Merge pull request #248 from SumoLogic/emichaeli-add-policies-resource

Add Policies Resource

Author: emichaeli

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## 2.9.9 (August 12, 2021)
 
+FEATURES:
+
+* **New Resource:** sumologic_policies (GH-248)
+
 BUG FIXES:
 
 * resource/sumologic_monitor: Removed deprecation warning for `triggers`.

sumologic/provider.go

@@ -74,6 +74,7 @@ func Provider() terraform.ResourceProvider {
 			"sumologic_saml_configuration":                 resourceSumologicSamlConfiguration(),
 			"sumologic_kinesis_metrics_source":             resourceSumologicKinesisMetricsSource(),
 			"sumologic_token":                              resourceSumologicToken(),
+			"sumologic_policies":                           resourceSumologicPolicies(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"sumologic_admin_recommended_folder": dataSourceSumologicAdminRecommendedFolder(),

sumologic/resource_sumologic_policies.go

@@ -0,0 +1,156 @@
+package sumologic
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+var DefaultPolicies = Policies{
+	Audit:                              AuditPolicy{Enabled: false},
+	DataAccessLevel:                    DataAccessLevelPolicy{Enabled: false},
+	MaxUserSessionTimeout:              MaxUserSessionTimeoutPolicy{MaxUserSessionTimeout: "7d"},
+	SearchAudit:                        SearchAuditPolicy{Enabled: false},
+	ShareDashboardsOutsideOrganization: ShareDashboardsOutsideOrganizationPolicy{Enabled: false},
+	UserConcurrentSessionsLimit:        UserConcurrentSessionsLimitPolicy{Enabled: false, MaxConcurrentSessions: 100},
+}
+
+func resourceSumologicPolicies() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceSumologicPoliciesCreate,
+		Read:   resourceSumologicPoliciesRead,
+		Update: resourceSumologicPoliciesUpdate,
+		Delete: resourceSumologicPoliciesDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"audit": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  DefaultPolicies.Audit.Enabled,
+			},
+			"data_access_level": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  DefaultPolicies.DataAccessLevel.Enabled,
+			},
+			"max_user_session_timeout": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  DefaultPolicies.MaxUserSessionTimeout.MaxUserSessionTimeout,
+			},
+			"search_audit": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  DefaultPolicies.SearchAudit.Enabled,
+			},
+			"share_dashboards_outside_organization": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  DefaultPolicies.ShareDashboardsOutsideOrganization.Enabled,
+			},
+			"user_concurrent_sessions_limit": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"enabled": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  DefaultPolicies.UserConcurrentSessionsLimit.Enabled,
+						},
+						"max_concurrent_sessions": {
+							Type:     schema.TypeInt,
+							Optional: true,
+							Default:  DefaultPolicies.UserConcurrentSessionsLimit.MaxConcurrentSessions,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func resourceSumologicPoliciesRead(d *schema.ResourceData, meta interface{}) error {
+	c := meta.(*Client)
+
+	policies, err := c.GetPolicies()
+	if err != nil {
+		return err
+	}
+
