tf_module access_control and examples

codefresh/provider.go

@@ -22,8 +22,7 @@ func Provider() *schema.Provider {
 			},
 			"token": {
 				Type:        schema.TypeString,
-				Required:    true,
-				DefaultFunc: schema.EnvDefaultFunc("CODEFRESH_API_KEY", ""),
+				Optional: true,				
 			},
 		},
 		DataSourcesMap: map[string]*schema.Resource{
@@ -49,6 +48,8 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) {
 
 	apiURL := d.Get("api_url").(string)
 	token := d.Get("token").(string)
-
+	if token == "" {
+		token = os.Getenv("CODEFRESH_API_KEY")
+	}
 	return cfClient.NewClient(apiURL, token), nil
 }

codefresh/resource_account.go

@@ -53,6 +53,7 @@ func resourceAccount() *schema.Resource {
 						"data_retention_weeks": {
 							Type:     schema.TypeInt,
 							Optional: true,
+							Default: 5,
 						},
 					},
 				},
@@ -68,6 +69,7 @@ func resourceAccount() *schema.Resource {
 						},
 						"nodes": {
 							Type:     schema.TypeInt,
+							Default: 1,
 							Optional: true,
 						},
 					},

docs/resources/account.md

@@ -18,6 +18,14 @@ resource "codefresh_account" "test" {
     parallel = 27
   }
 
+  features = {
+    OfflineLogging = true,
+    ssoManagement = true,
+    teamsManagement = true,
+    abac = true,
+    customKubernetesCluster = true,
+    launchDarklyManagement = false,
+  }
 }
 ```
 
@@ -26,7 +34,7 @@ resource "codefresh_account" "test" {
 - `name` - (Required) The display name for the account.
 - `limits` - (Optional) A collection of `limits` blocks as documented below.
 - `build` -  (Optional) A collection of `build` blocks as documented below.
-
+- `features` - (Optional) map of supported features toggles 
 ---
 
 `limits` supports the following:

tf_modules/access_control/main.tf

@@ -0,0 +1,69 @@
+data "codefresh_idps" "idps" {
+  for_each = var.default_idps
+  _id = lookup(each.value, "_id", "")
+  display_name = lookup(each.value, "display_name", "")
+  client_name = lookup(each.value, "client_name", "")
+  client_type = lookup(each.value, "client_type", "")
+}
+
+resource "codefresh_account" "acc" {
+  for_each = var.accounts
+  name = each.key
+
+  features = var.default_account_features
+
+  limits {
+    collaborators = lookup(var.default_acccount_limits, "collaborators", 10)
+  }
+
+  build {
+    parallel = lookup(var.default_acccount_limits, "parallel_builds", 1)
+  }
+
+}
+
+resource "codefresh_idp_accounts" "acc_idp" {
+  for_each = var.default_idps
+  idp_id = data.codefresh_idps.idps[each.key].id
+  account_ids = values(codefresh_account.acc)[*].id 
+}
+
+resource "codefresh_user" "users" {
+  for_each = var.users
+  user_name = each.key
+  email = each.value.email
+
+  accounts = [
+    for acc_name in each.value.accounts: codefresh_account.acc[acc_name].id
+  ]
+
+  activate = true
+
+  roles = each.value.global_admin ? ["Admin","User"] : ["User"]
+
+  dynamic "login" {
+    for_each = var.default_idps
+    content {
+      idp_id = data.codefresh_idps.idps[login.key].id
+      sso = login.value.sso
+    }      
+  }
+
+  personal {
+    first_name = each.value.personal.first_name
+    last_name = each.value.personal.last_name
+  }
+}
+
+resource "codefresh_account_admins" "acc_admins" {
+  for_each = toset(flatten([
+    for u in var.users:
+      u.admin_of_accounts if length(u.admin_of_accounts) > 0
+  ]))
+
+  account_id = codefresh_account.acc[each.value].id
+  users = [
+      for k, u in var.users:
+        codefresh_user.users[k].id if contains(u.admin_of_accounts, each.key) 
+  ]
+}

tf_modules/access_control/output.tf

@@ -0,0 +1,14 @@
+output "idps" {
+  value = {
+    for idp in data.codefresh_idps.idps:
+      idp.id => { client_name = idp.client_name,
+                  display_name = idp.display_name 
+                }
+  }  
+}
+output "accounts" {
+  value = {
+    for acc in codefresh_account.acc:
+      acc.id => acc.name   
+  }
+}

tf_modules/access_control/provider.tf

@@ -0,0 +1,4 @@
+provider "codefresh" {
+  api_url = var.api_url
+  token = var.token
+}

tf_modules/access_control/vars.tf

@@ -0,0 +1,81 @@
+variable api_url {
+  type = string
+}
+
+# 
+variable token {
+  type = string
+  default = ""
+}
+
+variable default_account_features {
+  type = map(any)
+  default = {
+    OfflineLogging = true,
+    ssoManagement = true,
+    teamsManagement = true,
+    abac = true,
+    customKubernetesCluster = true,
+    launchDarklyManagement = false,
+  }
+}
+
+variable default_acccount_limits {
+    type = map(any)
+    default = {
+        collaborators = 100
+        parallel_builds = 10
+    }
+}
+
+variable default_idps {
+    type = map(any)   
+    default = {
+        local  = { 
+            display_name = "local"
+            sso = false
+        }
+    } 
+}
+
+# map of accounts indexed by unique account name
+# accounts = {
+#     acc1 = {
+#    }
+#     acc2 = {
+#         limits = {
+#             collaborators = 50
+#             parallel_builds = 5
+#         }
+#     }
+# }
+variable accounts {
+  type = map(any)
+}
+
+# map of users:
+# users = {
+#     user1 = {
+#          email = "[email protected]"
+#          personal = {
+#              first_name = "Q"
+#              last_name = "D"
+#          }
+#          accounts = ["acc1", "acc2"]
+#          global_admin = false
+#      }
+#     user2 = {
+
+#         email = "[email protected]"
+#         personal = {
+#             first_name = "Q"
+#             last_name = "D"
+#         }
+#         accounts = ["acc1", "acc2"]
+#         global_admin = true
+#     }
+# }
+variable users {
+  //type = map(any)
+}
+