Initial scaffold: Terraform provider for LogStruct with framework, data sources (struct, cloudwatch_filter), metadata loader, docs, goreleaser

Author: ndbroadbent

.gitignore

@@ -0,0 +1,6 @@
+dist/
+bin/
+.terraform/
+.terraform.lock.hcl
+*.tfstate*
+**/.DS_Store

.goreleaser.yaml

@@ -0,0 +1,28 @@
+project_name: terraform-provider-logstruct
+before:
+  hooks:
+    - go mod tidy
+builds:
+  - id: provider
+    main: ./main.go
+    binary: terraform-provider-logstruct
+    env:
+      - CGO_ENABLED=0
+    goos: [linux, darwin, windows]
+    goarch: [amd64, arm64]
+    flags: ["-trimpath"]
+    ldflags:
+      - -s -w -X main.version={{.Version}}
+archives:
+  - id: archive
+    name_template: '{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+    builds: [provider]
+    format: zip
+checksum:
+  name_template: '{{ .ProjectName }}_v{{ .Version }}_SHA256SUMS'
+signs:
+  - artifacts: checksum
+release:
+  draft: false
+  prerelease: auto
+  name_template: 'v{{ .Version }}'

README.md

@@ -0,0 +1,79 @@
+# terraform-provider-logstruct
+
+Terraform provider for LogStruct: type-safe CloudWatch filter patterns and LogStruct metadata validation at plan time.
+
+## Features
+
+- Validate that a `struct` and `event` combination is valid based on LogStruct's typed definitions.
+- Generate CloudWatch Logs filter patterns without stringly-typed values.
+- Fail fast during `terraform validate/plan` if LogStruct enums/keys drift.
+
+## Data Sources
+
+### `logstruct_struct`
+
+Inputs:
+
+- `struct` (string): e.g. `"ActionMailer"`
+
+Outputs:
+
+- `fixed_source` (string, null if not fixed)
+- `allowed_events` (list of strings)
+- `keys` (map): canonical key names, e.g. `evt`, `src`, etc.
+
+### `logstruct_cloudwatch_filter`
+
+Inputs:
+
+- `struct` (string)
+- `event` (string, serialized value as emitted by LogStruct)
+- `predicates` (map(string => list(string)), optional): additional equality clauses
+
+Outputs:
+
+- `pattern` (string): CloudWatch filter pattern `{ $.src = "mailer" && $.evt = "delivered" ... }`
+
+## Provider Configuration
+
+```hcl
+provider "logstruct" {
+  export_dir = "./site/lib/log-generation"
+}
+```
+
+`export_dir` should contain:
+
+- `sorbet-enums.json`
+- `sorbet-log-structs.json`
+- `log-keys.json`
+
+These are generated by LogStruct's existing exporters.
+
+## Example
+
+```hcl
+data "logstruct_cloudwatch_filter" "email_delivered" {
+  struct = "ActionMailer"
+  event  = "delivered"
+}
+
+resource "aws_cloudwatch_log_metric_filter" "email_delivered_count" {
+  name           = "Email Delivered Count"
+  log_group_name = var.log_group.docspring
+  pattern        = data.logstruct_cloudwatch_filter.email_delivered.pattern
+
+  metric_transformation {
+    name          = "docspring_email_delivered_count"
+    namespace     = var.namespace.logs
+    value         = "1"
+    default_value = "0"
+    unit          = "Count"
+  }
+}
+```
+
+## Releasing
+
+Use GoReleaser to build and publish GitHub releases with platform-specific zips and checksums. Tags must be semantic versions prefixed with `v` (e.g. `v0.1.0`).
+

go.mod

@@ -0,0 +1,8 @@
+module github.com/DocSpring/terraform-provider-logstruct
+
+go 1.22.0
+
+require (
+    github.com/hashicorp/terraform-plugin-framework v1.11.0
+    github.com/hashicorp/terraform-plugin-log/tflog v0.9.0
+)

