Merge pull request grafana#128 from jonathan-dorsey/master

Adding folder permission functionality

Author: trotttrotttrott

grafana/provider.go

@@ -31,6 +31,7 @@ func Provider() terraform.ResourceProvider {
 			"grafana_dashboard":          ResourceDashboard(),
 			"grafana_data_source":        ResourceDataSource(),
 			"grafana_folder":             ResourceFolder(),
+			"grafana_folder_permission":  ResourceFolderPermission(),
 			"grafana_organization":       ResourceOrganization(),
 			"grafana_team":               ResourceTeam(),
 			"grafana_user":               ResourceUser(),

grafana/resource_folder.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"strconv"
+	"strings"
 
 	"github.com/hashicorp/terraform/helper/schema"
 
@@ -60,7 +61,7 @@ func ReadFolder(d *schema.ResourceData, meta interface{}) error {
 
 	folder, err := client.Folder(id)
 	if err != nil {
-		if err.Error() == "404 Not Found" {
+		if strings.HasPrefix(err.Error(), "status: 404") {
 			log.Printf("[WARN] removing folder %d from state because it no longer exists in grafana", id)
 			d.SetId("")
 			return nil

grafana/resource_folder_permission.go

@@ -0,0 +1,175 @@
+package grafana
+
+import (
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+
+	gapi "github.com/grafana/grafana-api-golang-client"
+)
+
+func ResourceFolderPermission() *schema.Resource {
+	return &schema.Resource{
+		Create: UpdateFolderPermissions,
+		Read:   ReadFolderPermissions,
+		Update: UpdateFolderPermissions,
+		Delete: DeleteFolderPermissions,
+
+		Schema: map[string]*schema.Schema{
+			"folder_uid": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"permissions": {
+				Type:     schema.TypeSet,
+				Required: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"role": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validation.StringInSlice([]string{"Viewer", "Editor"}, false),
+						},
+						"team_id": {
+							Type:     schema.TypeInt,
+							Optional: true,
+							Default:  -1,
+						},
+						"user_id": {
+							Type:     schema.TypeInt,
+							Optional: true,
+							Default:  -1,
+						},
+						"permission": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validation.StringInSlice([]string{"View", "Edit", "Admin"}, false),
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func UpdateFolderPermissions(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*gapi.Client)
+
+	v, ok := d.GetOk("permissions")
+	if !ok {
+		return nil
+	}
+	permissionList := gapi.PermissionItems{}
+	for _, permission := range v.(*schema.Set).List() {
+		permission := permission.(map[string]interface{})
+		permissionItem := gapi.PermissionItem{}
+		if permission["role"].(string) != "" {
+			permissionItem.Role = permission["role"].(string)
+		}
+		if permission["team_id"].(int) != -1 {
+			permissionItem.TeamId = int64(permission["team_id"].(int))
+		}
+		if permission["user_id"].(int) != -1 {
+			permissionItem.UserId = int64(permission["user_id"].(int))
+		}
+		permissionItem.Permission = mapPermissionStringToInt64(permission["permission"].(string))
+		permissionList.Items = append(permissionList.Items, &permissionItem)
+	}
+
+	folderUID := d.Get("folder_uid").(string)
+
+	err := client.UpdateFolderPermissions(folderUID, &permissionList)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(folderUID)
+
+	return ReadFolderPermissions(d, meta)
+}
+
+func ReadFolderPermissions(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*gapi.Client)
+
+	folderUID := d.Get("folder_uid").(string)
+
+	folderPermissions, err := client.FolderPermissions(folderUID)
+	if err != nil {
+		if strings.HasPrefix(err.Error(), "status: 404") {
+			log.Printf("[WARN] removing folder %s from state because it no longer exists in grafana", folderUID)
+			d.SetId("")
+			return nil
+		}
+
+		return err
+	}
+
+	permissionItems := make([]interface{}, len(folderPermissions))
+	count := 0
+	for _, permission := range folderPermissions {
+		if permission.FolderUid != "" {
+			permissionItem := make(map[string]interface{})
+			permissionItem["role"] = permission.Role
+			permissionItem["team_id"] = permission.TeamId
+			permissionItem["user_id"] = permission.UserId
+			permissionItem["permission"] = mapPermissionInt64ToString(permission.Permission)
+
+			permissionItems[count] = permission
+			count++
+		}
+	}
+
+	d.Set("permissions", permissionItems)
+
+	return nil
+}
+
+func DeleteFolderPermissions(d *schema.ResourceData, meta interface{}) error {
+	//since permissions are tied to folders, we can't really delete the permissions.
+	//we will simply remove all permissions, leaving a folder that only an admin can access.
+	//if for some reason the parent folder doesn't exist, we'll just ignore the error
+	client := meta.(*gapi.Client)
+
+	folderUID := d.Get("folder_uid").(string)
+	emptyPermissions := gapi.PermissionItems{}
+
+	err := client.UpdateFolderPermissions(folderUID, &emptyPermissions)
+	if err != nil {
+		if strings.HasPrefix(err.Error(), "status: 404") {
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	return nil
+}
+
+func mapPermissionStringToInt64(permission string) int64 {
+	permissionInt := int64(-1)
+	switch permission {
+	case "View":
+		permissionInt = int64(1)
+	case "Edit":
+		permissionInt = int64(2)
+	case "Admin":
+		permissionInt = int64(4)
+	}
+	return permissionInt
+}
+
+func mapPermissionInt64ToString(permission int64) string {
+	permissionString := "-1"
+	switch permission {
+	case 1:
+		permissionString = "View"
+	case 2:
+		permissionString = "Edit"
+	case 4:
+		permissionString = "Admin"
+	}
+	return permissionString
+}

