Set-up muxing with new provider framework (#1206)

* Set-up muxing with new provider framework
This PR sets up the migration from the old provider SDK (what we're using) to the new plugin framework
The migration process is outlined here: https://developer.hashicorp.com/terraform/plugin/framework/migrating

Essentially, it consists of running two providers side by side with the exact same config and migrate resources one by one
The client configuration is now done using the new plugin framework config (go struct) object, and the legacy provider config (d.Get(...)) is translated into the plugin framework config
This PR is a no-op in the sense that no current resources are modified

This PR is also the first step to use TF code generation (https://developer.hashicorp.com/terraform/plugin/code-generation) since it generates TF plugin framework code (not old SDK code)

* Apply suggestions from code review

Co-authored-by: Selene <[email protected]>

---------

Co-authored-by: Selene <[email protected]>

Author: julienduchesne

go.mod

@@ -19,6 +19,10 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.7.5
 	github.com/hashicorp/hcl/v2 v2.19.1
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
+	github.com/hashicorp/terraform-plugin-framework v1.4.2
+	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0
+	github.com/hashicorp/terraform-plugin-go v0.19.0
+	github.com/hashicorp/terraform-plugin-mux v0.12.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
 	github.com/prometheus/common v0.45.0
 	golang.org/x/text v0.14.0
@@ -61,7 +65,6 @@ require (
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform-exec v0.19.0 // indirect
 	github.com/hashicorp/terraform-json v0.17.1 // indirect
-	github.com/hashicorp/terraform-plugin-go v0.19.0 // indirect
 	github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
 	github.com/hashicorp/terraform-registry-address v0.2.2 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect

go.sum

@@ -163,10 +163,16 @@ github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQH
 github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
 github.com/hashicorp/terraform-plugin-docs v0.16.0 h1:UmxFr3AScl6Wged84jndJIfFccGyBZn52KtMNsS12dI=
 github.com/hashicorp/terraform-plugin-docs v0.16.0/go.mod h1:M3ZrlKBJAbPMtNOPwHicGi1c+hZUh7/g0ifT/z7TVfA=
+github.com/hashicorp/terraform-plugin-framework v1.4.2 h1:P7a7VP1GZbjc4rv921Xy5OckzhoiO3ig6SGxwelD2sI=
+github.com/hashicorp/terraform-plugin-framework v1.4.2/go.mod h1:GWl3InPFZi2wVQmdVnINPKys09s9mLmTZr95/ngLnbY=
+github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 h1:HOjBuMbOEzl7snOdOoUfE2Jgeto6JOjLVQ39Ls2nksc=
+github.com/hashicorp/terraform-plugin-framework-validators v0.12.0/go.mod h1:jfHGE/gzjxYz6XoUwi/aYiiKrJDeutQNUtGQXkaHklg=
 github.com/hashicorp/terraform-plugin-go v0.19.0 h1:BuZx/6Cp+lkmiG0cOBk6Zps0Cb2tmqQpDM3iAtnhDQU=
 github.com/hashicorp/terraform-plugin-go v0.19.0/go.mod h1:EhRSkEPNoylLQntYsk5KrDHTZJh9HQoumZXbOGOXmec=
 github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=
 github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow=
+github.com/hashicorp/terraform-plugin-mux v0.12.0 h1:TJlmeslQ11WlQtIFAfth0vXx+gSNgvMEng2Rn9z3WZY=
+github.com/hashicorp/terraform-plugin-mux v0.12.0/go.mod h1:8MR0AgmV+Q03DIjyrAKxXyYlq2EUnYBQP8gxAAA0zeM=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 h1:X7vB6vn5tON2b49ILa4W7mFAsndeqJ7bZFOGbVO+0Cc=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0/go.mod h1:ydFcxbdj6klCqYEPkPvdvFKiNGKZLUs+896ODUXCyao=
 github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno=