main.go

@@ -0,0 +1,29 @@
+package main
+
+import (
+    "context"
+    "flag"
+    "log"
+
+    "github.com/hashicorp/terraform-plugin-framework/providerserver"
+    "github.com/DocSpring/terraform-provider-logstruct/pkg/provider"
+)
+
+// Set by goreleaser at build time
+var (
+    version = "dev"
+)
+
+func main() {
+    var debug bool
+    flag.BoolVar(&debug, "debug", false, "Enable debug mode.")
+    flag.Parse()
+
+    if err := providerserver.Serve(context.Background(), provider.New(version), providerserver.ServeOpts{
+        Address: "github.com/DocSpring/logstruct",
+        Debug:   debug,
+    }); err != nil {
+        log.Fatal(err)
+    }
+}
+

pkg/provider/datasource_cw_filter.go

@@ -0,0 +1,103 @@
+package provider
+
+import (
+    "context"
+    "fmt"
+    "sort"
+    "strings"
+
+    "github.com/hashicorp/terraform-plugin-framework/datasource"
+    "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+    "github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type cwFilterDataSource struct{}
+
+func NewCloudWatchFilterDataSource() datasource.DataSource { return &cwFilterDataSource{} }
+
+type cwFilterModel struct {
+    Struct     types.String         `tfsdk:"struct"`
+    Event      types.String         `tfsdk:"event"`
+    Predicates map[string][]string  `tfsdk:"predicates"`
+
+    Pattern types.String `tfsdk:"pattern"`
+}
+
+func (d *cwFilterDataSource) Metadata(_ context.Context, _ datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+    resp.TypeName = "logstruct_cloudwatch_filter"
+}
+
+func (d *cwFilterDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+    resp.Schema = schema.Schema{
+        Attributes: map[string]schema.Attribute{
+            "struct": schema.StringAttribute{Required: true, Description: "LogStruct struct name e.g. ActionMailer"},
+            "event":  schema.StringAttribute{Required: true, Description: "Event value (serialized), validated against struct"},
+            "predicates": schema.MapAttribute{
+                Optional: true,
+                ElementType: types.ListType{ElemType: types.StringType},
+                Description: "Additional equality predicates map[field] = [values...]",
+            },
+            "pattern": schema.StringAttribute{Computed: true, Description: "Generated CloudWatch Logs filter pattern"},
+        },
+    }
+}
+
+func (d *cwFilterDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+    var data cwFilterModel
+    diags := req.Config.Get(ctx, &data)
+    resp.Diagnostics.Append(diags...)
+    if resp.Diagnostics.HasError() { return }
+
+    client, ok := req.ProviderData.(*MetadataClient)
+    if !ok || client == nil {
+        resp.Diagnostics.AddError("Provider not configured", "Missing metadata client")
+        return
+    }
+    structName := data.Struct.ValueString()
+    event := data.Event.ValueString()
+    allowed, _, err := client.AllowedEventsForStruct(structName)
+    if err != nil { resp.Diagnostics.AddError("Lookup error", err.Error()); return }
+    if !contains(allowed, event) {
+        resp.Diagnostics.AddError("Invalid event for struct", fmt.Sprintf("event %q not allowed for %s (allowed: %v)", event, structName, allowed))
+        return
+    }
+    var parts []string
+    // add evt
+    evtKey, ok := client.Keys["evt"]
+    if !ok { resp.Diagnostics.AddError("Missing key", "evt key missing from exports"); return }
+    parts = append(parts, fmt.Sprintf("$.%s = \"%s\"", evtKey, event))
+    // add source
+    if src, fixed, err := client.FixedSourceForStruct(structName); err != nil {
+        resp.Diagnostics.AddError("Lookup error", err.Error()); return
+    } else if fixed {
+        srcKey, ok := client.Keys["src"]; if !ok { resp.Diagnostics.AddError("Missing key", "src key missing from exports"); return }
+        parts = append(parts, fmt.Sprintf("$.%s = \"%s\"", srcKey, src))
+    }
+    // add extra predicates
+    if data.Predicates != nil {
+        keys := make([]string, 0, len(data.Predicates))
+        for k := range data.Predicates { keys = append(keys, k) }
+        sort.Strings(keys)
+        for _, k := range keys {
+            values := data.Predicates[k]
+            if len(values) == 0 { continue }
+            keyPath := fmt.Sprintf("$.%s", k)
+            if len(values) == 1 {
+                parts = append(parts, fmt.Sprintf("%s = \"%s\"", keyPath, escape(values[0])))
+            } else {
+                ors := make([]string, 0, len(values))
+                for _, v := range values { ors = append(ors, fmt.Sprintf("%s = \"%s\"", keyPath, escape(v))) }
+                parts = append(parts, fmt.Sprintf("(%s)", strings.Join(ors, " || ")))
+            }
+        }
+    }
+    pattern := fmt.Sprintf("{ %s }", strings.Join(parts, " && "))
+    data.Pattern = types.StringValue(pattern)
+
+    diags = resp.State.Set(ctx, &data)
+    resp.Diagnostics.Append(diags...)
+}
+
+func contains(arr []string, s string) bool { for _, v := range arr { if v == s { return true } }; return false }
+func escape(s string) string { return strings.ReplaceAll(s, "\"", "\\\"") }
+

