From 27197826a24ab09fb07bf7e8eadb65b5fc4626e2 Mon Sep 17 00:00:00 2001 From: hkantare Date: Fri, 31 May 2024 15:45:54 +0530 Subject: [PATCH] Add support for role 'NONE' --- ibm/flex/structures.go | 10 +++- .../data_source_ibm_resource_key_test.go | 8 +-- .../resource_ibm_resource_key.go | 5 +- .../resource_ibm_resource_key_test.go | 50 ++++++++++++++++++- website/docs/r/resource_key.html.markdown | 2 +- 5 files changed, 66 insertions(+), 9 deletions(-) diff --git a/ibm/flex/structures.go b/ibm/flex/structures.go index f5e1c525d8e..a8ed56381ab 100644 --- a/ibm/flex/structures.go +++ b/ibm/flex/structures.go @@ -3431,6 +3431,14 @@ func FindRoleByName(supported []iampolicymanagementv1.PolicyRole, name string) ( } } } + if name == "NONE" { + name := "NONE" + r := iampolicymanagementv1.PolicyRole{ + DisplayName: &name, + RoleID: &name, + } + return r, nil + } supportedRoles := getSupportedRolesStr(supported) return iampolicymanagementv1.PolicyRole{}, bmxerror.New("RoleDoesnotExist", fmt.Sprintf("%s was not found. Valid roles are %s", name, supportedRoles)) @@ -3453,7 +3461,7 @@ func FindRoleByCRN(supported []iampolicymanagementv1.PolicyRole, crn string) (ia } func getSupportedRolesStr(supported []iampolicymanagementv1.PolicyRole) string { - rolesStr := "" + rolesStr := "NONE, " for index, role := range supported { if index != 0 { rolesStr += ", " diff --git a/ibm/service/resourcecontroller/data_source_ibm_resource_key_test.go b/ibm/service/resourcecontroller/data_source_ibm_resource_key_test.go index 8db60b2fb9a..30414009638 100644 --- a/ibm/service/resourcecontroller/data_source_ibm_resource_key_test.go +++ b/ibm/service/resourcecontroller/data_source_ibm_resource_key_test.go @@ -25,10 +25,10 @@ func TestAccIBMResourceKeyDataSource_basic(t *testing.T) { Config: testAccCheckIBMResourceKeyDataSourceConfig(resourceName, resourceKey), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key", "name", resourceKey), - resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key", "credentials.%", "7"), + resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key", "credentials.%", "8"), resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key", "role", "Writer"), resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key1", "name", resourceKey), - resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key1", "credentials.%", "7"), + resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key1", "credentials.%", "8"), resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key1", "role", "Writer"), ), }, @@ -48,9 +48,9 @@ func TestAccIBMResourceKeyDataSource_mostrecent(t *testing.T) { Config: testAccCheckIBMResourceKeyDataSourceConfigRecent(resourceName, resourceKey), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key", "name", resourceKey), - resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key", "credentials.%", "7"), + resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key", "credentials.%", "8"), resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key1", "name", resourceKey), - resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key1", "credentials.%", "7"), + resource.TestCheckResourceAttr("data.ibm_resource_key.testacc_ds_resource_key1", "credentials.%", "8"), ), }, }, diff --git a/ibm/service/resourcecontroller/resource_ibm_resource_key.go b/ibm/service/resourcecontroller/resource_ibm_resource_key.go index de1d2dba561..55e3a83ded1 100644 --- a/ibm/service/resourcecontroller/resource_ibm_resource_key.go +++ b/ibm/service/resourcecontroller/resource_ibm_resource_key.go @@ -45,6 +45,7 @@ func ResourceIBMResourceKey() *schema.Resource { "role": { Type: schema.TypeString, Optional: true, + Computed: true, ForceNew: true, Description: "Name of the user role.Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, Editor and Custom Roles.", // ValidateFunc: validateRole, @@ -270,7 +271,9 @@ func resourceIBMResourceKeyCreate(d *schema.ResourceData, meta interface{}) erro if err != nil { return fmt.Errorf("[ERROR] Error creating resource key when get role: %s", err) } - keyParameters.SetProperty("role_crn", serviceRole.RoleID) + if role != "NONE" { + keyParameters.SetProperty("role_crn", serviceRole.RoleID) + } resourceKeyCreate.Role = serviceRole.RoleID } diff --git a/ibm/service/resourcecontroller/resource_ibm_resource_key_test.go b/ibm/service/resourcecontroller/resource_ibm_resource_key_test.go index 99aebcd523b..a189af59c19 100644 --- a/ibm/service/resourcecontroller/resource_ibm_resource_key_test.go +++ b/ibm/service/resourcecontroller/resource_ibm_resource_key_test.go @@ -31,7 +31,7 @@ func TestAccIBMResourceKey_Basic(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckIBMResourceKeyExists("ibm_resource_key.resourceKey"), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "name", resourceKey), - resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "credentials.