Skip to content

Commit

Permalink
feat(resource): add aiven_kafka_native_acl resource (#1905)
Browse files Browse the repository at this point in the history
  • Loading branch information
roope-kar authored Dec 5, 2024
1 parent cd80891 commit 8bedefb
Show file tree
Hide file tree
Showing 9 changed files with 274 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ nav_order: 1
`organization:projects:write`, `organization:users:write`, `project:services:write`, `role:organization:admin`,
`role:services:maintenance`, `role:services:recover`, `service:data:write`, `service:secrets:read`,
`service:users:write`, remove `services:maintenance`
- Add `aiven_kafka_native_acl` resource

## [4.28.0] - 2024-10-21

Expand Down
47 changes: 47 additions & 0 deletions docs/resources/kafka_native_acl.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "aiven_kafka_native_acl Resource - terraform-provider-aiven"
subcategory: ""
description: |-
Manages native acls in kafka service https://aiven.io/docs/products/kafka/concepts/acl.
---

# aiven_kafka_native_acl (Resource)

Manages native acls in [kafka service](https://aiven.io/docs/products/kafka/concepts/acl).



<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `operation` (String) The operation. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
- `pattern_type` (String) Resource pattern used to match specified resources. The possible values are `LITERAL` and `PREFIXED`. Changing this property forces recreation of the resource.
- `permission_type` (String) The permission type. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
- `principal` (String) Principal is in type:name' format. Maximum length: `256`. Changing this property forces recreation of the resource.
- `project` (String) The name of the project this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
- `resource_name` (String) The kafka resource name. Maximum length: `256`. Changing this property forces recreation of the resource.
- `resource_type` (String) The kafka resource type. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
- `service_name` (String) The name of the service that this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.

### Optional

- `host` (String) The host or `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
- `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))

### Read-Only

- `id` (String) The ID of this resource.

<a id="nestedblock--timeouts"></a>
### Nested Schema for `timeouts`

Optional:

- `create` (String)
- `default` (String)
- `delete` (String)
- `read` (String)
- `update` (String)
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.23

require (
github.com/aiven/aiven-go-client/v2 v2.33.0
github.com/aiven/go-client-codegen v0.62.0
github.com/aiven/go-client-codegen v0.63.0
github.com/avast/retry-go v3.0.0+incompatible
github.com/dave/jennifer v1.7.1
github.com/docker/go-units v0.5.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -199,8 +199,8 @@ github.com/aiven/aiven-go-client/v2 v2.33.0 h1:7hsM3/2lVog/P9ls/gLeba5feNVQjK8rI
github.com/aiven/aiven-go-client/v2 v2.33.0/go.mod h1:qXBgER0dtjJa1V3l7kzpizuAGjFCkgahhHL5OpoM2ZM=
github.com/aiven/go-api-schemas v1.104.0 h1:RHhPLLnEXzcOwUlK7vZWcflzHcYK7LUF66koJiYbWVM=
github.com/aiven/go-api-schemas v1.104.0/go.mod h1:z7dGvufm6If4gOdVr7dWTuFZmll9FOZr5Z5CSxGpebA=
github.com/aiven/go-client-codegen v0.62.0 h1:h7sZMUagc1zQUb5l5LeIZ/S5B5aLfLqiYJA6/YI+ePY=
github.com/aiven/go-client-codegen v0.62.0/go.mod h1:QKN/GgLMGWd6+gPEucXlZPi5vC3C6RpD3UeBRQOLI1Y=
github.com/aiven/go-client-codegen v0.63.0 h1:pgs7MEgHTbEaGpjzanQ9Zty/J9SEwKQBbhwfPTY175c=
github.com/aiven/go-client-codegen v0.63.0/go.mod h1:QKN/GgLMGWd6+gPEucXlZPi5vC3C6RpD3UeBRQOLI1Y=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
Expand Down
1 change: 1 addition & 0 deletions internal/sdkprovider/provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,7 @@ func Provider(version string) (*schema.Provider, error) {
"aiven_kafka": kafka.ResourceKafka(),
"aiven_kafka_user": kafka.ResourceKafkaUser(),
"aiven_kafka_acl": kafka.ResourceKafkaACL(),
"aiven_kafka_native_acl": kafka.ResourceKafkaNativeACL(),
"aiven_kafka_schema_registry_acl": kafkaschema.ResourceKafkaSchemaRegistryACL(),
"aiven_kafka_topic": kafkatopic.ResourceKafkaTopic(),
"aiven_kafka_schema": kafkaschema.ResourceKafkaSchema(),
Expand Down
145 changes: 145 additions & 0 deletions internal/sdkprovider/service/kafka/kafka_native_acl.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
package kafka

