Revert revert provider integration (#3199)

Author: tmalikconfluent

go.mod

@@ -46,7 +46,7 @@ require (
 	github.com/confluentinc/ccloud-sdk-go-v2/networking-ip v0.2.0
 	github.com/confluentinc/ccloud-sdk-go-v2/networking-privatelink v0.3.0
 	github.com/confluentinc/ccloud-sdk-go-v2/org v0.9.0
-	github.com/confluentinc/ccloud-sdk-go-v2/provider-integration v0.1.0
+	github.com/confluentinc/ccloud-sdk-go-v2/provider-integration v0.2.0
 	github.com/confluentinc/ccloud-sdk-go-v2/service-quota v0.2.0
 	github.com/confluentinc/ccloud-sdk-go-v2/srcm v0.7.3
 	github.com/confluentinc/ccloud-sdk-go-v2/sso v0.0.1

go.sum

@@ -250,8 +250,8 @@ github.com/confluentinc/ccloud-sdk-go-v2/networking-privatelink v0.3.0 h1:mC0E1n
 github.com/confluentinc/ccloud-sdk-go-v2/networking-privatelink v0.3.0/go.mod h1:GIHF2cYOUKx+6ycYokr4i8E4cuNBC22xqvO/IhqZ31U=
 github.com/confluentinc/ccloud-sdk-go-v2/org v0.9.0 h1:FtaqHX0kBTK7fCQK+9SJcOso+XpWCWzY2roT3gBQGfw=
 github.com/confluentinc/ccloud-sdk-go-v2/org v0.9.0/go.mod h1:X0uaTYPp+mr19W1R/Z1LuB1ePZJZrH7kxnQckDx6zoc=
-github.com/confluentinc/ccloud-sdk-go-v2/provider-integration v0.1.0 h1:a6GlDTUoeX5zRlIPVToH3Aa779QA2Ajj/LYyJC5UQN8=
-github.com/confluentinc/ccloud-sdk-go-v2/provider-integration v0.1.0/go.mod h1:aNAIuiIUbfvqtQrl4yp1f7dMdUInXs+PDrHLvKCr0PE=
+github.com/confluentinc/ccloud-sdk-go-v2/provider-integration v0.2.0 h1:UN2a+aqYhk95ro+wVLkeB/8W7n+UV2KsE3jNFbbDCSw=
+github.com/confluentinc/ccloud-sdk-go-v2/provider-integration v0.2.0/go.mod h1:TzompS9F0G6awN5xMC+nguNG8ULElN5UqX2XOBOIPuM=
 github.com/confluentinc/ccloud-sdk-go-v2/service-quota v0.2.0 h1:xVSmwdycExze1E2Jta99CaFuMOlL6k6KExOOSY1hSFg=
 github.com/confluentinc/ccloud-sdk-go-v2/service-quota v0.2.0/go.mod h1:zZWZoGWJuO0Qm4lO6H2KlXMx4OoB/yhD8y6J1ZB/97Q=
 github.com/confluentinc/ccloud-sdk-go-v2/srcm v0.7.3 h1:ozdDSJHruQIgtxS5hwz8Rp8pUSX0i4h9besp2H9NYzU=

internal/provider-integration/command.go

@@ -3,6 +3,7 @@ package providerintegration
 import (
 	"github.com/spf13/cobra"
 
+	v2 "github.com/confluentinc/cli/v4/internal/provider-integration/v2"
 	pcmd "github.com/confluentinc/cli/v4/pkg/cmd"
 )
 
@@ -35,6 +36,7 @@ func New(prerunner pcmd.PreRunner) *cobra.Command {
 	cmd.AddCommand(c.newDeleteCommand())
 	cmd.AddCommand(c.newDescribeCommand())
 	cmd.AddCommand(c.newListCommand())
+	cmd.AddCommand(v2.New(prerunner))
 
