package sqlserverflexbeta import ( "context" _ "embed" "errors" "fmt" "net/http" "slices" "strconv" "strings" "time" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/identityschema" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" "github.com/stackitcloud/stackit-sdk-go/core/oapierror" "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/pkg_gen/sqlserverflexbeta" "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/conversion" sqlserverflexbetagen "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/sqlserverflexbeta/user/resources_gen" sqlserverflexbetaUtils "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/sqlserverflexbeta/utils" sqlserverflexbetaWait "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/wait/sqlserverflexbeta" "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/core" "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/utils" sqlserverflexbetaResGen "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/sqlserverflexbeta/user/resources_gen" ) var ( _ resource.Resource = &userResource{} _ resource.ResourceWithConfigure = &userResource{} _ resource.ResourceWithImportState = &userResource{} _ resource.ResourceWithModifyPlan = &userResource{} _ resource.ResourceWithIdentity = &userResource{} _ resource.ResourceWithValidateConfig = &userResource{} ) func NewUserResource() resource.Resource { return &userResource{} } // resourceModel describes the resource data model. type resourceModel = sqlserverflexbetaResGen.UserModel // UserResourceIdentityModel describes the resource's identity attributes. type UserResourceIdentityModel struct { ProjectID types.String `tfsdk:"project_id"` Region types.String `tfsdk:"region"` InstanceID types.String `tfsdk:"instance_id"` UserID types.Int64 `tfsdk:"user_id"` } type userResource struct { client *sqlserverflexbeta.APIClient providerData core.ProviderData } func (r *userResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_sqlserverflexbeta_user" } // Configure adds the provider configured client to the resource. func (r *userResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { var ok bool r.providerData, ok = conversion.ParseProviderData(ctx, req.ProviderData, &resp.Diagnostics) if !ok { return } apiClient := sqlserverflexbetaUtils.ConfigureClient(ctx, &r.providerData, &resp.Diagnostics) if resp.Diagnostics.HasError() { return } r.client = apiClient tflog.Info(ctx, "SQLServer Beta Flex user client configured") } // ModifyPlan implements resource.ResourceWithModifyPlan. // Use the modifier to set the effective region in the current plan. func (r *userResource) ModifyPlan( ctx context.Context, req resource.ModifyPlanRequest, resp *resource.ModifyPlanResponse, ) { // nolint:gocritic // function signature required by Terraform var configModel resourceModel // skip initial empty configuration to avoid follow-up errors if req.Config.Raw.IsNull() { return } resp.Diagnostics.Append(req.Config.Get(ctx, &configModel)...) if resp.Diagnostics.HasError() { return } var planModel resourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &planModel)...) if resp.Diagnostics.HasError() { return } utils.AdaptRegion(ctx, configModel.Region, &planModel.Region, r.providerData.GetRegion(), resp) if resp.Diagnostics.HasError() { return } resp.Diagnostics.Append(resp.Plan.Set(ctx, planModel)...) if resp.Diagnostics.HasError() { return } } //go:embed planModifiers.yaml var modifiersFileByte []byte // Schema defines the schema for the resource. func (r *userResource) Schema(ctx context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { s := sqlserverflexbetagen.UserResourceSchema(ctx) fields, err := utils.ReadModifiersConfig(modifiersFileByte) if err != nil { resp.Diagnostics.AddError("error during read modifiers config file", err.Error()) return } err = utils.AddPlanModifiersToResourceSchema(fields, &s) if err != nil { resp.Diagnostics.AddError("error adding plan modifiers", err.Error()) return } resp.Schema = s } // IdentitySchema defines the schema for the resource's identity attributes. func (r *userResource) IdentitySchema( _ context.Context, _ resource.IdentitySchemaRequest, response *resource.IdentitySchemaResponse, ) { response.IdentitySchema = identityschema.Schema{ Attributes: map[string]identityschema.Attribute{ "project_id": identityschema.StringAttribute{ RequiredForImport: true, // must be set during import by the practitioner }, "region": identityschema.StringAttribute{ RequiredForImport: true, // can be defaulted by the provider configuration }, "instance_id": identityschema.StringAttribute{ RequiredForImport: true, // can be defaulted by the provider configuration }, "user_id": identityschema.Int64Attribute{ RequiredForImport: true, // can be defaulted by the provider configuration }, }, } } func (r *userResource) ValidateConfig( ctx context.Context, req resource.ValidateConfigRequest, resp *resource.ValidateConfigResponse, ) { var data resourceModel resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return } var roles []string diags := data.Roles.ElementsAs(ctx, &roles, false) resp.Diagnostics.Append(diags...) if diags.HasError() { return } var resRoles []string for _, role := range roles { if slices.Contains(resRoles, role) { resp.Diagnostics.AddAttributeError( path.Root("roles"), "Attribute Configuration