Add sysdig_user resource (#12)

* Add sysdig_user resource

Signed-off-by: Hiroki Suezawa <[email protected]>

* Improve names for sysdig_user resource

Signed-off-by: Hiroki Suezawa <[email protected]>

Author: rung

examples/user.tf

@@ -0,0 +1,6 @@
+resource "sysdig_user" "sample" {
+  email      = "[email protected]"
+  system_role = "ROLE_CUSTOMER"
+  first_name = "John"
+  last_name  = "Smith"
+}

sysdig/provider.go

@@ -43,6 +43,7 @@ func Provider() terraform.ResourceProvider {
 			"sysdig_secure_rule_process":         resourceSysdigSecureRuleProcess(),
 			"sysdig_secure_rule_syscall":         resourceSysdigSecureRuleSyscall(),
 			"sysdig_secure_rule_falco":           resourceSysdigSecureRuleFalco(),
+			"sysdig_user":                        resourceSysdigUser(),
 
 			"sysdig_monitor_alert_downtime":      resourceSysdigMonitorAlertDowntime(),
 			"sysdig_monitor_alert_metric":        resourceSysdigMonitorAlertMetric(),

sysdig/resource_sysdig_user.go

@@ -0,0 +1,115 @@
+package sysdig
+
+import (
+	"github.com/draios/terraform-provider-sysdig/sysdig/secure"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"strconv"
+	"time"
+)
+
+func resourceSysdigUser() *schema.Resource {
+	timeout := 30 * time.Second
+
+	return &schema.Resource{
+		Create: resourceSysdigUserCreate,
+		Update: resourceSysdigUserUpdate,
+		Read:   resourceSysdigUserRead,
+		Delete: resourceSysdigUserDelete,
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"email": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"system_role": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "ROLE_USER",
+			},
+			"first_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"last_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"version": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceSysdigUserCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	user := userFromResourceData(d)
+
+	user, err := client.CreateUser(user)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(strconv.Itoa(user.ID))
+	d.Set("version", user.Version)
+
+	return nil
+}
+
+// Retrieves the information of a resource form the file and loads it in Terraform
+func resourceSysdigUserRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	id, _ := strconv.Atoi(d.Id())
+	u, err := client.GetUserById(id)
+
+	if err != nil {
+		d.SetId("")
+		return err
+	}
+
+	d.Set("version", u.Version)
+	d.Set("system_role", u.SystemRole)
+	d.Set("email", u.Email)
+	d.Set("first_name", u.FirstName)
+	d.Set("last_name", u.LastName)
+
+	return nil
+}
+
+func resourceSysdigUserUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	u := userFromResourceData(d)
+
+	u.Version = d.Get("version").(int)
+	u.ID, _ = strconv.Atoi(d.Id())
+
+	_, err := client.UpdateUser(u)
+
+	return err
+}
+
+func resourceSysdigUserDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*SysdigClients).sysdigSecureClient
+
+	id, _ := strconv.Atoi(d.Id())
+
+	return client.DeleteUser(id)
+}
+
+func userFromResourceData(d *schema.ResourceData) (u secure.User) {
+	u = secure.User{
+		SystemRole: d.Get("system_role").(string),
+		Email:      d.Get("email").(string),
+		FirstName:  d.Get("first_name").(string),
+		LastName:   d.Get("last_name").(string),
+	}
+	return u
+}

sysdig/resource_sysdig_user_test.go

@@ -0,0 +1,76 @@
+package sysdig_test
+
+import (
+	"fmt"
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+	"os"
+	"testing"
+)
+
+func TestAccUser(t *testing.T) {
+	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		Providers: map[string]terraform.ResourceProvider{
+			"sysdig": sysdig.Provider(),
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: userWithName(rText()),
+			},
+			{
+				Config: userWithSystemRole(rText()),
+			},
+			{
+				Config: userWithoutSystemRole(rText()),
+			},
+			{
+				Config: userMinimumConfiguration(rText()),
+			},
+		},
+	})
+}
+
+func userWithName(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_user" "sample" {
+  email      = "terraform-test+with-name-%[email protected]"
+  system_role = "ROLE_USER"
+  first_name = "%s"
+  last_name  = "%s"
+}`, name, name, name)
+}
+
+func userWithSystemRole(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_user" "sample" {
+  email      = "terraform-test+with-systemrole-%[email protected]"
+  system_role = "ROLE_CUSTOMER"
+  first_name = "%s"
+  last_name  = "%s"
+}`, name, name, name)
+}
+
+func userWithoutSystemRole(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_user" "sample" {
+  email      = "terraform-test+without-systemrole-%[email protected]"
+  first_name = "%s"
+  last_name  = "%s"
+}`, name, name, name)
+}
+
+func userMinimumConfiguration(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_user" "sample" {
+  email      = "terraform-test+minimum-%[email protected]"
+}`, name)
+}

