Depluralize rules and databases blocks within roles (#408)

RedisLabs · Aug 3, 2023 · 4cdb14d · 4cdb14d
1 parent 67f06f6
commit 4cdb14d
Show file tree

Hide file tree

Showing 10 changed files with 75 additions and 75 deletions.
diff --git a/docs/data-sources/rediscloud_acl_role.md b/docs/data-sources/rediscloud_acl_role.md
@@ -29,14 +29,14 @@ output "rediscloud_acl_role" {
 
 * `id` - Identifier of the found Role.
 * `name` - The Role's name.
-* `rules` - The Rules associated with the Role.
+* `rule` - The Rules associated with the Role.
 
-The `rules` list is made of objects with:
+The `rule` block supports:
 
 * `name` - Name of the Rule.
-* `databases` - a list of database association objects, documented below.
+* `database` - a set of database association objects, documented below.
 
-The `databases` list is made of objects with:
+The `database` block supports:
 
 * `subscription` ID of the subscription containing the database.
 * `database` ID of the database to which the Rule should apply.

diff --git a/docs/resources/rediscloud_acl_role.md b/docs/resources/rediscloud_acl_role.md
@@ -14,18 +14,18 @@ Creates a Role in your Redis Enterprise Cloud Account.
 ```hcl
 resource "rediscloud_acl_role" "role-resource-implicit" {
   name = "fast-admin"
-  rules {
+  rule {
     # An implicit dependency is recommended
     name = rediscloud_acl_role.cache_reader.name
     # Implicit dependencies used throughout
-    databases {
+    database {
       subscription = rediscloud_active_active_subscription_database.subscription-resource-1.id
       database     = rediscloud_active_active_subscription_database.database-resource-1.db_id
       regions      = [
         for r in rediscloud_active_active_subscription_database.database-resource-1.override_region : r.name
       ]
     }
-    databases {
+    database {
       subscription = rediscloud_subscription.subscription-resource-2.id
       database     = rediscloud_subscription_database.database-resource-2.db_id
     }
@@ -34,10 +34,10 @@ resource "rediscloud_acl_role" "role-resource-implicit" {
 
 resource "rediscloud_acl_role" "role-resource-explicit" {
   name = "fast-admin"
-  rules {
+  rule {
     name = "cache-reader"
     # Active-Active database omitted for brevity
-    databases {
+    database {
       subscription = 123456
       database     = 9830
     }
@@ -59,15 +59,15 @@ The following arguments are supported:
   referred to
   by name (and not ID), this could break existing references. See the [User](rediscloud_acl_user.md) resource
   documentation.**
-* `rules` - (Required, minimum 1) A list of rule association objects, documented below.
+* `rule` - (Required, minimum 1) A set of rule association objects, documented below.
 
-The `rules` list supports:
+The `rule` block supports:
 
 * `name` (Required) - Name of the Rule. It is recommended an implicit dependency is used here. `depends_on` could be
   used instead by waiting for a Rule resource with a matching `name`.
-* `databases` - (Required, minimum 1) a list of database association objects, documented below.
+* `database` - (Required, minimum 1) a set of database association objects, documented below.
 
-The `databases` list supports:
+The `database` block supports:
 
 * `subscription` (Required) - ID of the subscription containing the database.
 * `database` (Required) - ID of the database to which the Rule should apply.
@@ -86,14 +86,14 @@ specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-
 
 * `id` - Identifier of the Role created.
 * `name` - The Role's name.
-* `rules` - The Rules associated with the Role.
+* `rule` - The Rules associated with the Role.
 
-The `rules` list is made of objects with:
+The `rule` block supports:
 
 * `name` - Name of the Rule.
-* `databases` - a list of database association objects, documented below.
+* `database` - The Databases the Rule applies to.
 
-The `databases` list is made of objects with:
+The `database` block supports:
 
 * `subscription` ID of the subscription containing the database.
 * `database` ID of the database to which the Rule should apply.

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/RedisLabs/terraform-provider-rediscloud
 go 1.19
 
 require (
-	github.com/RedisLabs/rediscloud-go-api v0.5.2
+	github.com/RedisLabs/rediscloud-go-api v0.5.3
 	github.com/bflad/tfproviderlint v0.29.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1

diff --git a/go.sum b/go.sum
@@ -7,8 +7,8 @@ github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/RedisLabs/rediscloud-go-api v0.5.2 h1:wwfUEbrH2oMOwk32ZLQpu/cVYpAgHsp1oqX40+ro/ns=
-github.com/RedisLabs/rediscloud-go-api v0.5.2/go.mod h1:cfuU+p/rgB+TObm0cq+AkyxwXWra8JOrPLKKj+nv7lM=
+github.com/RedisLabs/rediscloud-go-api v0.5.3 h1:m2yKijrLfrNLmXBW8K7y2bfxbFXfsvnB0zVtx7JUaCo=
+github.com/RedisLabs/rediscloud-go-api v0.5.3/go.mod h1:cfuU+p/rgB+TObm0cq+AkyxwXWra8JOrPLKKj+nv7lM=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=

diff --git a/provider/datasource_rediscloud_acl_role.go b/provider/datasource_rediscloud_acl_role.go
@@ -20,7 +20,7 @@ func dataSourceRedisCloudAclRole() *schema.Resource {
 				Type:        schema.TypeString,
 				Required:    true,
 			},
-			"rules": {
+			"rule": {
 				Description: "This Role's permissions and the databases to which they apply",
 				Type:        schema.TypeSet,
 				Computed:    true,
@@ -31,7 +31,7 @@ func dataSourceRedisCloudAclRole() *schema.Resource {
 							Type:        schema.TypeString,
 							Computed:    true,
 						},
-						"databases": {
+						"database": {