internal/provider/configure_clients.go

@@ -0,0 +1,310 @@
+package provider
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+
+	onCallAPI "github.com/grafana/amixr-api-go-client"
+	gapi "github.com/grafana/grafana-api-golang-client"
+	goapi "github.com/grafana/grafana-openapi-client-go/client"
+	"github.com/grafana/machine-learning-go-client/mlapi"
+	SMAPI "github.com/grafana/synthetic-monitoring-api-go-client"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/grafana/terraform-provider-grafana/internal/common"
+	"github.com/grafana/terraform-provider-grafana/internal/resources/grafana"
+	"github.com/hashicorp/go-cleanhttp"
+	"github.com/hashicorp/go-retryablehttp"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+func createClients(providerConfig frameworkProviderConfig) (*common.Client, error) {
+	var err error
+	c := &common.Client{}
+	if !providerConfig.Auth.IsNull() {
+		c.GrafanaAPIURL, c.GrafanaAPIConfig, c.GrafanaAPI, err = createGrafanaClient(providerConfig)
+		if err != nil {
+			return nil, err
+		}
+		if c.GrafanaAPIURLParsed, err = url.Parse(c.GrafanaAPIURL); err != nil {
+			return nil, err
+		}
+		c.GrafanaOAPI, err = createGrafanaOAPIClient(providerConfig)
+		if err != nil {
+			return nil, err
+		}
+		c.MLAPI, err = createMLClient(c.GrafanaAPIURL, c.GrafanaAPIConfig)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if !providerConfig.CloudAPIKey.IsNull() {
+		c.GrafanaCloudAPI, err = createCloudClient(providerConfig)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if !providerConfig.SMAccessToken.IsNull() {
+		retryClient := retryablehttp.NewClient()
+		retryClient.RetryMax = int(providerConfig.Retries.ValueInt64())
+		if wait := providerConfig.RetryWait.ValueInt64(); wait > 0 {
+			retryClient.RetryWaitMin = time.Second * time.Duration(wait)
+			retryClient.RetryWaitMax = time.Second * time.Duration(wait)
+		}
+
+		c.SMAPI = SMAPI.NewClient(providerConfig.SMURL.ValueString(), providerConfig.SMAccessToken.ValueString(), retryClient.StandardClient())
+	}
+	if !providerConfig.OncallAccessToken.IsNull() {
+		var onCallClient *onCallAPI.Client
+		onCallClient, err = createOnCallClient(providerConfig)
+		if err != nil {
+			return nil, err
+		}
+		onCallClient.UserAgent = providerConfig.UserAgent.ValueString()
+		c.OnCallClient = onCallClient
+	}
+
+	grafana.StoreDashboardSHA256 = providerConfig.StoreDashboardSha256.ValueBool()
+
+	return c, nil
+}
+
+func createGrafanaClient(providerConfig frameworkProviderConfig) (string, *gapi.Config, *gapi.Client, error) {
+	cli := cleanhttp.DefaultClient()
+	transport := cleanhttp.DefaultTransport()
+	// limiting the amount of concurrent HTTP connections from the provider
+	// makes it not overload the API and DB
+	transport.MaxConnsPerHost = 2
+
+	tlsClientConfig, err := parseTLSconfig(providerConfig)
+	if err != nil {
+		return "", nil, nil, err
+	}
+	transport.TLSClientConfig = tlsClientConfig
+	cli.Transport = transport
+
+	apiURL := providerConfig.URL.ValueString()
+
+	userInfo, orgID, apiKey, err := parseAuth(providerConfig)
+	if err != nil {
+		return "", nil, nil, err
+	}
+
+	cfg := gapi.Config{
+		Client:           cli,
+		NumRetries:       int(providerConfig.Retries.ValueInt64()),
+		RetryTimeout:     time.Second * time.Duration(providerConfig.RetryWait.ValueInt64()),
+		RetryStatusCodes: setToStringArray(providerConfig.RetryStatusCodes.Elements()),
+		BasicAuth:        userInfo,
+		OrgID:            orgID,
+		APIKey:           apiKey,
+	}
+
+	if cfg.HTTPHeaders, err = getHTTPHeadersMap(providerConfig); err != nil {
+		return "", nil, nil, err
+	}
+
+	gclient, err := gapi.New(apiURL, cfg)
+	if err != nil {
+		return "", nil, nil, err
+	}
+	return apiURL, &cfg, gclient, nil
+}
+
+func createGrafanaOAPIClient(providerConfig frameworkProviderConfig) (*goapi.GrafanaHTTPAPI, error) {
+	tlsClientConfig, err := parseTLSconfig(providerConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	u, err := url.Parse(providerConfig.URL.ValueString())
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse API url: %v", err.Error())
+	}
+	apiPath, err := url.JoinPath(u.Path, "api")
+	if err != nil {
+		return nil, fmt.Errorf("failed to join API path: %v", err.Error())
+	}
+
+	userInfo, orgID, apiKey, err := parseAuth(providerConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	cfg := goapi.TransportConfig{
+		Host:             u.Host,
+		BasePath:         apiPath,
+		Schemes:          []string{u.Scheme},
+		NumRetries:       int(providerConfig.Retries.ValueInt64()),
+		RetryTimeout:     time.Second * time.Duration(providerConfig.RetryWait.ValueInt64()),
+		RetryStatusCodes: setToStringArray(providerConfig.RetryStatusCodes.Elements()),
+		TLSConfig:        tlsClientConfig,
