Resource LDAP Team Mapping / Release 1.12.0 (#77)

* Add dependencytrack_ldap_team_mapping resource.

* Resolved linting.

* Add docs and example.

* Add CHANGELOG. Update log and error messages, to be more relevant to location within code.

Author: SolarFactories

.golangci.yml

@@ -527,6 +527,9 @@ linters:
       - path: internal/provider/team_apikey_resource_test.go
         linters:
           - godox
+      - path: internal/provider/ldap_team_mapping_resource.go
+        linters:
+          - lll
 
 formatters:
   enable:

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.12.0
+
+#### FEATURES
+- Add `dependencytrack_ldap_team_mapping` resource to manage dynamic membership of Teams, from LDAP Servers.
+
+#### FIXES
+- Fix example for `dependencytrack_oidc_group_mapping` incorrectly using `dependencytrack_oidc_group` value for `team`.
+
 ## 1.11.0
 
 #### FEATURES

docs/resources/ldap_team_mapping.md

@@ -0,0 +1,36 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "dependencytrack_ldap_team_mapping Resource - dependencytrack"
+subcategory: ""
+description: |-
+  Manages a mapping from LDAP Distinguished Name to Team.
+---
+
+# dependencytrack_ldap_team_mapping (Resource)
+
+Manages a mapping from LDAP Distinguished Name to Team.
+
+## Example Usage
+
+```terraform
+resource "dependencytrack_team" "example" {
+  name = "Example Team Name"
+}
+
+resource "dependencytrack_ldap_team_mapping" "example" {
+  team               = dependencytrack_team.example.id
+  distinguished_name = "example.ldap.server"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `distinguished_name` (String) Distinguished Name used for mapping.
+- `team` (String) UUID for the Team to which to map users.
+
+### Read-Only
+
+- `id` (String) UUID for the Mapping, as generated by DependencyTrack.