grafana/resource_folder_permission_test.go

@@ -0,0 +1,151 @@
+package grafana
+
+import (
+	"fmt"
+	"testing"
+
+	gapi "github.com/grafana/grafana-api-golang-client"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccFolderPermission_basic(t *testing.T) {
+	folderUID := "uninitialized"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccFolderPermissionCheckDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFolderPermissionConfig_Basic,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccFolderPermissionsCheckExists("grafana_folder_permission.testPermission", &folderUID),
+					resource.TestCheckResourceAttr("grafana_folder_permission.testPermission", "permissions.#", "4"),
+				),
+			},
+			{
+				Config: testAccFolderPermissionConfig_Remove,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccFolderPermissionsCheckEmpty(&folderUID),
+				),
+			},
+		},
+	})
+}
+
+func testAccFolderPermissionsCheckExists(rn string, folderUID *string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[rn]
+		if !ok {
+			return fmt.Errorf("Resource not found: %s\n %#v", rn, s.RootModule().Resources)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("Resource id not set")
+		}
+
+		client := testAccProvider.Meta().(*gapi.Client)
+
+		gotFolderUID := rs.Primary.ID
+		_, err := client.FolderPermissions(gotFolderUID)
+		if err != nil {
+			return fmt.Errorf("Error getting folder permissions: %s", err)
+		}
+
+		*folderUID = gotFolderUID
+
+		return nil
+	}
+}
+
+func testAccFolderPermissionsCheckEmpty(folderUID *string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := testAccProvider.Meta().(*gapi.Client)
+		permissions, err := client.FolderPermissions(*folderUID)
+		if err != nil {
+			return fmt.Errorf("Error getting folder permissions %s: %s", *folderUID, err)
+		}
+		if len(permissions) > 0 {
+			return fmt.Errorf("Permissions were not empty when expected")
+		}
+
+		return nil
+	}
+}
+
+func testAccFolderPermissionCheckDestroy() resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		//you can't really destroy folder permissions so nothing to check for
+		return nil
+	}
+}
+
+func testAccFolderPermissionsRemoval(permissions *gapi.FolderPermission) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		//since the permissions aren't deleted, let's just check if we have empty permissions
+		client := testAccProvider.Meta().(*gapi.Client)
+		newPermissions, err := client.FolderPermissions(permissions.FolderUid)
+		if err != nil {
+			return fmt.Errorf(err.Error())
+		}
+		if len(newPermissions) > 0 {
+			return fmt.Errorf("Permissions still exist for folder")
+		}
+		return nil
+	}
+}
+
+const testAccFolderPermissionConfig_Basic = `
+resource "grafana_folder" "testFolder" {
+  title = "terraform-test-folder-permissions"
+}
+
+resource "grafana_team" "testTeam" {
+  name = "terraform-test-team-permissions"
+}
+  
+resource "grafana_user" "testAdminUser" {
+  email    = "terraform-test-permissions@localhost"
+  name     = "Terraform Test Permissions"
+  login    = "ttp"
+  password = "zyx987"
+}
+  
+resource "grafana_folder_permission" "testPermission" {
+  folder_uid = grafana_folder.testFolder.uid
+  permissions {
+    role       = "Viewer"
+    permission = "View"
+  }
+  permissions {
+    role       = "Editor"
+    permission = "Edit"
+  }
+  permissions {
+    team_id    = grafana_team.testTeam.id
+    permission = "View"
+  }
+  permissions {
+    user_id    = grafana_user.testAdminUser.id
+    permission = "Admin"
+  }
+}
+`
+const testAccFolderPermissionConfig_Remove = `
+resource "grafana_folder" "testFolder" {
+  title = "terraform-test-folder-permissions"
+}
+
+resource "grafana_team" "testTeam" {
+  name = "terraform-test-team-permissions"
+}
+  
+resource "grafana_user" "testAdminUser" {
+  email    = "terraform-test-permissions@localhost"
+  name     = "Terraform Test Permissions"
+  login    = "ttp"
+  password = "zyx987"
+}
+`