+	setPoliciesResource(d, policies)
+	return nil
+}
+
+func resourceSumologicPoliciesCreate(d *schema.ResourceData, meta interface{}) error {
+	// Since policies can only be set and not created, we just update the policies with the given fields.
+	err := resourceSumologicPoliciesUpdate(d, meta)
+	if err != nil {
+		return err
+	}
+
+	d.SetId("org-policies")
+	return nil
+}
+
+func resourceSumologicPoliciesDelete(d *schema.ResourceData, meta interface{}) error {
+	// Since policies cannot be deleted, we just reset to the default policies configuration.
+	c := meta.(*Client)
+
+	_, err := c.UpdatePolicies(DefaultPolicies)
+	return err
+}
+
+func resourceSumologicPoliciesUpdate(d *schema.ResourceData, meta interface{}) error {
+	policies := resourceToPolicies(d)
+
+	c := meta.(*Client)
+	updatedPolicies, err := c.UpdatePolicies(policies)
+	if err != nil {
+		return err
+	}
+
+	setPoliciesResource(d, updatedPolicies)
+	return nil
+}
+
+func setPoliciesResource(d *schema.ResourceData, policies *Policies) {
+	d.Set("audit", policies.Audit.Enabled)
+	d.Set("data_access_level", policies.DataAccessLevel.Enabled)
+	d.Set("max_user_session_timeout", policies.MaxUserSessionTimeout.MaxUserSessionTimeout)
+	d.Set("search_audit", policies.SearchAudit.Enabled)
+	d.Set("share_dashboards_outside_organization", policies.ShareDashboardsOutsideOrganization.Enabled)
+	setUserConcurrentSessionsLimitPolicy(d, &policies.UserConcurrentSessionsLimit)
+}
+
+func resourceToPolicies(d *schema.ResourceData) Policies {
+	var policies Policies
+	policies.Audit = AuditPolicy{d.Get("audit").(bool)}
+	policies.DataAccessLevel = DataAccessLevelPolicy{d.Get("data_access_level").(bool)}
+	policies.MaxUserSessionTimeout = MaxUserSessionTimeoutPolicy{d.Get("max_user_session_timeout").(string)}
+	policies.SearchAudit = SearchAuditPolicy{d.Get("search_audit").(bool)}
+	policies.ShareDashboardsOutsideOrganization = ShareDashboardsOutsideOrganizationPolicy{d.Get("share_dashboards_outside_organization").(bool)}
+	policies.UserConcurrentSessionsLimit = getUserConcurrentSessionsLimitPolicy(d)
+	return policies
+}
+
+func setUserConcurrentSessionsLimitPolicy(d *schema.ResourceData, policy *UserConcurrentSessionsLimitPolicy) {
+	userConcurrentSessionsLimitPolicyMap := make(map[string]interface{})
+	userConcurrentSessionsLimitPolicyMap["enabled"] = policy.Enabled
+	userConcurrentSessionsLimitPolicyMap["max_concurrent_sessions"] = policy.MaxConcurrentSessions
+
+	userConcurrentSessionsLimitPolicy := make([]map[string]interface{}, 1)
+	userConcurrentSessionsLimitPolicy[0] = userConcurrentSessionsLimitPolicyMap
+
+	d.Set("user_concurrent_sessions_limit", userConcurrentSessionsLimitPolicy)
+}
+
+func getUserConcurrentSessionsLimitPolicy(d *schema.ResourceData) UserConcurrentSessionsLimitPolicy {
+	resourceAsMap := d.Get("user_concurrent_sessions_limit").([]interface{})[0].(map[string]interface{})
+	var userConcurrentSessionsLimitPolicy UserConcurrentSessionsLimitPolicy
+	userConcurrentSessionsLimitPolicy.Enabled = resourceAsMap["enabled"].(bool)
+	userConcurrentSessionsLimitPolicy.MaxConcurrentSessions = resourceAsMap["max_concurrent_sessions"].(int)
+	return userConcurrentSessionsLimitPolicy
+}

