// Copyright (c) EZSCALE. // SPDX-License-Identifier: MPL-2.0 package provider import ( "context" "encoding/json" "fmt" "time" "terraform-provider-virtfusion/internal/client" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/mapplanmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/types" ) // Ensure provider-defined types fully satisfy framework interfaces. var ( _ resource.Resource = &UserAuthTokenResource{} _ resource.ResourceWithConfigure = &UserAuthTokenResource{} ) // NewUserAuthTokenResource creates a new user auth token resource. func NewUserAuthTokenResource() resource.Resource { return &UserAuthTokenResource{} } // UserAuthTokenResource defines the resource implementation. type UserAuthTokenResource struct { client *client.Client } // UserAuthTokenResourceModel describes the resource data model. type UserAuthTokenResourceModel struct { ID types.String `tfsdk:"id"` ExtRelationID types.String `tfsdk:"ext_relation_id"` Token types.String `tfsdk:"token"` URL types.String `tfsdk:"url"` Triggers types.Map `tfsdk:"triggers"` } func (r *UserAuthTokenResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_user_auth_token" } func (r *UserAuthTokenResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Generates an authentication token for a VirtFusion user. This is a trigger-style resource — the token is generated on create and can be re-generated by changing the `triggers` attribute.", Attributes: map[string]schema.Attribute{ "id": schema.StringAttribute{ MarkdownDescription: "The identifier for this auth token generation.", Computed: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, }, "ext_relation_id": schema.StringAttribute{ MarkdownDescription: "The external relation ID of the user to generate the auth token for.", Required: true, }, "token": schema.StringAttribute{ MarkdownDescription: "The generated authentication token.", Computed: true, Sensitive: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, }, "url": schema.StringAttribute{ MarkdownDescription: "The authentication URL for the generated token.", Computed: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, }, "triggers": schema.MapAttribute{ MarkdownDescription: "A map of arbitrary strings that, when changed, will cause the auth token to be re-generated. Works like `triggers` in `terraform_data`.", ElementType: types.StringType, Optional: true, PlanModifiers: []planmodifier.Map{ mapplanmodifier.RequiresReplace(), }, }, }, } } func (r *UserAuthTokenResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { if req.ProviderData == nil { return } c, ok := req.ProviderData.(*client.Client) if !ok { resp.Diagnostics.AddError( "Unexpected Resource Configure Type", fmt.Sprintf("Expected *client.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } r.client = c } func (r *UserAuthTokenResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var data UserAuthTokenResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return } apiPath := fmt.Sprintf("/users/%s/authenticationTokens", data.ExtRelationID.ValueString()) rawResp, err := r.client.Post(ctx, apiPath, nil) if err != nil { resp.Diagnostics.AddError( "Error Generating User Auth Token", fmt.Sprintf("Could not generate auth token for user with ext_relation_id %q: %s", data.ExtRelationID.ValueString(), err), ) return } // Parse the response for the token and URL. if rawResp != nil { var tokenResp client.AuthTokenResponse if jsonErr := json.Unmarshal(rawResp, &tokenResp); jsonErr == nil { data.Token = types.StringValue(tokenResp.Data.Token) data.URL = types.StringValue(tokenResp.Data.URL) } else { data.Token = types.StringValue("") data.URL = types.StringValue("") } } else { data.Token = types.StringValue("") data.URL = types.StringValue("") } data.ID = types.StringValue(fmt.Sprintf("%s-%d", data.ExtRelationID.ValueString(), time.Now().UnixNano())) resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *UserAuthTokenResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var data UserAuthTokenResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return } // Return stored state as-is for trigger-style resources. resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *UserAuthTokenResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var data UserAuthTokenResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return } resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *UserAuthTokenResource) Delete(_ context.Context, _ resource.DeleteRequest, _ *resource.DeleteResponse) { // No-op: auth tokens cannot be revoked via this resource. Removing from state only. }