%", "7"), + resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "credentials.%", "8"), resource.TestCheckResourceAttrSet("ibm_resource_key.resourceKey", "credentials_json"), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "role", "Reader"), ), @@ -114,7 +114,7 @@ func TestAccIBMResourceKey_WithCustomRole(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckIBMResourceKeyExists("ibm_resource_key.resourceKey"), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "name", resourceKey), - resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "credentials.%", "7"), + resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "credentials.%", "8"), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "role", displayName), ), }, @@ -122,6 +122,35 @@ func TestAccIBMResourceKey_WithCustomRole(t *testing.T) { }) } +func TestAccIBMResourceKeyWithRoleNone(t *testing.T) { + resourceName := fmt.Sprintf("tf-cos-%d", acctest.RandIntRange(10, 100)) + resourceKey := fmt.Sprintf("tf-cos-%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMResourceKeyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMResourceKeyRoleNone(resourceName, resourceKey), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMResourceKeyExists("ibm_resource_key.resourceKey"), + resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "name", resourceKey), + resource.TestCheckResourceAttrSet("ibm_resource_key.resourceKey", "credentials_json"), + resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "role", "NONE"), + ), + }, + { + ResourceName: "ibm_resource_key.resourceKey", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "resource_instance_id", "resource_alias_id", "role"}, + }, + }, + }) +} + func testAccCheckIBMResourceKeyExists(n string) resource.TestCheckFunc { return func(s *terraform.State) error { @@ -273,3 +302,20 @@ func testAccCheckIBMResourceKeyParameters(resourceName, resourceKey string) stri } `, resourceName, resourceKey) } + +func testAccCheckIBMResourceKeyRoleNone(resourceName, resourceKey string) string { + return fmt.Sprintf(` + + resource "ibm_resource_instance" "resource" { + name = "%s" + service = "cloud-object-storage" + plan = "standard" + location = "global" + } + resource "ibm_resource_key" "resourceKey" { + name = "%s" + resource_instance_id = ibm_resource_instance.resource.id + role = "NONE" + } + `, resourceName, resourceKey) +} diff --git a/website/docs/r/resource_key.html.markdown b/website/docs/r/resource_key.html.markdown index 60d29e2e660..09c047b6968 100644 --- a/website/docs/r/resource_key.html.markdown +++ b/website/docs/r/resource_key.html.markdown @@ -137,7 +137,7 @@ Review the argument references that you can specify for your resource. - `name` - (Required, Forces new resource, String) A descriptive name used to identify a resource key. - `parameters` (Optional, Map) Arbitrary parameters to pass to the resource in JSON format. If you want to create service credentials by using the private service endpoint, include the `service-endpoints = "private"` parameter. -- `role` - (Optional, Forces new resource, String) The name of the user role. Valid roles are `Writer`, `Reader`, `Manager`, `Administrator`, `Operator`, `Viewer`, and `Editor`. This argument is Optional only during creation of service credentials for Cloud Databases and other non-IAM-enabled services and is Required for all other IAM-enabled services. +- `role` - (Optional, Forces new resource, String) The name of the user role. Valid roles are `NONE`,`Writer`, `Reader`, `Manager`, `Administrator`, `Operator`, `Viewer`, and `Editor`. This argument is Optional only during creation of service credentials for Cloud Databases and other non-IAM-enabled services and is Required for all other IAM-enabled services. - `resource_instance_id` - (Optional, Forces new resource, String) The ID of the resource instance associated with the resource key. **Note** Conflicts with `resource_alias_id`. - `resource_alias_id` - (Optional, Forces new resource, String) The ID of the resource alias associated with the resource key. **Note** Conflicts with `resource_instance_id`. - `tags` (Optional, Array of strings) Tags associated with the resource key instance. **Note** Tags are managed locally and not stored on the IBM Cloud Service Endpoint at this moment.