 	return cmd
 }

internal/provider-integration/v2/command.go

@@ -0,0 +1,51 @@
+// Copyright 2024 Confluent Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v2
+
+import (
+	"github.com/spf13/cobra"
+
+	pcmd "github.com/confluentinc/cli/v4/pkg/cmd"
+)
+
+type command struct {
+	*pcmd.AuthenticatedCLICommand
+}
+
+func New(prerunner pcmd.PreRunner) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:         "v2",
+		Short:       "Manage provider integrations (v2).",
+		Long:        "Manage provider integrations that allow users to configure access to cloud provider resources through Confluent resources.\n\nCurrently supports: Azure and GCP.",
+		Annotations: map[string]string{pcmd.RunRequirement: pcmd.RequireCloudLogin},
+	}
+
+	c := &command{
+		AuthenticatedCLICommand: pcmd.NewAuthenticatedCLICommand(cmd, prerunner),
+	}
+
+	cmd.AddCommand(c.newCreateCommand())
+	cmd.AddCommand(c.newDeleteCommand())
+	cmd.AddCommand(c.newDescribeCommand())
+	cmd.AddCommand(c.newListCommand())
+
+	return cmd
+}
+
+const (
+	// Provider constants
+	providerAzure = "azure"
+	providerGcp   = "gcp"
+)

