support api tokens for service accounts

Author: ilia-medvedev-codefresh

codefresh/cfclient/api_key.go

@@ -245,6 +245,95 @@ func (client *Client) GetApiKeysList() ([]ApiKey, error) {
 	return apiKeys, nil
 }
 
+func (client *Client) GetAPIKeyServiceUser(keyID string, serviceUserId string) (*ApiKey, error) {
+
+	opts := RequestOptions{
+		Path:   fmt.Sprintf("/auth/key/service-user/%s/%s", serviceUserId, keyID),
+		Method: "GET",
+	}
+
+	resp, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var apiKey ApiKey
+
+	err = DecodeResponseInto(resp, &apiKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &apiKey, nil
+}
+
+func (client *Client) DeleteAPIKeyServiceUser(keyID string, serviceUserId string) error {
+
+	opts := RequestOptions{
+		Path:   fmt.Sprintf("/auth/key/service-user/%s/%s", serviceUserId, keyID),
+		Method: "DELETE",
+	}
+
+	resp, err := client.RequestAPI(&opts)
+	if err != nil {
+		fmt.Println(string(resp))
+		return err
+	}
+
+	return nil
+}
+
+func (client *Client) UpdateAPIKeyServiceUser(key *ApiKey, serviceUserId string) error {
+
+	keyID := key.ID
+	if keyID == "" {
+		return errors.New("[ERROR] Key ID is empty")
+	}
+
+	body, err := EncodeToJSON(key)
+	if err != nil {
+		return err
+	}
+
+	opts := RequestOptions{
+		Path:   fmt.Sprintf("/auth/key/service-user/%s/%s", serviceUserId, keyID),
+		Method: "PATCH",
+		Body:   body,
+	}
+
+	resp, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		fmt.Println(string(resp))
+		return err
+	}
+
+	return nil
+}
+
+func (client *Client) CreateApiKeyServiceUser(serviceUserId string, apiKey *ApiKey) (string, error) {
+
+	body, err := EncodeToJSON(apiKey)
+	if err != nil {
+		return "", err
+	}
+
+	opts := RequestOptions{
+		Path:   fmt.Sprintf("/auth/key/service-user/%s", serviceUserId),
+		Method: "POST",
+		Body:   body,
+	}
+
+	resp, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		return "", err
+	}
+
+	return string(resp), nil
+}
+
 func (client *Client) createRandomUser(accountId string) (string, error) {
 	// add user
 	userPrefix := acctest.RandString(10)

codefresh/cfclient/service_user.go

@@ -3,21 +3,20 @@ package cfclient
 import (
 	"fmt"
 	"golang.org/x/exp/slices"
-
 )
 
 type ServiceUser struct {
-	ID       	   string   `json:"_id,omitempty"`
-	Name 	 	   string   `json:"userName,omitempty"`
-	Teams  	       []Team   `json:"teams,omitempty"`
-	Roles 		   []string `json:"roles,omitempty"`
+	ID    string   `json:"_id,omitempty"`
+	Name  string   `json:"userName,omitempty"`
+	Teams []Team   `json:"teams,omitempty"`
+	Roles []string `json:"roles,omitempty"`
 }
 
 type ServiceUserCreateUpdate struct {
-	ID       	    string   `json:"_id,omitempty"`
-	Name 	 	    string   `json:"userName,omitempty"`
-	TeamIDs		    []string `json:"teamIds,omitempty"`
-	AssignAdminRole bool    `json:"assignAdminRole,omitempty"`
+	ID              string   `json:"_id,omitempty"`
+	Name            string   `json:"userName,omitempty"`
+	TeamIDs         []string `json:"teamIds,omitempty"`
+	AssignAdminRole bool     `json:"assignAdminRole,omitempty"`
 }
 
 // GetID implement CodefreshObject interface
@@ -104,7 +103,7 @@ func (client *Client) CreateServiceUser(serviceUserCreateUpdate *ServiceUserCrea
 	opts := RequestOptions{
 		Path:   fullPath,
 		Method: "POST",
-		Body: body,
+		Body:   body,
 	}
 
 	resp, err := client.RequestAPI(&opts)
@@ -135,7 +134,7 @@ func (client *Client) UpdateServiceUser(serviceUserCreateUpdate *ServiceUserCrea
 	opts := RequestOptions{
 		Path:   fullPath,
 		Method: "PATCH",
-		Body: body,
+		Body:   body,
 	}
 
 	resp, err := client.RequestAPI(&opts)