import (
"context"

avngen "github.com/aiven/go-client-codegen"
"github.com/aiven/go-client-codegen/handler/kafka"

"github.com/aiven/terraform-provider-aiven/internal/common"
"github.com/aiven/terraform-provider-aiven/internal/schemautil"
"github.com/aiven/terraform-provider-aiven/internal/schemautil/userconfig"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
)

var aivenKafkaNativeACLSchema = map[string]*schema.Schema{
"project": schemautil.CommonSchemaProjectReference,
"service_name": schemautil.CommonSchemaServiceNameReference,
"resource_name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.StringLenBetween(1, 256),
Description: userconfig.Desc("The kafka resource name").ForceNew().MaxLen(256).Build(),
},
"resource_type": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.StringInSlice(kafka.ResourceTypeChoices(), false),
Description: userconfig.Desc("The kafka resource type").ForceNew().PossibleValuesString(kafka.ResourceTypeChoices()...).Build(),
},
"pattern_type": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.StringInSlice(kafka.PatternTypeChoices(), false),
Description: userconfig.Desc("Resource pattern used to match specified resources").ForceNew().PossibleValuesString(kafka.PatternTypeChoices()...).Build(),
},
"principal": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.StringLenBetween(1, 256),
Description: userconfig.Desc("Principal is in type:name' format").ForceNew().MaxLen(256).Build(),
},
"host": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
ValidateFunc: validation.StringLenBetween(1, 256),
Description: userconfig.Desc("The host or `*` for all hosts").ForceNew().MaxLen(256).Build(),
},
"operation": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.StringInSlice(kafka.OperationTypeChoices(), false),
Description: userconfig.Desc("The operation").ForceNew().PossibleValuesString(kafka.OperationTypeChoices()...).Build(),
},
"permission_type": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.StringInSlice(kafka.KafkaAclPermissionTypeChoices(), false),
Description: userconfig.Desc("The permission type").ForceNew().PossibleValuesString(kafka.KafkaAclPermissionTypeChoices()...).Build(),
},
}

func ResourceKafkaNativeACL() *schema.Resource {
return &schema.Resource{
Description: userconfig.Desc(`Manages native acls in [kafka service](https://aiven.io/docs/products/kafka/concepts/acl)`).Build(),
CreateContext: common.WithGenClient(resourceKafkaNativeACLCreate),
ReadContext: common.WithGenClient(resourceKafkaNativeACLRead),
DeleteContext: common.WithGenClient(resourceKafkaNativeACLDelete),
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},
Timeouts: schemautil.DefaultResourceTimeouts(),
Schema: aivenKafkaNativeACLSchema,
}
}

func resourceKafkaNativeACLCreate(ctx context.Context, d *schema.ResourceData, client avngen.Client) error {
var req kafka.ServiceKafkaNativeAclAddIn
err := schemautil.ResourceDataGet(d, &req)
if err != nil {
return err
}

project := d.Get("project").(string)
serviceName := d.Get("service_name").(string)

acl, err := client.ServiceKafkaNativeAclAdd(
ctx,
project,
serviceName,
&req,
)
if err != nil {
return err
}

err = schemautil.ResourceDataSet(aivenKafkaNativeACLSchema, d, acl)
if err != nil {
return err
}

d.SetId(schemautil.BuildResourceID(project, serviceName, acl.Id))
return resourceKafkaNativeACLRead(ctx, d, client)
}

func resourceKafkaNativeACLRead(ctx context.Context, d *schema.ResourceData, client avngen.Client) error {
project, serviceName, aclID, err := schemautil.SplitResourceID3(d.Id())
if err != nil {
return err
}