pkg/provider/datasource_struct.go

@@ -0,0 +1,71 @@
+package provider
+
+import (
+    "context"
+
+    "github.com/hashicorp/terraform-plugin-framework/datasource"
+    "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+    "github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type structDataSource struct{}
+
+func NewStructDataSource() datasource.DataSource { return &structDataSource{} }
+
+type structDataModel struct {
+    Struct        types.String   `tfsdk:"struct"`
+    FixedSource   types.String   `tfsdk:"fixed_source"`
+    AllowedEvents []types.String `tfsdk:"allowed_events"`
+    Keys          types.Map      `tfsdk:"keys"`
+}
+
+func (d *structDataSource) Metadata(_ context.Context, _ datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+    resp.TypeName = "logstruct_struct"
+}
+
+func (d *structDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+    resp.Schema = schema.Schema{
+        Attributes: map[string]schema.Attribute{
+            "struct": schema.StringAttribute{Required: true, Description: "LogStruct struct name e.g. ActionMailer"},
+            "fixed_source": schema.StringAttribute{Computed: true},
+            "allowed_events": schema.ListAttribute{Computed: true, ElementType: types.StringType},
+            "keys": schema.MapAttribute{Computed: true, ElementType: types.StringType},
+        },
+    }
+}
+
+func (d *structDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+    var data structDataModel
+    diags := req.Config.Get(ctx, &data)
+    resp.Diagnostics.Append(diags...)
+    if resp.Diagnostics.HasError() { return }
+
+    client, ok := req.ProviderData.(*MetadataClient)
+    if !ok || client == nil {
+        resp.Diagnostics.AddError("Provider not configured", "Missing metadata client")
+        return
+    }
+    allowed, single, err := client.AllowedEventsForStruct(data.Struct.ValueString())
+    if err != nil { resp.Diagnostics.AddError("Lookup error", err.Error()); return }
+    if src, fixed, err := client.FixedSourceForStruct(data.Struct.ValueString()); err != nil {
+        resp.Diagnostics.AddError("Lookup error", err.Error()); return
+    } else if fixed {
+        data.FixedSource = types.StringValue(src)
+    } else {
+        data.FixedSource = types.StringNull()
+    }
+    // events
+    data.AllowedEvents = []types.String{}
+    for _, e := range allowed { data.AllowedEvents = append(data.AllowedEvents, types.StringValue(e)) }
+    _ = single
+    // keys map
+    kv := map[string]types.Value{}
+    for k, v := range client.Keys { kv[k] = types.StringValue(v) }
+    m, md := types.MapValue(types.StringType, kv)
+    resp.Diagnostics.Append(md...)
+    data.Keys = m
+
+    diags = resp.State.Set(ctx, &data)
+    resp.Diagnostics.Append(diags...)
+}
+