 							Description: "The databases to which this Rule applies",
 							Type:        schema.TypeSet,
 							Computed:    true,
@@ -95,7 +95,7 @@ func dataSourceRedisCloudAclRoleRead(ctx context.Context, d *schema.ResourceData
 	if err := d.Set("name", redis.StringValue(role.Name)); err != nil {
 		return diag.FromErr(err)
 	}
-	if err := d.Set("rules", flattenRules(role.RedisRules)); err != nil {
+	if err := d.Set("rule", flattenRules(role.RedisRules)); err != nil {
 		return diag.FromErr(err)
 	}
 

diff --git a/provider/datasource_rediscloud_acl_role_test.go b/provider/datasource_rediscloud_acl_role_test.go
@@ -40,12 +40,12 @@ func TestAccDataSourceRedisCloudAclRole_Default(t *testing.T) {
 					resource.TestMatchResourceAttr(
 						"data.rediscloud_acl_role.test", "id", regexp.MustCompile("^\\d*$")),
 					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "name", testName),
-					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rules.#", "1"),
-					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rules.0.name", "Read-Only"),
-					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rules.0.databases.#", "1"),
-					resource.TestMatchResourceAttr("data.rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")),
-					resource.TestMatchResourceAttr("data.rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")),
-					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "0"),
+					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rule.#", "1"),
+					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rule.0.name", "Read-Only"),
+					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rule.0.database.#", "1"),
+					resource.TestMatchResourceAttr("data.rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")),
+					resource.TestMatchResourceAttr("data.rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")),
+					resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rule.0.database.0.regions.#", "0"),
 				),
 			},
 		},
@@ -105,9 +105,9 @@ resource "rediscloud_subscription_database" "example" {
 
 resource "rediscloud_acl_role" "test" {
 	name = "%s"
-	rules {
+	rule {
 		name = "Read-Only"
-		databases {
+		database {
 			subscription = rediscloud_subscription.example.id
 			database = rediscloud_subscription_database.example.db_id
 		}

diff --git a/provider/datasource_rediscloud_acl_user_test.go b/provider/datasource_rediscloud_acl_user_test.go
@@ -105,9 +105,9 @@ resource "rediscloud_subscription_database" "example" {
 
 resource "rediscloud_acl_role" "example" {
 	name = "%s"
-	rules {
+	rule {
 		name = "Read-Only"
-		databases {
+		database {
 			subscription = rediscloud_subscription.example.id
 			database = rediscloud_subscription_database.example.db_id
 		}

diff --git a/provider/resource_rediscloud_acl_role.go b/provider/resource_rediscloud_acl_role.go
@@ -38,7 +38,7 @@ func resourceRedisCloudAclRole() *schema.Resource {
 				Type:        schema.TypeString,
 				Required:    true,
 			},
-			"rules": {
+			"rule": {
 				Description: "A set of rules which apply to the role",
 				Type:        schema.TypeSet,
 				Required:    true,
@@ -50,7 +50,7 @@ func resourceRedisCloudAclRole() *schema.Resource {
 							Type:        schema.TypeString,
 							Required:    true,
 						},
-						"databases": {
+						"database": {
 							Description: "A set of databases to whom this rule applies within the role",
 							Type:        schema.TypeSet,
 							Required:    true,
@@ -133,7 +133,7 @@ func resourceRedisCloudAclRoleRead(ctx context.Context, d *schema.ResourceData,
 	if err := d.Set("name", redis.StringValue(role.Name)); err != nil {
 		return diag.FromErr(err)
 	}
-	if err := d.Set("rules", flattenRules(role.RedisRules)); err != nil {
+	if err := d.Set("rule", flattenRules(role.RedisRules)); err != nil {
 		return diag.FromErr(err)
 	}
 	return diags
@@ -147,7 +147,7 @@ func resourceRedisCloudAclRoleUpdate(ctx context.Context, d *schema.ResourceData
 		return diag.FromErr(err)
 	}
 
-	if d.HasChanges("name", "rules") {
+	if d.HasChanges("name", "rule") {
 		updateRoleRequest := roles.CreateRoleRequest{}
 
 		name := d.Get("name").(string)
@@ -214,14 +214,14 @@ func resourceRedisCloudAclRoleDelete(ctx context.Context, d *schema.ResourceData
 
 func extractRules(d *schema.ResourceData) []*roles.CreateRuleInRoleRequest {
 	associateWithRules := make([]*roles.CreateRuleInRoleRequest, 0)
-	rules := d.Get("rules").(*schema.Set).List()
+	rules := d.Get("rule").(*schema.Set).List()
 	for _, rule := range rules {
 		ruleMap := rule.(map[string]interface{})
 
 		ruleName := ruleMap["name"].(string)
 		associateWithDatabases := make([]*roles.CreateDatabaseInRuleInRoleRequest, 0)
 
-		databases := ruleMap["databases"].(*schema.Set).List()
+		databases := ruleMap["database"].(*schema.Set).List()
 		for _, database := range databases {
 			databaseMap := database.(map[string]interface{})
 
@@ -258,8 +258,8 @@ func flattenRules(rules []*roles.GetRuleInRoleResponse) []map[string]interface{}
 
 	for _, rule := range rules {
 		tf := map[string]interface{}{
-			"name":      redis.StringValue(rule.RuleName),
-			"databases": flattenDatabases(rule.Databases),
+			"name":     redis.StringValue(rule.RuleName),
+			"database": flattenDatabases(rule.Databases),
 		}
 		tfs = append(tfs, tf)
 	}

diff --git a/provider/resource_rediscloud_acl_role_test.go b/provider/resource_rediscloud_acl_role_test.go
@@ -41,12 +41,12 @@ func TestAccCreateReadUpdateImportDeleteAclRole_Flexible(t *testing.T) {