acl, err := client.ServiceKafkaNativeAclGet(
ctx,
project,
serviceName,
aclID,
)
if err != nil {
return err
}

err = schemautil.ResourceDataSet(aivenKafkaNativeACLSchema, d, acl)
return err
}

func resourceKafkaNativeACLDelete(ctx context.Context, d *schema.ResourceData, client avngen.Client) error {
project, serviceName, aclID, err := schemautil.SplitResourceID3(d.Id())
if err != nil {
return err
}

return client.ServiceKafkaNativeAclDelete(
ctx,
project,
serviceName,
aclID,
)
}
75 changes: 75 additions & 0 deletions internal/sdkprovider/service/kafka/kafka_native_acl_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
package kafka_test

import (
"fmt"
"os"
"testing"

"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
"github.com/hashicorp/terraform-plugin-testing/helper/resource"

acc "github.com/aiven/terraform-provider-aiven/internal/acctest"
)

// TestKafkaNativeAcl tests the kafka acl resource.
func TestKafkaNativeAcl(t *testing.T) {
projectName := os.Getenv("AIVEN_PROJECT_NAME")
serviceName := fmt.Sprintf("test-acc-native-acl-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
resourceName := "aiven_kafka_native_acl.foo"

resource.ParallelTest(t, resource.TestCase{
ProtoV6ProviderFactories: acc.TestProtoV6ProviderFactories,
PreCheck: func() { acc.TestAccPreCheck(t) },
Steps: []resource.TestStep{
{
Config: testKafkaACLConfig(projectName, serviceName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttrSet(resourceName, "project"),
resource.TestCheckResourceAttrSet(resourceName, "service_name"),
resource.TestCheckResourceAttrSet(resourceName, "resource_name"),
resource.TestCheckResourceAttrSet(resourceName, "resource_type"),
resource.TestCheckResourceAttrSet(resourceName, "pattern_type"),
resource.TestCheckResourceAttrSet(resourceName, "principal"),
resource.TestCheckResourceAttrSet(resourceName, "host"),
resource.TestCheckResourceAttrSet(resourceName, "operation"),
resource.TestCheckResourceAttrSet(resourceName, "permission_type"),
),
},
},
})
}

func testKafkaACLConfig(projectName string, serviceName string) string {
return fmt.Sprintf(`
data "aiven_project" "foo" {
project = "%s"
}
resource "aiven_kafka" "bar" {
project = data.aiven_project.foo.project
cloud_name = "google-europe-west1"
plan = "startup-2"
service_name = "%s"
maintenance_window_dow = "monday"
maintenance_window_time = "10:00:00"
kafka_user_config {
kafka {
group_max_session_timeout_ms = 70000
log_retention_bytes = 1000000000
}
}
}
resource "aiven_kafka_native_acl" "foo" {
project = data.aiven_project.foo.project
service_name = aiven_kafka.bar.service_name
resource_name = "name-test"
resource_type = "Topic"
pattern_type = "LITERAL"
principal = "User:alice"
host = "host-test"
operation = "Create"
permission_type = "ALLOW"
}`, projectName, serviceName)
}
2 changes: 1 addition & 1 deletion internal/sdkprovider/service/valkey/valkey_user.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ func resourceValkeyUserCreate(ctx context.Context, d *schema.ResourceData, clien

if _, ok := d.GetOk("password"); ok {
var req = service.ServiceUserCredentialsModifyIn{NewPassword: schemautil.OptionalStringPointer(d, "password"),
Operation: service.OperationTypeResetCredentials}
Operation: service.ServiceUserCredentialsModifyOperationTypeResetCredentials}
_, err := client.ServiceUserCredentialsModify(ctx, projectName, serviceName, username, &req)
if err != nil {
return err
Expand Down
1 change: 1 addition & 0 deletions internal/sweep/sweep_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ func knownMissingSweepers() []string {
"aiven_influxdb_database",
"aiven_mysql_user",
"aiven_kafka_acl",
"aiven_kafka_native_acl",
"aiven_pg_database",
"aiven_kafka_user",
"aiven_redis_user",
Expand Down

0 comments on commit 8bedefb

Please sign in to comment.