Allow roles to be updated

datastax · Jun 17, 2022 · f01fe33 · f01fe33
1 parent b7d4618
commit f01fe33
Showing 1 changed file with 71 additions and 7 deletions.
diff --git a/internal/provider/resource_role.go b/internal/provider/resource_role.go
@@ -17,6 +17,7 @@ func resourceRole() *schema.Resource {
 		CreateContext: resourceRoleCreate,
 		ReadContext:   resourceRoleRead,
 		DeleteContext: resourceRoleDelete,
+		UpdateContext: resourceRoleUpdate,
 
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
@@ -34,19 +35,16 @@ func resourceRole() *schema.Resource {
 				Description:  "Role description",
 				Type:         schema.TypeString,
 				Required:     true,
-				ForceNew: true,
 			},
 			"effect": {
 				Description:  "Role effect",
 				Type:         schema.TypeString,
 				Required:     true,
-				ForceNew: true,
 			},
 			"resources": {
 				Description:  "Resources for which role is applicable (format is \"drn:astra:org:<org UUID>\", followed by optional resource criteria. See example usage above).",
 				Type:         schema.TypeList,
 				Required:     true,
-				ForceNew: true,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 					ValidateDiagFunc: validateRoleResources,
@@ -57,7 +55,6 @@ func resourceRole() *schema.Resource {
 				Description:  "List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.",
 				Type:         schema.TypeList,
 				Required:     true,
-				ForceNew:     true,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
@@ -75,16 +72,13 @@ func resourceRole() *schema.Resource {
 func resourceRoleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(astraClients).astraClient.(*astra.ClientWithResponses)
 
-
 	roleName := d.Get("role_name").(string)
 	description := d.Get("description").(string)
 	effect := d.Get("effect").(string)
 	resourcesRaw := d.Get("resources").([]interface{})
 	policyRaw := d.Get("policy")
 
 	actions := policyRaw.([]interface{})
-
-
 	resourcesList := make([]string, len(resourcesRaw))
 	actionsList := make([]astra.PolicyAction, len(actions))
 
@@ -171,6 +165,64 @@ func resourceRoleRead(ctx context.Context, d *schema.ResourceData, meta interfac
 	return nil
 }
 
+func resourceRoleUpdate(ctx context.Context, resourceData *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(astraClients).astraClient.(*astra.ClientWithResponses)
+	id := resourceData.Id()
+
+	// fetch the role
+	roleID, err := parseRoleID(id)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	oldRole, err := listRole(ctx, client, roleID)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	roleName := resourceData.Get("role_name").(string)
+	description := resourceData.Get("description").(string)
+	effect := resourceData.Get("effect").(string)
+	resourcesRaw := resourceData.Get("resources").([]interface{})
+	policyRaw := resourceData.Get("policy")
+
+	actions := policyRaw.([]interface{})
+	resourcesList := make([]string, len(resourcesRaw))
+	actionsList := make([]astra.PolicyAction, len(actions))
+
+	for k, v := range resourcesRaw {
+		resourcesList[k] = v.(string)
+	}
+	for k, v := range policyRaw.([]interface{}) {
+		actionsList[k] = astra.PolicyAction(v.(string))
+	}
+	policy := astra.Policy{
+		Actions:     actionsList,
+		Description: description,
+		Effect:      astra.PolicyEffect(effect),
+		Resources:   resourcesList,
+	}
+
+	roleJSON := astra.UpdateRoleJSONRequestBody{
+		Name:   roleName,
+		Policy: policy,
+	}
+	resp, err := client.UpdateRoleWithResponse(ctx,
+		roleID,
+		roleJSON,
+	)
+
+	if err != nil {
+		revertRole(oldRole, resourceData)
+		return diag.FromErr(err)
+	} else if resp.StatusCode() >= 400 {
+		revertRole(oldRole, resourceData)
+		return diag.Errorf("error adding role to org: Status: %s, %s", resp.Status(), resp.Body)
+	}
+
+	return nil
+}
+
 func setRoleData(d *schema.ResourceData, roleID string) error {
 	d.SetId(fmt.Sprintf("%s", roleID))
 
@@ -188,3 +240,15 @@ func parseRoleID(id string) (string, error) {
 	}
 	return idParts[0],  nil
 }
+
+func revertRole(oldRole map[string]interface{}, resourceData *schema.ResourceData) {
+	oldRolePolicy := oldRole["policy"].(map[string]interface{})
+	oldDescription := oldRolePolicy["description"]
+	oldEffect := oldRolePolicy["effect"]
+	oldResources := oldRolePolicy["resources"]
+	oldPolicy := oldRolePolicy["actions"]
+	resourceData.Set("description", oldDescription)
+	resourceData.Set("effect", oldEffect)
+	resourceData.Set("resources", oldResources)
+	resourceData.Set("policy", oldPolicy)
+}