 				Config: testCreateTerraform,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "name", testRoleName),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.#", "1"),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.name", exampleRuleName),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.#", "1"),
-					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")),
-					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "0"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.#", "1"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.name", exampleRuleName),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.#", "1"),
+					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")),
+					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.#", "0"),
 
 					// Test role exists
 					func(s *terraform.State) error {
@@ -76,12 +76,12 @@ func TestAccCreateReadUpdateImportDeleteAclRole_Flexible(t *testing.T) {
 				Config: testUpdateTerraform,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "name", testRoleName+"-updated"),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.#", "1"),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.name", exampleRuleName),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.#", "1"),
-					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")),
-					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "0"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.#", "1"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.name", exampleRuleName),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.#", "1"),
+					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")),
+					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.#", "0"),
 				),
 			},
 			// Test that the role is imported successfully
@@ -120,14 +120,14 @@ func TestAccCreateReadUpdateImportDeleteAclRole_ActiveActive(t *testing.T) {
 				Config: testCreateTerraform,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "name", testRoleName),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.#", "1"),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.name", "Read-Only"),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.#", "1"),
-					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")),
-					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "2"),
-					resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.*", "us-east-1"),
-					resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.*", "us-east-2"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.#", "1"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.name", "Read-Only"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.#", "1"),
+					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")),
+					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.#", "2"),
+					resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.*", "us-east-1"),
+					resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.*", "us-east-2"),
 
 					// Test role exist
 					func(s *terraform.State) error {
@@ -157,14 +157,14 @@ func TestAccCreateReadUpdateImportDeleteAclRole_ActiveActive(t *testing.T) {
 				Config: testUpdateTerraform,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "name", testRoleName+"-updated"),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.#", "1"),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.name", "Read-Only"),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.#", "1"),
-					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")),
-					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")),
-					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "2"),
-					resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.*", "us-east-1"),
-					resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.*", "us-east-2"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.#", "1"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.name", "Read-Only"),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.#", "1"),
+					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")),
+					resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")),
+					resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.#", "2"),
+					resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.*", "us-east-1"),
+					resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.*", "us-east-2"),
 				),
 			},
 			// Test that the role is imported successfully
@@ -188,9 +188,9 @@ resource "rediscloud_acl_rule" "example" {
 const testRole = `
 resource "rediscloud_acl_role" "test" {
 	name = "%s"
-	rules {
+	rule {
 		name = rediscloud_acl_rule.example.name
-		databases {
+		database {
 			subscription = rediscloud_subscription.example.id
 			database = rediscloud_subscription_database.example.db_id
 		}
@@ -201,9 +201,9 @@ resource "rediscloud_acl_role" "test" {
 const testAADatabaseRole = `
 resource "rediscloud_acl_role" "test" {
 	name = "%s"
-	rules {
+	rule {
 		name = "Read-Only"
-		databases {
+		database {
 			subscription = rediscloud_active_active_subscription.example.id
 			database = rediscloud_active_active_subscription_database.example.db_id
 			regions = [

diff --git a/provider/resource_rediscloud_acl_user_test.go b/provider/resource_rediscloud_acl_user_test.go
@@ -201,9 +201,9 @@ func TestAccResourceRedisCloudAclUser_NewPassword(t *testing.T) {
 const referencableRole = `
 resource "rediscloud_acl_role" "example" {
     name = "%s"
-	rules {
+	rule {
 		name = "Read-Only"
-		databases {
+		database {
 			subscription = rediscloud_subscription.example.id
 			database = rediscloud_subscription_database.example.db_id
 		}