sumologic/resource_sumologic_policies_test.go

@@ -0,0 +1,173 @@
+package sumologic
+
+import (
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+)
+
+func TestAccPolicies_basic(t *testing.T) {
+	policies := Policies{
+		Audit:                              AuditPolicy{Enabled: true},
+		DataAccessLevel:                    DataAccessLevelPolicy{Enabled: true},
+		MaxUserSessionTimeout:              MaxUserSessionTimeoutPolicy{MaxUserSessionTimeout: "1h"},
+		SearchAudit:                        SearchAuditPolicy{Enabled: true},
+		ShareDashboardsOutsideOrganization: ShareDashboardsOutsideOrganizationPolicy{Enabled: true},
+		UserConcurrentSessionsLimit:        UserConcurrentSessionsLimitPolicy{Enabled: true, MaxConcurrentSessions: 70},
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckPoliciesDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: newPoliciesConfig("tf_policies_import_test", &policies),
+			},
+			{
+				ResourceName:      "sumologic_policies.tf_policies_import_test",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccPolicies_create(t *testing.T) {
+	policies := Policies{
+		Audit:                              AuditPolicy{Enabled: true},
+		DataAccessLevel:                    DataAccessLevelPolicy{Enabled: true},
+		MaxUserSessionTimeout:              MaxUserSessionTimeoutPolicy{MaxUserSessionTimeout: "1h"},
+		SearchAudit:                        SearchAuditPolicy{Enabled: true},
+		ShareDashboardsOutsideOrganization: ShareDashboardsOutsideOrganizationPolicy{Enabled: true},
+		UserConcurrentSessionsLimit:        UserConcurrentSessionsLimitPolicy{Enabled: true, MaxConcurrentSessions: 70},
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckPoliciesDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: newPoliciesConfig("test_create", &policies),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPoliciesExists("sumologic_policies.test_create"),
+					testPoliciesCheckResourceAttr("sumologic_policies.test_create", &policies),
+				),
+			},
+		},
+	})
+}
+
+func TestAccPolicies_update(t *testing.T) {
+	policies := Policies{
+		Audit:                              AuditPolicy{Enabled: true},
+		DataAccessLevel:                    DataAccessLevelPolicy{Enabled: true},
+		MaxUserSessionTimeout:              MaxUserSessionTimeoutPolicy{MaxUserSessionTimeout: "15m"},
+		SearchAudit:                        SearchAuditPolicy{Enabled: true},
+		ShareDashboardsOutsideOrganization: ShareDashboardsOutsideOrganizationPolicy{Enabled: true},
+		UserConcurrentSessionsLimit:        UserConcurrentSessionsLimitPolicy{Enabled: true, MaxConcurrentSessions: 80},
+	}
+
+	updatedPolicies := Policies{
+		Audit:                              AuditPolicy{Enabled: false},
+		DataAccessLevel:                    DataAccessLevelPolicy{Enabled: false},
+		MaxUserSessionTimeout:              MaxUserSessionTimeoutPolicy{MaxUserSessionTimeout: "7d"},
+		SearchAudit:                        SearchAuditPolicy{Enabled: false},
+		ShareDashboardsOutsideOrganization: ShareDashboardsOutsideOrganizationPolicy{Enabled: false},
+		UserConcurrentSessionsLimit:        UserConcurrentSessionsLimitPolicy{Enabled: false, MaxConcurrentSessions: 100},
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckPoliciesDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: newPoliciesConfig("test_update", &policies),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPoliciesExists("sumologic_policies.test_update"),
+					testPoliciesCheckResourceAttr("sumologic_policies.test_update", &policies),
+				),
+			},
+			{
+				Config: newPoliciesConfig("test_update", &updatedPolicies),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPoliciesExists("sumologic_policies.test_update"),
+					testPoliciesCheckResourceAttr("sumologic_policies.test_update", &updatedPolicies),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckPoliciesDestroy() resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := testAccProvider.Meta().(*Client)
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "sumologic_policies" {
+				continue
+			}
+
+			policies, err := client.GetPolicies()
+			if err != nil {
+				return fmt.Errorf("Encountered an error: " + err.Error())
+			}
+
+			if (*policies) != DefaultPolicies {
+				return fmt.Errorf("Policies weren't reset properly")
+			}
+		}
+		return nil
+	}
+}
+
+func testAccCheckPoliciesExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		_, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Policies not found: %s", name)
+		}
+		return nil
+	}
+}
+
+func testPoliciesCheckResourceAttr(resourceName string, policies *Policies) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		f := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr(resourceName, "audit", strconv.FormatBool(policies.Audit.Enabled)),
+			resource.TestCheckResourceAttr(resourceName, "data_access_level", strconv.FormatBool(policies.DataAccessLevel.Enabled)),
+			resource.TestCheckResourceAttr(resourceName, "max_user_session_timeout", policies.MaxUserSessionTimeout.MaxUserSessionTimeout),
+			resource.TestCheckResourceAttr(resourceName, "search_audit", strconv.FormatBool(policies.SearchAudit.Enabled)),
+			resource.TestCheckResourceAttr(resourceName, "share_dashboards_outside_organization", strconv.FormatBool(policies.ShareDashboardsOutsideOrganization.Enabled)),
+			resource.TestCheckResourceAttr(resourceName, "user_concurrent_sessions_limit.0.enabled", strconv.FormatBool(policies.UserConcurrentSessionsLimit.Enabled)),
+			resource.TestCheckResourceAttr(resourceName, "user_concurrent_sessions_limit.0.max_concurrent_sessions", strconv.Itoa(policies.UserConcurrentSessionsLimit.MaxConcurrentSessions)),
+		)
+		return f(s)
+	}
+}
+
+func newPoliciesConfig(label string, policies *Policies) string {
+	return fmt.Sprintf(`
+resource "sumologic_policies" "%s" {
+  audit = %t
+  data_access_level = %t
+  max_user_session_timeout = "%s"
+  search_audit = %t
+  share_dashboards_outside_organization = %t
+  user_concurrent_sessions_limit {
+    enabled = %t
+    max_concurrent_sessions = %d
+  }
+}`, label,
+		policies.Audit.Enabled,
+		policies.DataAccessLevel.Enabled,
+		policies.MaxUserSessionTimeout.MaxUserSessionTimeout,
+		policies.SearchAudit.Enabled,
+		policies.ShareDashboardsOutsideOrganization.Enabled,
+		policies.UserConcurrentSessionsLimit.Enabled,
+		policies.UserConcurrentSessionsLimit.MaxConcurrentSessions)
+}