sysdig/secure/client.go

@@ -20,6 +20,11 @@ type SysdigSecureClient interface {
 	GetNotificationChannelById(int) (NotificationChannel, error)
 	DeleteNotificationChannel(int) error
 	UpdateNotificationChannel(NotificationChannel) (NotificationChannel, error)
+
+	CreateUser(User) (User, error)
+	GetUserById(int) (User, error)
+	DeleteUser(int) error
+	UpdateUser(User) (User, error)
 }
 
 func NewSysdigSecureClient(sysdigSecureAPIToken string, url string) SysdigSecureClient {

sysdig/secure/models.go

@@ -194,3 +194,29 @@ func RuleFromJSON(body []byte) (rule Rule, err error) {
 	err = json.Unmarshal(body, &rule)
 	return
 }
+
+// -------- User --------
+type User struct {
+	ID         int    `json:"id,omitempty"`
+	Version    int    `json:"version,omitempty"`
+	SystemRole string `json:"systemRole,omitempty"`
+	Email      string `json:"username"`
+	FirstName  string `json:"firstName,omitempty"`
+	LastName   string `json:"lastName,omitempty"`
+}
+
+func (u *User) ToJSON() io.Reader {
+	payload, _ := json.Marshal(*u)
+	return bytes.NewBuffer(payload)
+}
+
+func UserFromJSON(body []byte) User {
+	var result userWrapper
+	json.Unmarshal(body, &result)
+
+	return result.User
+}
+
+type userWrapper struct {
+	User User `json:"user"`
+}

sysdig/secure/users.go

@@ -0,0 +1,85 @@
+package secure
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+func (client *sysdigSecureClient) GetUserById(id int) (u User, err error) {
+	response, err := client.doSysdigSecureRequest(http.MethodGet, client.GetUserUrl(id), nil)
+	if err != nil {
+		return
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK {
+		err = errors.New(response.Status)
+		return
+	}
+
+	u = UserFromJSON(body)
+
+	return
+}
+
+func (client *sysdigSecureClient) CreateUser(uRequest User) (u User, err error) {
+	response, err := client.doSysdigSecureRequest(http.MethodPost, client.GetUsersUrl(), uRequest.ToJSON())
+
+	if err != nil {
+		return
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		err = errors.New(response.Status)
+		return
+	}
+
+	u = UserFromJSON(body)
+	return
+}
+
+func (client *sysdigSecureClient) UpdateUser(uRequest User) (u User, err error) {
+	response, err := client.doSysdigSecureRequest(http.MethodPut, client.GetUserUrl(uRequest.ID), uRequest.ToJSON())
+	if err != nil {
+		return
+	}
+	defer response.Body.Close()
+
+	body, _ := ioutil.ReadAll(response.Body)
+
+	if response.StatusCode != http.StatusOK {
+		err = errors.New(response.Status)
+		return
+	}
+
+	u = UserFromJSON(body)
+	return
+}
+
+func (client *sysdigSecureClient) DeleteUser(id int) error {
+	response, err := client.doSysdigSecureRequest(http.MethodDelete, client.GetUserUrl(id), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK {
+		return errors.New(response.Status)
+	}
+	return nil
+}
+
+func (client *sysdigSecureClient) GetUsersUrl() string {
+	return fmt.Sprintf("%s/api/users", client.URL)
+}
+
+func (client *sysdigSecureClient) GetUserUrl(id int) string {
+	return fmt.Sprintf("%s/api/users/%d", client.URL, id)
+}