+		BasicAuth:        userInfo,
+		OrgID:            orgID,
+		APIKey:           apiKey,
+	}
+
+	if cfg.HTTPHeaders, err = getHTTPHeadersMap(providerConfig); err != nil {
+		return nil, err
+	}
+
+	return goapi.NewHTTPClientWithConfig(strfmt.Default, &cfg), nil
+}
+
+func createMLClient(url string, grafanaCfg *gapi.Config) (*mlapi.Client, error) {
+	mlcfg := mlapi.Config{
+		BasicAuth:   grafanaCfg.BasicAuth,
+		BearerToken: grafanaCfg.APIKey,
+		Client:      grafanaCfg.Client,
+		NumRetries:  grafanaCfg.NumRetries,
+	}
+	mlURL := url
+	if !strings.HasSuffix(mlURL, "/") {
+		mlURL += "/"
+	}
+	mlURL += "api/plugins/grafana-ml-app/resources"
+	mlclient, err := mlapi.New(mlURL, mlcfg)
+	if err != nil {
+		return nil, err
+	}
+	return mlclient, nil
+}
+
+func createCloudClient(providerConfig frameworkProviderConfig) (*gapi.Client, error) {
+	cfg := gapi.Config{
+		APIKey:       providerConfig.CloudAPIKey.ValueString(),
+		NumRetries:   int(providerConfig.Retries.ValueInt64()),
+		RetryTimeout: time.Second * time.Duration(providerConfig.RetryWait.ValueInt64()),
+	}
+
+	var err error
+	if cfg.HTTPHeaders, err = getHTTPHeadersMap(providerConfig); err != nil {
+		return nil, err
+	}
+
+	return gapi.New(providerConfig.CloudAPIURL.ValueString(), cfg)
+}
+
+func createOnCallClient(providerConfig frameworkProviderConfig) (*onCallAPI.Client, error) {
+	return onCallAPI.New(providerConfig.OncallURL.ValueString(), providerConfig.OncallAccessToken.ValueString())
+}
+
+// Sets a custom HTTP Header on all requests coming from the Grafana Terraform Provider to Grafana-Terraform-Provider: true
+// in addition to any headers set within the `http_headers` field or the `GRAFANA_HTTP_HEADERS` environment variable
+func getHTTPHeadersMap(providerConfig frameworkProviderConfig) (map[string]string, error) {
+	headers := map[string]string{"Grafana-Terraform-Provider": "true"}
+	for k, v := range providerConfig.HTTPHeaders.Elements() {
+		if vString, ok := v.(types.String); ok {
+			headers[k] = vString.ValueString()
+		} else {
+			return nil, fmt.Errorf("invalid header value for %s: %v", k, v)
+		}
+	}
+
+	return headers, nil
+}
+
+func createTempFileIfLiteral(value string) (path string, tempFile bool, err error) {
+	if value == "" {
+		return "", false, nil
+	}
+
+	if _, err := os.Stat(value); errors.Is(err, os.ErrNotExist) {
+		// value is not a file path, assume it's a literal
+		f, err := os.CreateTemp("", "grafana-provider-tls")
+		if err != nil {
+			return "", false, err
+		}
+		if _, err := f.WriteString(value); err != nil {
+			return "", false, err
+		}
+		if err := f.Close(); err != nil {
+			return "", false, err
+		}
+		return f.Name(), true, nil
+	}
+
+	return value, false, nil
+}
+
+func parseAuth(providerConfig frameworkProviderConfig) (*url.Userinfo, int64, string, error) {
+	auth := strings.SplitN(providerConfig.Auth.ValueString(), ":", 2)
+	var orgID int64 = 1
+	if !providerConfig.OrgID.IsNull() {
+		orgID = providerConfig.OrgID.ValueInt64()
+	}
+
+	if len(auth) == 2 {
+		return url.UserPassword(auth[0], auth[1]), orgID, "", nil
+	} else if auth[0] != "anonymous" {
+		if orgID > 1 {
+			return nil, 0, "", fmt.Errorf("org_id is only supported with basic auth. API keys are already org-scoped")
+		}
+		return nil, 0, auth[0], nil
+	}
+	return nil, 0, "", nil
+}
+
+func parseTLSconfig(providerConfig frameworkProviderConfig) (*tls.Config, error) {
+	tlsClientConfig := &tls.Config{}
+
+	tlsKeyFile, tempFile, err := createTempFileIfLiteral(providerConfig.TLSKey.ValueString())
+	if err != nil {
+		return nil, err
+	}
+	if tempFile {
+		defer os.Remove(tlsKeyFile)
+	}
+	tlsCertFile, tempFile, err := createTempFileIfLiteral(providerConfig.TLSCert.ValueString())
+	if err != nil {
+		return nil, err
+	}
+	if tempFile {
+		defer os.Remove(tlsCertFile)
+	}
+	caCertFile, tempFile, err := createTempFileIfLiteral(providerConfig.CACert.ValueString())
+	if err != nil {
+		return nil, err
+	}
+	if tempFile {
+		defer os.Remove(caCertFile)
+	}
+
+	insecure := providerConfig.InsecureSkipVerify.ValueBool()
+	if caCertFile != "" {
+		ca, err := os.ReadFile(caCertFile)
+		if err != nil {
+			return nil, err
+		}
+		pool := x509.NewCertPool()
+		pool.AppendCertsFromPEM(ca)
+		tlsClientConfig.RootCAs = pool
+	}
+	if tlsKeyFile != "" && tlsCertFile != "" {
+		cert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile)
+		if err != nil {
+			return nil, err
+		}
+		tlsClientConfig.Certificates = []tls.Certificate{cert}
+	}
+	if insecure {
+		tlsClientConfig.InsecureSkipVerify = true
+	}
+
+	return tlsClientConfig, nil
+}
+
+func setToStringArray(set []attr.Value) []string {
+	var result []string
+	for _, v := range set {
+		result = append(result, v.(types.String).ValueString())
+	}
+	return result
+}