internal/provider-integration/v2/command_create.go

@@ -0,0 +1,211 @@
+// Copyright 2024 Confluent Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v2
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
+
+	piv2 "github.com/confluentinc/ccloud-sdk-go-v2/provider-integration/v2"
+
+	pcmd "github.com/confluentinc/cli/v4/pkg/cmd"
+	"github.com/confluentinc/cli/v4/pkg/examples"
+	"github.com/confluentinc/cli/v4/pkg/output"
+)
+
+func (c *command) newCreateCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "create <display-name>",
+		Short: "Create a provider integration.",
+		Long:  "Create a provider integration that allows users to manage access to cloud provider resources through Confluent resources.",
+		Args:  cobra.ExactArgs(1),
+		RunE:  c.create,
+		Example: examples.BuildExampleString(
+			examples.Example{
+				Text: `Create and configure Azure provider integration "azure-integration" in the current environment.`,
+				Code: "confluent provider-integration v2 create azure-integration --cloud azure --azure-tenant-id 00000000-0000-0000-0000-000000000000",
+			},
+			examples.Example{
+				Text: `Create and configure GCP provider integration "gcp-integration" in environment "env-123456".`,
+				Code: "confluent provider-integration v2 create gcp-integration --cloud gcp --gcp-service-account my-sa@my-project.iam.gserviceaccount.com --environment env-123456",
+			},
+		),
+	}
+
+	cmd.Flags().String("cloud", "", fmt.Sprintf("Cloud provider (%s or %s).", providerAzure, providerGcp))
+	cmd.Flags().String("azure-tenant-id", "", "Azure Tenant ID (required for Azure provider).")
+	cmd.Flags().String("gcp-service-account", "", "Customer Google Service Account (required for GCP provider).")
+	pcmd.AddEnvironmentFlag(cmd, c.AuthenticatedCLICommand)
+	pcmd.AddContextFlag(cmd, c.CLICommand)
+	pcmd.AddOutputFlag(cmd)
+
+	cobra.CheckErr(cmd.MarkFlagRequired("cloud"))
+
+	return cmd
+}
+
+func (c *command) create(cmd *cobra.Command, args []string) error {
+	displayName := args[0]
+
+	cloud, err := cmd.Flags().GetString("cloud")
+	if err != nil {
+		return err
+	}
+
+	cloud = strings.ToLower(cloud)
+	if cloud != providerAzure && cloud != providerGcp {
+		return fmt.Errorf("cloud provider must be either %s or %s", providerAzure, providerGcp)
+	}
+
+	// Get provider-specific configuration
+	var azureTenantId, gcpServiceAccount string
+	switch cloud {
+	case providerAzure:
+		azureTenantId, err = cmd.Flags().GetString("azure-tenant-id")
+		if err != nil {
+			return err
+		}
+		if azureTenantId == "" {
+			return fmt.Errorf("--azure-tenant-id is required for Azure provider integrations")
+		}
+	case providerGcp:
+		gcpServiceAccount, err = cmd.Flags().GetString("gcp-service-account")
+		if err != nil {
+			return err
+		}
+		if gcpServiceAccount == "" {
+			return fmt.Errorf("--gcp-service-account is required for GCP provider integrations")
+		}
+	}
+
+	environmentId, err := c.Context.EnvironmentId()
+	if err != nil {
+		return err
+	}
+
+	// Step 1: Create the integration in DRAFT state
+	request := piv2.PimV2Integration{
+		DisplayName: &displayName,
+		Provider:    &cloud,
+		Environment: &piv2.ObjectReference{Id: environmentId},
+	}
+
+	providerIntegration, err := c.V2Client.CreatePimV2Integration(cmd.Context(), request)
+	if err != nil {
+		return err
+	}
+
+	integrationId := providerIntegration.GetId()
+	cmd.Printf("Created provider integration %s in DRAFT state.\n", integrationId)
+
+	// Step 2: Authorize with provider-specific configuration
+	var updateConfig piv2.PimV2IntegrationUpdateConfigOneOf
+
+	switch cloud {
+	case providerAzure:
+		azureConfig := &piv2.PimV2AzureIntegrationConfig{
+			Kind:                  "AzureIntegrationConfig",
+			CustomerAzureTenantId: &azureTenantId,
+		}
+		updateConfig = piv2.PimV2AzureIntegrationConfigAsPimV2IntegrationUpdateConfigOneOf(azureConfig)
+	case providerGcp:
+		gcpConfig := &piv2.PimV2GcpIntegrationConfig{
+			Kind:                         "GcpIntegrationConfig",
+			CustomerGoogleServiceAccount: &gcpServiceAccount,
+		}
+		updateConfig = piv2.PimV2GcpIntegrationConfigAsPimV2IntegrationUpdateConfigOneOf(gcpConfig)
+	}
+
+	updateReq := piv2.PimV2IntegrationUpdate{
+		Config:      &updateConfig,
+		Environment: &piv2.ObjectReference{Id: environmentId},
+	}
+
+	updated, err := c.V2Client.UpdatePimV2Integration(cmd.Context(), integrationId, updateReq)
+	if err != nil {
+		// Extract the specific error message from the backend response
+		errorMsg := err.Error()
+		if errorMsg == "" {
+			errorMsg = "configuration error"
+		}
+
+		// If update fails, clean up the draft integration to make the operation atomic
+		cmd.Printf("Cleaning up DRAFT provider integration %s due to failure: %v\n", integrationId, errorMsg)
+		if deleteErr := c.V2Client.DeletePimV2Integration(cmd.Context(), integrationId, environmentId); deleteErr != nil {
+			cmd.Printf("Warning: Failed to clean up DRAFT provider integration %s: %v\n", integrationId, deleteErr)
+		} else {
+			cmd.Printf("Cleaned up DRAFT provider integration %s", integrationId)
+		}
+		return err
+	}
+
+	cmd.Printf("Configured %s provider settings.\n", cloud)
+
+	// Step 3: Validate the setup
+	validateReq := piv2.PimV2IntegrationValidateRequest{
+		Id:          &integrationId,
+		Environment: &piv2.GlobalObjectReference{Id: environmentId},
+	}
+
+	if err := c.V2Client.ValidatePimV2Integration(cmd.Context(), validateReq); err != nil {
+		// Show setup instructions if validation fails
+		if updated.Config != nil {
+			switch cloud {
+			case providerAzure:
+				if updated.Config.PimV2AzureIntegrationConfig != nil {
+					azureConfig := updated.Config.PimV2AzureIntegrationConfig
+					cmd.Println("\n⏳ Azure setup required:")
+					cmd.Printf("1. Run: az ad sp create --id %s\n", azureConfig.GetConfluentMultiTenantAppId())
+					cmd.Println("2. Check Azure Portal → Enterprise Applications to ensure it appears")
+					cmd.Println("3. Grant necessary permissions to the service principal")
+					cmd.Printf("\nRun 'confluent provider-integration v2 describe %s' to check status.\n", integrationId)
+				}
+			case providerGcp:
+				if updated.Config.PimV2GcpIntegrationConfig != nil {
+					gcpConfig := updated.Config.PimV2GcpIntegrationConfig
+					cmd.Println("\n⏳ GCP setup required:")
+					cmd.Printf("1. Grant Service Account Token Creator role:\n")
+					cmd.Printf("   gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \\\n")
+					cmd.Printf("     --member=\"serviceAccount:%s\" \\\n", gcpConfig.GetGoogleServiceAccount())
+					cmd.Printf("     --role=\"roles/iam.serviceAccountTokenCreator\" \\\n")
+					cmd.Printf("     --condition=\"expression=request.auth.claims.sub=='%s'\"\n\n", gcpConfig.GetGoogleServiceAccount())
+					cmd.Printf("2. Grant your service account (%s) permissions based on your connector needs\n", gcpConfig.GetCustomerGoogleServiceAccount())
+					cmd.Printf("\nRun 'confluent provider-integration v2 describe %s' to check status.\n", integrationId)
+					cmd.Println("\nNote: IAM changes may take 1-7 minutes to propagate.")
+				}
+			}
+		}
+	} else {
+		cmd.Printf("\n✓ %s setup validated successfully!\n", cases.Title(language.English).String(cloud))
+	}
+
+	// Display the final configuration
+	table := output.NewTable(cmd)
+	out := &providerIntegrationOut{
+		Id:          updated.GetId(),
+		DisplayName: updated.GetDisplayName(),
+		Provider:    updated.GetProvider(),
+		Environment: updated.Environment.GetId(),
+		Status:      updated.GetStatus(),
+	}
+
+	table.Add(out)
+	table.Filter([]string{"Id", "DisplayName", "Provider", "Environment", "Status"})
+	return table.Print()
+}

