From 4cdb14dc616682a5b478872e8e6e5767a68f1819 Mon Sep 17 00:00:00 2001 From: John Sharpe Date: Thu, 3 Aug 2023 12:50:15 +0100 Subject: [PATCH] Depluralize rules and databases blocks within roles (#408) --- docs/data-sources/rediscloud_acl_role.md | 8 +-- docs/resources/rediscloud_acl_role.md | 26 ++++---- go.mod | 2 +- go.sum | 4 +- provider/datasource_rediscloud_acl_role.go | 6 +- .../datasource_rediscloud_acl_role_test.go | 16 ++--- .../datasource_rediscloud_acl_user_test.go | 4 +- provider/resource_rediscloud_acl_role.go | 16 ++--- provider/resource_rediscloud_acl_role_test.go | 64 +++++++++---------- provider/resource_rediscloud_acl_user_test.go | 4 +- 10 files changed, 75 insertions(+), 75 deletions(-) diff --git a/docs/data-sources/rediscloud_acl_role.md b/docs/data-sources/rediscloud_acl_role.md index 74468916..6bb34fe1 100644 --- a/docs/data-sources/rediscloud_acl_role.md +++ b/docs/data-sources/rediscloud_acl_role.md @@ -29,14 +29,14 @@ output "rediscloud_acl_role" { * `id` - Identifier of the found Role. * `name` - The Role's name. -* `rules` - The Rules associated with the Role. +* `rule` - The Rules associated with the Role. -The `rules` list is made of objects with: +The `rule` block supports: * `name` - Name of the Rule. -* `databases` - a list of database association objects, documented below. +* `database` - a set of database association objects, documented below. -The `databases` list is made of objects with: +The `database` block supports: * `subscription` ID of the subscription containing the database. * `database` ID of the database to which the Rule should apply. diff --git a/docs/resources/rediscloud_acl_role.md b/docs/resources/rediscloud_acl_role.md index 54932959..da82cbb2 100644 --- a/docs/resources/rediscloud_acl_role.md +++ b/docs/resources/rediscloud_acl_role.md @@ -14,18 +14,18 @@ Creates a Role in your Redis Enterprise Cloud Account. ```hcl resource "rediscloud_acl_role" "role-resource-implicit" { name = "fast-admin" - rules { + rule { # An implicit dependency is recommended name = rediscloud_acl_role.cache_reader.name # Implicit dependencies used throughout - databases { + database { subscription = rediscloud_active_active_subscription_database.subscription-resource-1.id database = rediscloud_active_active_subscription_database.database-resource-1.db_id regions = [ for r in rediscloud_active_active_subscription_database.database-resource-1.override_region : r.name ] } - databases { + database { subscription = rediscloud_subscription.subscription-resource-2.id database = rediscloud_subscription_database.database-resource-2.db_id } @@ -34,10 +34,10 @@ resource "rediscloud_acl_role" "role-resource-implicit" { resource "rediscloud_acl_role" "role-resource-explicit" { name = "fast-admin" - rules { + rule { name = "cache-reader" # Active-Active database omitted for brevity - databases { + database { subscription = 123456 database = 9830 } @@ -59,15 +59,15 @@ The following arguments are supported: referred to by name (and not ID), this could break existing references. See the [User](rediscloud_acl_user.md) resource documentation.** -* `rules` - (Required, minimum 1) A list of rule association objects, documented below. +* `rule` - (Required, minimum 1) A set of rule association objects, documented below. -The `rules` list supports: +The `rule` block supports: * `name` (Required) - Name of the Rule. It is recommended an implicit dependency is used here. `depends_on` could be used instead by waiting for a Rule resource with a matching `name`. -* `databases` - (Required, minimum 1) a list of database association objects, documented below. +* `database` - (Required, minimum 1) a set of database association objects, documented below. -The `databases` list supports: +The `database` block supports: * `subscription` (Required) - ID of the subscription containing the database. * `database` (Required) - ID of the database to which the Rule should apply. @@ -86,14 +86,14 @@ specify [timeouts](https://www.terraform.io/language/resources/syntax#operation- * `id` - Identifier of the Role created. * `name` - The Role's name. -* `rules` - The Rules associated with the Role. +* `rule` - The Rules associated with the Role. -The `rules` list is made of objects with: +The `rule` block supports: * `name` - Name of the Rule. -* `databases` - a list of database association objects, documented below. +* `database` - The Databases the Rule applies to. -The `databases` list is made of objects