docs/resources/oidc_group_mapping.md

@@ -23,7 +23,7 @@ resource "dependencytrack_oidc_group" "example" {
 
 resource "dependencytrack_oidc_group_mapping" "example" {
   group = dependencytrack_oidc_group.example.id
-  team  = dependencytrack_oidc_group.example.team
+  team  = dependencytrack_team.example.id
 }
 ```
 

examples/resources/dependencytrack_ldap_team_mapping/resource.tf

@@ -0,0 +1,8 @@
+resource "dependencytrack_team" "example" {
+  name = "Example Team Name"
+}
+
+resource "dependencytrack_ldap_team_mapping" "example" {
+  team               = dependencytrack_team.example.id
+  distinguished_name = "example.ldap.server"
+}

examples/resources/dependencytrack_oidc_group_mapping/resource.tf

@@ -8,5 +8,5 @@ resource "dependencytrack_oidc_group" "example" {
 
 resource "dependencytrack_oidc_group_mapping" "example" {
   group = dependencytrack_oidc_group.example.id
-  team  = dependencytrack_oidc_group.example.team
+  team  = dependencytrack_team.example.id
 }

internal/provider/ldap_team_mapping_resource.go

@@ -0,0 +1,279 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+	"github.com/google/uuid"
+
+	dtrack "github.com/DependencyTrack/client-go"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+var (
+	_ resource.Resource              = &ldapTeamMappingResource{}
+	_ resource.ResourceWithConfigure = &ldapTeamMappingResource{}
+)
+
+func NewLDAPTeamMappingResource() resource.Resource {
+	return &ldapTeamMappingResource{}
+}
+
+type ldapTeamMappingResource struct {
+	client *dtrack.Client
+	semver *Semver
+}
+
+type ldapTeamMappingResourceModel struct {
+	ID                types.String `tfsdk:"id"`
+	Team              types.String `tfsdk:"team"`
+	DistinguishedName types.String `tfsdk:"distinguished_name"`
+}
+
+func (r *ldapTeamMappingResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_ldap_team_mapping"
+}
+
+func (r *ldapTeamMappingResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Description: "Manages a mapping from LDAP Distinguished Name to Team.",
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Description: "UUID for the Mapping, as generated by DependencyTrack.",
+				Computed:    true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+				},
+			},
+			"team": schema.StringAttribute{
+				Description: "UUID for the Team to which to map users.",
+				Required:    true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.RequiresReplace(),
+				},
+			},
+			"distinguished_name": schema.StringAttribute{
+				Description: "Distinguished Name used for mapping.",
+				Required:    true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.RequiresReplace(),
+				},
+			},
+		},
+	}
+}
+
+func (r *ldapTeamMappingResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var plan ldapTeamMappingResourceModel
+	diags := req.Plan.Get(ctx, &plan)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	team, err := uuid.Parse(plan.Team.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("team"),
+			"Within Create, unable to parse team into UUID",
+			"Error from: "+err.Error(),
+		)
+		return
+	}
+	distinguishedName := plan.DistinguishedName.ValueString()
+
+	mappingReq := dtrack.MappedLdapGroupRequest{
+		Team:              team,
+		DistinguishedName: distinguishedName,
+	}
+	tflog.Debug(ctx, "Mapping ldap distinguished name "+mappingReq.DistinguishedName+" to team "+mappingReq.Team.String())
+
+	mappingRes, err := r.client.LDAP.AddMapping(ctx, mappingReq)
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Error creating ldap mapping",
+			"Unexpected error: "+err.Error(),
+		)
+		return
+	}
+
+	plan = ldapTeamMappingResourceModel{
+		ID:                types.StringValue(mappingRes.UUID.String()),
+		DistinguishedName: types.StringValue(mappingRes.DistinguishedName),
+		// Response does not include Team UUID
+		Team: types.StringValue(team.String()),
+	}
+
+	diags = resp.State.Set(ctx, plan)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tflog.Debug(ctx, "Created ldap mapping with id: "+plan.ID.ValueString()+", for distinguished name: "+plan.DistinguishedName.ValueString()+", to team, with id: "+plan.Team.ValueString())
+}
+
+func (r *ldapTeamMappingResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	// Fetch state
+	var state ldapTeamMappingResourceModel
+	diags := req.State.Get(ctx, &state)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tflog.Debug(ctx, "Refreshing ldap mapping with id: "+state.ID.ValueString()+", for team: "+state.Team.ValueString()+", and distinguished name: "+state.DistinguishedName.ValueString())
+
+	// Refresh
+	id, err := uuid.Parse(state.ID.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("id"),
+			"Within Read, unable to parse id into UUID",
+			"Error from: "+err.Error(),
+		)
+	}
+	team, err := uuid.Parse(state.Team.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("team"),
+			"Within Read, unable to parse team into UUID",
+			"Error from: "+err.Error(),
+		)
+	}
+	distinguishedName := state.DistinguishedName.ValueString()
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	mappedGroups, err := r.client.LDAP.GetTeamMappings(ctx, team)
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Within Read, unable to retrieve team mappings",
+			"Error from: "+err.Error(),
+		)
+		return
+	}
+	mappingInfo, err := Find(mappedGroups, func(mapping dtrack.MappedLdapGroup) bool {
+		return mapping.UUID == id
+	})
+
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Within Read, unable to locate ldap mapping",
+			"Error with finding mapping with id: "+id.String()+", for team: "+team.String()+", and distinguished name: "+distinguishedName+", in original error: "+err.Error(),
+		)
+		return
+	}
+	state = ldapTeamMappingResourceModel{
+		ID:                types.StringValue(mappingInfo.UUID.String()),
+		Team:              types.StringValue(team.String()),
+		DistinguishedName: types.StringValue(mappingInfo.DistinguishedName),
+	}
+
+	// Update state
+	diags = resp.State.Set(ctx, &state)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tflog.Debug(ctx, "Refreshed ldap mapping for team: "+state.Team.ValueString()+", and distinguished name: "+state.DistinguishedName.ValueString())
+}
+
+func (r *ldapTeamMappingResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	// Nothing to Update. This resource only has Create, Delete actions
+	// Get State
+	var plan ldapTeamMappingResourceModel
+	diags := req.Plan.Get(ctx, &plan)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	id, err := uuid.Parse(plan.ID.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("id"),
+			"Within Update, unable to parse id into UUID",
+			"Error from: "+err.Error(),
+		)
+	}
+	team, err := uuid.Parse(plan.Team.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("team"),
+			"Within Update, unable to parse team into UUID",
+			"Error from: "+err.Error(),
+		)
+	}
+	distingushedName := plan.DistinguishedName.ValueString()
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	state := ldapTeamMappingResourceModel{
+		ID:                types.StringValue(id.String()),
+		Team:              types.StringValue(team.String()),
+		DistinguishedName: types.StringValue(distingushedName),
+	}
+
+	// Update State
+	diags = resp.State.Set(ctx, state)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tflog.Debug(ctx, "Updated ldap mapping with id: "+plan.ID.ValueString()+", for team: "+plan.Team.ValueString()+", and distinguished name: "+plan.DistinguishedName.ValueString())
+}
+
+func (r *ldapTeamMappingResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	// Load state
+	var state ldapTeamMappingResourceModel
+	diags := req.State.Get(ctx, &state)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Map TF to SDK
+	id, err := uuid.Parse(state.ID.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddAttributeError(
+			path.Root("id"),
+			"Within Delete, unable to parse id into UUID",
+			"Error parsing UUID from: "+state.ID.ValueString()+", error: "+err.Error(),
+		)
+		return
+	}
+
+	// Execute
+	tflog.Debug(ctx, "Deleting ldap mapping with id: "+id.String()+", for team with id: "+state.Team.ValueString()+", and distinguished name: "+state.DistinguishedName.ValueString())
+	err = r.client.LDAP.RemoveMapping(ctx, id)
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Unable to delete ldap mapping",
+			"Unexpected error when trying to delete ldap mapping with id: "+id.String()+", error: "+err.Error(),
+		)
+		return
+	}
+	tflog.Debug(ctx, "Deleted ldap mapping with id: "+id.String())
+}
+
+func (r *ldapTeamMappingResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+	clientInfo, ok := req.ProviderData.(clientInfo)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Configure Type",
+			fmt.Sprintf("Expected provider.clientInfo, got %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+		return
+	}
+	r.client = clientInfo.client
+	r.semver = clientInfo.semver
+}