codefresh/resource_api_key.go

@@ -30,14 +30,26 @@ func resourceApiKey() *schema.Resource {
 				Required:    true,
 			},
 			"account_id": {
-				Description: "The ID of account in which the API key will be created.",
-				Type:        schema.TypeString,
-				Required:    true,
+				Description:  "The ID of account in which the API key will be created. Required if user_id is set.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				RequiredWith: []string{"user_id", "account_id"},
+				ForceNew:     true,
 			},
 			"user_id": {
-				Description: "The ID of a user within the referenced `account_id` that will own the API key.",
-				Type:        schema.TypeString,
-				Required:    true,
+				Description:  "The ID of a user within the referenced `account_id` that will own the API key. Requires a Codefresh admin token and can be used only in Codefresh on-premises installations.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ExactlyOneOf: []string{"user_id", "service_account_id"},
+				RequiredWith: []string{"user_id", "account_id"},
+				ForceNew:     true,
+			},
+			"service_account_id": {
+				Description:  "The ID of the service account to create the API key for.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ExactlyOneOf: []string{"user_id", "service_account_id"},
+				ForceNew:     true,
 			},
 			"token": {
 				Description: "The resulting API key.",
@@ -79,12 +91,22 @@ A list of access scopes for the API key. The possible values:
 
 func resourceApiKeyCreate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*cfclient.Client)
-
 	apiKey := *mapResourceToApiKey(d)
-	accountID := d.Get("account_id").(string)
-	userID := d.Get("user_id").(string)
 
-	resp, err := client.CreateApiKey(userID, accountID, &apiKey)
+	var (
+		resp string
+		err  error
+	)
+
+	if serviceAccountId := d.Get("service_account_id").(string); serviceAccountId != "" {
+		resp, err = client.CreateApiKeyServiceUser(serviceAccountId, &apiKey)
+	} else {
+		accountID := d.Get("account_id").(string)
+		userID := d.Get("user_id").(string)
+
+		resp, err = client.CreateApiKey(userID, accountID, &apiKey)
+	}
+
 	if err != nil {
 		fmt.Println(string(resp))
 		return err
@@ -117,7 +139,17 @@ func resourceApiKeyRead(d *schema.ResourceData, meta interface{}) error {
 		return errors.New("[ERROR] Can't read API Key. Token is empty.")
 	}
 
-	apiKey, err := client.GetAPIKey(keyID)
+	var (
+		apiKey *cfclient.ApiKey
+		err    error
+	)
+
+	if serviceAccountId := d.Get("service_account_id").(string); serviceAccountId != "" {
+		apiKey, err = client.GetAPIKeyServiceUser(keyID, serviceAccountId)
+	} else {
+		apiKey, err = client.GetAPIKey(keyID)
+	}
+
 	if err != nil {
 		return err
 	}
@@ -140,7 +172,15 @@ func resourceApiKeyUpdate(d *schema.ResourceData, meta interface{}) error {
 		return errors.New("[ERROR] Can't read API Key. Token is empty.")
 	}
 
-	err := client.UpdateAPIKey(&apiKey)
+	var err error
+
+	if serviceAccountId := d.Get("service_account_id").(string); serviceAccountId != "" {
+		err = client.UpdateAPIKeyServiceUser(&apiKey, serviceAccountId)
+	} else {
+		err = client.UpdateAPIKey(&apiKey)
+
+	}
+
 	if err != nil {
 		return err
 	}
@@ -156,7 +196,13 @@ func resourceApiKeyDelete(d *schema.ResourceData, meta interface{}) error {
 		return errors.New("[ERROR] Can't read API Key. Token is empty.")
 	}
 
-	err := client.DeleteAPIKey(d.Id())
+	var err error
+	if serviceAccountId := d.Get("service_account_id").(string); serviceAccountId != "" {
+		err = client.DeleteAPIKeyServiceUser(d.Id(), serviceAccountId)
+	} else {
+		err = client.DeleteAPIKey(d.Id())
+	}
+
 	if err != nil {
 		return err
 	}

codefresh/resource_service_user.go

@@ -26,9 +26,9 @@ func resourceServiceAccount() *schema.Resource {
 			},
 			"assign_admin_role": {
 				Description: "Whether or not to assign account admin role to the service account",
-				Type: 	  schema.TypeBool,
-				Optional: true,
-				Default: false,
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
 			},
 			"assigned_teams": {
 				Description: "A list of team IDs the service account is be assigned to",
@@ -87,7 +87,6 @@ func resourceServiceAccountUpdate(d *schema.ResourceData, meta interface{}) erro
 
 	updateServiceAccount := *mapResourceToServiceAccount(d)
 
-
 	_, err := client.UpdateServiceUser(&updateServiceAccount)
 
 	if err != nil {
@@ -152,9 +151,9 @@ func flattenServiceAccountTeams(users []cfclient.TeamUser) []string {
 func mapResourceToServiceAccount(d *schema.ResourceData) *cfclient.ServiceUserCreateUpdate {
 
 	return &cfclient.ServiceUserCreateUpdate{
-		ID:             d.Id(),
-		Name:           d.Get("name").(string),
-		TeamIDs:        datautil.ConvertStringArr(d.Get("assigned_teams").(*schema.Set).List()),
+		ID:              d.Id(),
+		Name:            d.Get("name").(string),
+		TeamIDs:         datautil.ConvertStringArr(d.Get("assigned_teams").(*schema.Set).List()),
 		AssignAdminRole: d.Get("assign_admin_role").(bool),
 	}
 }