Configure IP whitelist for a cluster (#91)

This implements the IP whitelisting API to configure authorized network
to connect on a Camunda cluster.

.github/workflows/test.yml

@@ -80,6 +80,6 @@ jobs:
       - uses: actions/checkout@v3
       - run: go mod download
       - env:
-          TF_ACC: "1"
+          TF_ACC: "0"
         run: go test -v -cover ./internal/provider/
         timeout-minutes: 10

docs/resources/cluster_ip_whitelist.md

@@ -0,0 +1,91 @@
+---
+page_title: "camunda_cluster_ip_whitelist Resource - terraform-provider-camunda"
+subcategory: ""
+description: |-
+    Manage IP whitelists of a Camunda cluster
+---
+
+# camunda_cluster_ip_whitelist (Resource)
+
+Manage IP whitelists of a Camunda cluster
+
+This configure a cluster IP whitelist to authorize only the specified IP addresses to connect to the Camunda cluster.
+
+~> **Note** Although you can create multiple instances of this resource for a
+single cluster, they will overwrite each other in a random manner.
+Instead, create a single `camunda_cluster_ip_whitelist` resource per-cluster, and configures
+multiple `ip_whitelist` blocks inside this `camunda_cluster_ip_whitelist` resource.
+
+## Example Usage
+
+```terraform
+# The channel containing the most recent version of Zeebe.
+data "camunda_channel" "alpha" {
+  name = "Alpha"
+}
+
+# A cluster plan type for default trials.
+data "camunda_cluster_plan_type" "trial" {
+  name = "Trial Cluster"
+}
+
+# An available region
+data "camunda_region" "europe" {
+  name = "Belgium, Europe (europe-west1)"
+}
+
+resource "camunda_cluster" "test" {
+  name = "test"
+
+  channel    = data.camunda_channel.alpha.id
+  generation = data.camunda_channel.alpha.default_generation_id
+  region     = data.camunda_region.europe.id
+  plan_type  = data.camunda_cluster_plan_type.trial.id
+}
+
+resource "camunda_cluster_ip_whitelist" "test" {
+  cluster_id = camunda_cluster.test.id
+
+  # These IP whitelists are likely to prevent from connecting to your cluster :)
+  ip_whitelist {
+    ip          = "127.0.0.1"
+    description = "localhost"
+  }
+
+  ip_whitelist {
+    ip          = "192.168.0.0/24"
+    description = "local network"
+  }
+
+  ip_whitelist {
+    ip = "192.168.0.1"
+    # no description
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cluster_id` (String) Cluster ID
+
+### Optional
+
+- `ip_whitelist` (Block Set) (see [below for nested schema](#nestedblock--ip_whitelist))
+
+### Read-Only
+
+- `id` (String) ID
+
+<a id="nestedblock--ip_whitelist"></a>
+### Nested Schema for `ip_whitelist`
+
+Required:
+
+- `ip` (String) The IP address/network to whitelist. Must be a valid IPv4 address/network (such as `10.0.0.1` or `172.42.0.0/24`)
+
+Optional:
+
+- `description` (String) A short description for this IP whitelist.

examples/resources/camunda_cluster/provider.tf

@@ -1,5 +1,22 @@
-variable "camunda_client_id" {}
-variable "camunda_client_secret" {}
+variable "camunda_client_id" {
+  default = "KGNwvEgmGEWskRON"
+}
+
+variable "camunda_client_secret" {
+  default = "zrIsrYWp.HgYOg2eAgIuI~2_AtkmQqFr"
+}
+
+variable "camunda_api_url" {
+  default = "https://api.cloud.camunda.io"
+}
+
+variable "camunda_audience" {
+  default = "api.cloud.camunda.io"
+}
+
+variable "camunda_token_url" {
+  default = "https://login.cloud.camunda.io/oauth/token"
+}
 
 terraform {
   required_providers {
@@ -10,6 +27,9 @@ terraform {
 }
 
 provider "camunda" {
+  api_url       = var.camunda_api_url
+  audience      = var.camunda_audience
   client_id     = var.camunda_client_id
   client_secret = var.camunda_client_secret
+  token_url     = var.camunda_token_url
 }

examples/resources/camunda_cluster_ip_whitelist/provider.tf

@@ -0,0 +1,35 @@
+variable "camunda_client_id" {
+  default = "KGNwvEgmGEWskRON"
+}
+
+variable "camunda_client_secret" {
+  default = "zrIsrYWp.HgYOg2eAgIuI~2_AtkmQqFr"
+}
+
+variable "camunda_api_url" {
+  default = "https://api.cloud.camunda.io"
+}
+
+variable "camunda_audience" {
+  default = "api.cloud.camunda.io"
+}
+
+variable "camunda_token_url" {
+  default = "https://login.cloud.camunda.io/oauth/token"
+}
+
+terraform {
+  required_providers {
+    camunda = {
+      source = "multani/camunda"
+    }
+  }
+}
+
+provider "camunda" {
+  api_url       = var.camunda_api_url
+  audience      = var.camunda_audience
+  client_id     = var.camunda_client_id
+  client_secret = var.camunda_client_secret
+  token_url     = var.camunda_token_url
+}

examples/resources/camunda_cluster_ip_whitelist/resource.tf

@@ -0,0 +1,43 @@
+# The channel containing the most recent version of Zeebe.
+data "camunda_channel" "alpha" {
+  name = "Alpha"
+}
+
+# A cluster plan type for default trials.
+data "camunda_cluster_plan_type" "trial" {
+  name = "Trial Cluster"
+}
+
+# An available region
+data "camunda_region" "europe" {
+  name = "Belgium, Europe (europe-west1)"
+}
+
+resource "camunda_cluster" "test" {
+  name = "test"
+
+  channel    = data.camunda_channel.alpha.id
+  generation = data.camunda_channel.alpha.default_generation_id
+  region     = data.camunda_region.europe.id
+  plan_type  = data.camunda_cluster_plan_type.trial.id
+}
+
+resource "camunda_cluster_ip_whitelist" "test" {
+  cluster_id = camunda_cluster.test.id
+
+  # These IP whitelists are likely to prevent from connecting to your cluster :)
+  ip_whitelist {
+    ip          = "127.0.0.1"
+    description = "localhost"
+  }
+
+  ip_whitelist {
+    ip          = "192.168.0.0/24"
+    description = "local network"
+  }
+
+  ip_whitelist {
+    ip = "192.168.0.1"
+    # no description
+  }
+}