?" + v.Encode())
|
|
|
|
return nil
|
|
}
|
|
|
|
func parseACLResourceModelFromID(id string) (*aclResourceModel, error) {
|
|
path, query, found := strings.Cut(id, "?")
|
|
|
|
if !found {
|
|
return nil, fmt.Errorf("invalid ACL resource ID format %#v, expected %v", id, aclIDFormat)
|
|
}
|
|
|
|
v, err := url.ParseQuery(query)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid ACL resource ID format %#v, expected %v: %w", id, aclIDFormat, err)
|
|
}
|
|
|
|
decoder := schema.NewDecoder()
|
|
|
|
fields := aclResourceIDFields{}
|
|
|
|
err = decoder.Decode(&fields, v)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid ACL resource ID format %#v, expected %v: %w", id, aclIDFormat, err)
|
|
}
|
|
|
|
model := &aclResourceModel{
|
|
ID: types.StringValue(id),
|
|
GroupID: types.StringNull(),
|
|
Path: path,
|
|
Propagate: false,
|
|
RoleID: fields.RoleID,
|
|
TokenID: types.StringNull(),
|
|
UserID: types.StringNull(),
|
|
}
|
|
|
|
switch {
|
|
case strings.Contains(fields.EntityID, "!"):
|
|
model.TokenID = types.StringValue(fields.EntityID)
|
|
case strings.Contains(fields.EntityID, "@"):
|
|
model.UserID = types.StringValue(fields.EntityID)
|
|
default:
|
|
model.GroupID = types.StringValue(fields.EntityID)
|
|
}
|
|
|
|
return model, nil
|
|
}
|
|
|
|
func (r *aclResourceModel) intoUpdateBody() *access.ACLUpdateRequestBody {
|
|
body := &access.ACLUpdateRequestBody{
|
|
Groups: nil,
|
|
Path: r.Path,
|
|
Propagate: proxmoxtypes.CustomBoolPtr(r.Propagate),
|
|
Roles: []string{r.RoleID},
|
|
Tokens: nil,
|
|
Users: nil,
|
|
}
|
|
|
|
if !r.GroupID.IsNull() {
|
|
body.Groups = []string{r.GroupID.ValueString()}
|
|
}
|
|
|
|
if !r.TokenID.IsNull() {
|
|
body.Tokens = []string{r.TokenID.ValueString()}
|
|
}
|
|
|
|
if !r.UserID.IsNull() {
|
|
body.Users = []string{r.UserID.ValueString()}
|
|
}
|
|
|
|
return body
|
|
}
|