with: +The `database` block supports: * `subscription` ID of the subscription containing the database. * `database` ID of the database to which the Rule should apply. diff --git a/go.mod b/go.mod index 4314a1b5..8e485531 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/RedisLabs/terraform-provider-rediscloud go 1.19 require ( - github.com/RedisLabs/rediscloud-go-api v0.5.2 + github.com/RedisLabs/rediscloud-go-api v0.5.3 github.com/bflad/tfproviderlint v0.29.0 github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 diff --git a/go.sum b/go.sum index d4c5ed16..95e2249a 100644 --- a/go.sum +++ b/go.sum @@ -7,8 +7,8 @@ github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/RedisLabs/rediscloud-go-api v0.5.2 h1:wwfUEbrH2oMOwk32ZLQpu/cVYpAgHsp1oqX40+ro/ns= -github.com/RedisLabs/rediscloud-go-api v0.5.2/go.mod h1:cfuU+p/rgB+TObm0cq+AkyxwXWra8JOrPLKKj+nv7lM= +github.com/RedisLabs/rediscloud-go-api v0.5.3 h1:m2yKijrLfrNLmXBW8K7y2bfxbFXfsvnB0zVtx7JUaCo= +github.com/RedisLabs/rediscloud-go-api v0.5.3/go.mod h1:cfuU+p/rgB+TObm0cq+AkyxwXWra8JOrPLKKj+nv7lM= github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= diff --git a/provider/datasource_rediscloud_acl_role.go b/provider/datasource_rediscloud_acl_role.go index e10f14ec..e8f337d3 100644 --- a/provider/datasource_rediscloud_acl_role.go +++ b/provider/datasource_rediscloud_acl_role.go @@ -20,7 +20,7 @@ func dataSourceRedisCloudAclRole() *schema.Resource { Type: schema.TypeString, Required: true, }, - "rules": { + "rule": { Description: "This Role's permissions and the databases to which they apply", Type: schema.TypeSet, Computed: true, @@ -31,7 +31,7 @@ func dataSourceRedisCloudAclRole() *schema.Resource { Type: schema.TypeString, Computed: true, }, - "databases": { + "database": { Description: "The databases to which this Rule applies", Type: schema.TypeSet, Computed: true, @@ -95,7 +95,7 @@ func dataSourceRedisCloudAclRoleRead(ctx context.Context, d *schema.ResourceData if err := d.Set("name", redis.StringValue(role.Name)); err != nil { return diag.FromErr(err) } - if err := d.Set("rules", flattenRules(role.RedisRules)); err != nil { + if err := d.Set("rule", flattenRules(role.RedisRules)); err != nil { return diag.FromErr(err) } diff --git a/provider/datasource_rediscloud_acl_role_test.go b/provider/datasource_rediscloud_acl_role_test.go index 007c3f05..4b4bbe64 100644 --- a/provider/datasource_rediscloud_acl_role_test.go +++ b/provider/datasource_rediscloud_acl_role_test.go @@ -40,12 +40,12 @@ func TestAccDataSourceRedisCloudAclRole_Default(t *testing.T) { resource.TestMatchResourceAttr( "data.rediscloud_acl_role.test", "id", regexp.MustCompile("^\\d*$")), resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "name", testName), - resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rules.#", "1"), - resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rules.0.name", "Read-Only"), - resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rules.0.databases.#", "1"), - resource.TestMatchResourceAttr("data.rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")), - resource.TestMatchResourceAttr("data.rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")), - resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "0"), + resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rule.#", "1"), + resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rule.0.name", "Read-Only"), + resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rule.0.database.#", "1"), + resource.TestMatchResourceAttr("data.rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")), + resource.TestMatchResourceAttr("data.rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")), + resource.TestCheckResourceAttr("data.rediscloud_acl_role.test", "rule.0.database.0.regions.#", "0"), ), }, }, @@ -105,9 +105,9 @@ resource "rediscloud_subscription_database" "example" { resource "rediscloud_acl_role" "test" { name = "%s" - rules { + rule { name = "Read-Only" - databases { + database { subscription = rediscloud_subscription.example.id database = rediscloud_subscription_database.example.db_id } diff --git a/provider/datasource_rediscloud_acl_user_test.go b/provider/datasource_rediscloud_acl_user_test.go index c6a1d697..a9022941 100644 --- a/provider/datasource_rediscloud_acl_user_test.go +++ b/provider/datasource_rediscloud_acl_user_test.go @@ -105,9 +105,9 @@ resource "rediscloud_subscription_database" "example" { resource "rediscloud_acl_role" "example" { name = "%s" - rules { + rule { name = "Read-Only" - databases { + database { subscription = rediscloud_subscription.example.id database = rediscloud_subscription_database.example.db_id } diff --git a/provider/resource_rediscloud_acl_role.go b/provider/resource_rediscloud_acl_role.go index b8ee47c8..2ee30aa1 100644 --- a/provider/resource_rediscloud_acl_role.go +++ b/provider/resource_rediscloud_acl_role.go @@ -38,7 +38,7 @@ func resourceRedisCloudAclRole() *schema.Resource { Type: schema.TypeString, Required: true, }, - "rules": { + "rule": { Description: "A set of rules which apply to the role", Type: schema.TypeSet, Required: true, @@ -50,7 +50,7 @@ func resourceRedisCloudAclRole() *schema.Resource { Type: schema.TypeString, Required: true, }, - "databases": { + "database": { Description: "A set of databases to whom this rule applies within the role", Type: schema.TypeSet, Required: true, @@ -133,7 +133,7 @@ func resourceRedisCloudAclRoleRead(ctx context.Context, d *schema.ResourceData, if err := d.Set("name", redis.StringValue(role.Name)); err != nil { return diag.FromErr(err) } - if err := d.Set("rules", flattenRules(role.RedisRules)); err != nil { + if err := d.Set("rule", flattenRules(role.RedisRules)); err != nil { return diag.FromErr(err) } return diags @@ -147,7 +147,7 @@ func resourceRedisCloudAclRoleUpdate(ctx context.Context, d *schema.ResourceData return diag.FromErr(err) } - if d.HasChanges("name", "rules") { + if d.HasChanges("name", "rule") { updateRoleRequest := roles.CreateRoleRequest{} name := d.Get("name").(string) @@ -214,14 +214,14 @@ func resourceRedisCloudAclRoleDelete(ctx context.Context, d *schema.ResourceData func extractRules(d *schema.ResourceData) []*roles.CreateRuleInRoleRequest { associateWithRules := make([]*roles.CreateRuleInRoleRequest, 0) - rules := d.Get("rules").(*schema.Set).List() + rules := d.Get("rule").(*schema.Set).List() for _, rule := range rules { ruleMap := rule.(map[string]interface{}) ruleName := ruleMap["name"].(string) associateWithDatabases := make([]*roles.CreateDatabaseInRuleInRoleRequest, 0) - databases := ruleMap["databases"].(*schema.Set).List() + databases := ruleMap["database"].(*schema.Set).List() for _, database := range databases { databaseMap := database.(map[string]interface{}) @@ -258,8 +258,8 @@ func flattenRules(rules []*roles.GetRuleInRoleResponse) []map[string]interface{} for _, rule := range rules { tf := map[string]interface{}{ - "name": redis.StringValue(rule.RuleName), - "databases": flattenDatabases(rule.Databases), + "name": redis.StringValue(rule.RuleName), + "database": flattenDatabases(rule.Databases), } tfs = append(tfs, tf) } diff --git a/provider/resource_rediscloud_acl_role_test.go b/provider/resource_rediscloud_acl_role_test.go index d93af16c..a01e0bf0 100644 --- a/provider/resource_rediscloud_acl_role_test.go +++ b/provider/resource_rediscloud_acl_role_test.go @@ -41,12 +41,12 @@ func TestAccCreateReadUpdateImportDeleteAclRole_Flexible(t *testing.T) { Config: testCreateTerraform, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("rediscloud_acl_role.test", "name", testRoleName), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.#", "1"), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.name", exampleRuleName), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.#", "1"), - resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")), - resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "0"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.#", "1"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.name", exampleRuleName), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.#", "1"), + resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")), + resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.#", "0"), // Test role exists func(s *terraform.State) error { @@ -76,12 +76,12 @@ func TestAccCreateReadUpdateImportDeleteAclRole_Flexible(t *testing.T) { Config: testUpdateTerraform, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("rediscloud_acl_role.test", "name", testRoleName+"-updated"), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.#", "1"), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.name", exampleRuleName), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.#", "1"), - resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")), - resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "0"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.