internal/provider-integration/v2/command_delete.go

@@ -0,0 +1,81 @@
+// Copyright 2024 Confluent Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v2
+
+import (
+	"github.com/spf13/cobra"
+
+	pcmd "github.com/confluentinc/cli/v4/pkg/cmd"
+	"github.com/confluentinc/cli/v4/pkg/deletion"
+	"github.com/confluentinc/cli/v4/pkg/examples"
+	"github.com/confluentinc/cli/v4/pkg/resource"
+)
+
+func (c *command) newDeleteCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "delete <id-1> [id-2] ... [id-n]",
+		Short: "Delete one or more provider integrations.",
+		Long:  "Delete one or more provider integrations. This operation cannot be undone.",
+		Args:  cobra.MinimumNArgs(1),
+		RunE:  c.delete,
+		Example: examples.BuildExampleString(
+			examples.Example{
+				Text: "Delete provider integration \"pi-123456\" in the current environment.",
+				Code: "confluent provider-integration v2 delete pi-123456",
+			},
+			examples.Example{
+				Text: "Delete provider integrations \"pi-123456\" and \"pi-789012\" in environment \"env-345678\".",
+				Code: "confluent provider-integration v2 delete pi-123456 pi-789012 --environment env-345678",
+			},
+		),
+	}
+
+	cmd.Flags().Bool("force", false, "Skip the deletion confirmation prompt.")
+	pcmd.AddEnvironmentFlag(cmd, c.AuthenticatedCLICommand)
+	pcmd.AddContextFlag(cmd, c.CLICommand)
+
+	return cmd
+}
+
+func (c *command) delete(cmd *cobra.Command, args []string) error {
+	environmentId, err := c.Context.EnvironmentId()
+	if err != nil {
+		return err
+	}
+
+	existenceFunc := func(id string) bool {
+		integration, err := c.V2Client.GetPimV2Integration(cmd.Context(), id, environmentId)
+		if err != nil {
+			return false
+		}
+		// Check if the integration has any usages
+		if len(integration.GetUsages()) > 0 {
+			cmd.Printf("Warning: provider integration %q is currently in use by %d resource(s). Remove all usages before deleting.\n", id, len(integration.GetUsages()))
+			return false
+		}
+		return true
+	}
+
+	if err := deletion.ValidateAndConfirm(cmd, args, existenceFunc, resource.ProviderIntegration); err != nil {
+		return err
+	}
+
+	deleteFunc := func(id string) error {
+		return c.V2Client.DeletePimV2Integration(cmd.Context(), id, environmentId)
+	}
+
+	_, err = deletion.Delete(cmd, args, deleteFunc, resource.ProviderIntegration)
+	return err
+}