#", "1"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.name", exampleRuleName), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.#", "1"), + resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")), + resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.#", "0"), ), }, // Test that the role is imported successfully @@ -120,14 +120,14 @@ func TestAccCreateReadUpdateImportDeleteAclRole_ActiveActive(t *testing.T) { Config: testCreateTerraform, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("rediscloud_acl_role.test", "name", testRoleName), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.#", "1"), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.name", "Read-Only"), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.#", "1"), - resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")), - resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "2"), - resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.*", "us-east-1"), - resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.*", "us-east-2"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.#", "1"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.name", "Read-Only"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.#", "1"), + resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")), + resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.#", "2"), + resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.*", "us-east-1"), + resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.*", "us-east-2"), // Test role exist func(s *terraform.State) error { @@ -157,14 +157,14 @@ func TestAccCreateReadUpdateImportDeleteAclRole_ActiveActive(t *testing.T) { Config: testUpdateTerraform, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("rediscloud_acl_role.test", "name", testRoleName+"-updated"), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.#", "1"), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.name", "Read-Only"), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.#", "1"), - resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.subscription", regexp.MustCompile("^\\d*$")), - resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.database", regexp.MustCompile("^\\d*$")), - resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.#", "2"), - resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.*", "us-east-1"), - resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rules.0.databases.0.regions.*", "us-east-2"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.#", "1"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.name", "Read-Only"), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.#", "1"), + resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.subscription", regexp.MustCompile("^\\d*$")), + resource.TestMatchResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.database", regexp.MustCompile("^\\d*$")), + resource.TestCheckResourceAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.#", "2"), + resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.*", "us-east-1"), + resource.TestCheckTypeSetElemAttr("rediscloud_acl_role.test", "rule.0.database.0.regions.*", "us-east-2"), ), }, // Test that the role is imported successfully @@ -188,9 +188,9 @@ resource "rediscloud_acl_rule" "example" { const testRole = ` resource "rediscloud_acl_role" "test" { name = "%s" - rules { + rule { name = rediscloud_acl_rule.example.name - databases { + database { subscription = rediscloud_subscription.example.id database = rediscloud_subscription_database.example.db_id } @@ -201,9 +201,9 @@ resource "rediscloud_acl_role" "test" { const testAADatabaseRole = ` resource "rediscloud_acl_role" "test" { name = "%s" - rules { + rule { name = "Read-Only" - databases { + database { subscription = rediscloud_active_active_subscription.example.id database = rediscloud_active_active_subscription_database.example.db_id regions = [ diff --git a/provider/resource_rediscloud_acl_user_test.go b/provider/resource_rediscloud_acl_user_test.go index 4d16f88d..53d5101f 100644 --- a/provider/resource_rediscloud_acl_user_test.go +++ b/provider/resource_rediscloud_acl_user_test.go @@ -201,9 +201,9 @@ func TestAccResourceRedisCloudAclUser_NewPassword(t *testing.T) { const referencableRole = ` resource "rediscloud_acl_role" "example" { name = "%s" - rules { + rule { name = "Read-Only" - databases { + database { subscription = rediscloud_subscription.example.id database = rediscloud_subscription_database.example.db_id }