Error", "defined roles MUST NOT contain duplicates", ) return } resRoles = append(resRoles, role) } } // Create creates the resource and sets the initial Terraform state. func (r *userResource) Create( ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse, ) { // nolint:gocritic // function signature required by Terraform var model resourceModel diags := req.Plan.Get(ctx, &model) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } ctx = core.InitProviderContext(ctx) projectId := model.ProjectId.ValueString() instanceId := model.InstanceId.ValueString() region := model.Region.ValueString() ctx = tflog.SetField(ctx, "project_id", projectId) ctx = tflog.SetField(ctx, "instance_id", instanceId) ctx = tflog.SetField(ctx, "region", region) var roles []string if !model.Roles.IsNull() && !model.Roles.IsUnknown() { diags = model.Roles.ElementsAs(ctx, &roles, false) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } slices.Sort(roles) } // Generate API request body from model payload, err := toCreatePayload(&model, roles) if err != nil { core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating user", fmt.Sprintf("Creating API payload: %v", err)) return } // Create new user userResp, err := r.client.CreateUserRequest( ctx, projectId, region, instanceId, ).CreateUserRequestPayload(*payload).Execute() if err != nil { core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating user", fmt.Sprintf("Calling API: %v", err)) return } ctx = core.LogResponse(ctx) if userResp == nil || userResp.Id == nil || *userResp.Id == 0 { core.LogAndAddError( ctx, &resp.Diagnostics, "Error creating user", "API didn't return user Id. A user might have been created", ) return } userId := *userResp.Id ctx = tflog.SetField(ctx, "user_id", userId) // Set data returned by API in identity identity := UserResourceIdentityModel{ ProjectID: types.StringValue(projectId), Region: types.StringValue(region), InstanceID: types.StringValue(instanceId), UserID: types.Int64Value(userId), } resp.Diagnostics.Append(resp.Identity.Set(ctx, identity)...) if resp.Diagnostics.HasError() { return } err = mapFieldsCreate(userResp, &model, region) if err != nil { core.LogAndAddError( ctx, &resp.Diagnostics, "Error creating user", fmt.Sprintf("Processing API payload: %v", err), ) return } waitResp, err := sqlserverflexbetaWait.CreateUserWaitHandler( ctx, r.client, projectId, instanceId, region, userId, ).SetSleepBeforeWait( 90 * time.Second, ).SetTimeout( 90 * time.Minute, ).WaitWithContext(ctx) if err != nil { core.LogAndAddError( ctx, &resp.Diagnostics, "create user", fmt.Sprintf("Instance creation waiting: %v", err), ) return } if waitResp.Id == nil { core.LogAndAddError( ctx, &resp.Diagnostics, "create user", "Instance creation waiting: returned id is nil", ) return } // Map response body to schema err = mapFields(waitResp, &model, region) if err != nil { core.LogAndAddError( ctx, &resp.Diagnostics, "Error creating user", fmt.Sprintf("Processing API payload: %v", err), ) return } // Set state to fully populated data diags = resp.State.Set(ctx, model) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } tflog.Info(ctx, "SQLServer Flex user created") } // Read refreshes the Terraform state with the latest data. func (r *userResource) Read( ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse, ) { // nolint:gocritic // function signature required by Terraform var model resourceModel diags := req.State.Get(ctx, &model) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } ctx = core.InitProviderContext(ctx) projectId := model.ProjectId.ValueString() instanceId := model.InstanceId.ValueString() userId := model.UserId.ValueInt64() region := r.providerData.GetRegionWithOverride(model.Region) ctx = tflog.SetField(ctx, "project_id", projectId) ctx = tflog.SetField(ctx, "instance_id", instanceId) ctx = tflog.SetField(ctx, "user_id", userId) ctx = tflog.SetField(ctx, "region", region) recordSetResp, err := r.client.GetUserRequest(ctx, projectId, region, instanceId, userId).Execute() if err != nil { var oapiErr *oapierror.GenericOpenAPIError ok := errors.As( err, &oapiErr, ) //nolint:errorlint //complaining that error.As should be used to catch wrapped errors, but this error should not be wrapped if ok && oapiErr.StatusCode == http.StatusNotFound { resp.State.RemoveResource(ctx) return } core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading user", fmt.Sprintf("Calling API: %v", err)) return } ctx = core.LogResponse(ctx) // Map response body to schema err = mapFields(recordSetResp, &model, region) if err != nil { core.LogAndAddError( ctx, &resp.Diagnostics, "Error reading user", fmt.Sprintf("Processing API payload: %v", err), ) return } // Set data returned by API in identity identity := UserResourceIdentityModel{ ProjectID: types.StringValue(projectId), Region: types.StringValue(region), InstanceID: types.StringValue(instanceId), UserID: types.Int64Value(userId), } resp.Diagnostics.Append(resp.Identity.Set(ctx, identity)...) if resp.Diagnostics.HasError() { return } // Set refreshed state diags = resp.State.Set(ctx, model) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } tflog.Info(ctx, "SQLServer Flex user read") } // Update updates the resource and sets the updated Terraform state on success. func (r *userResource) Update( ctx context.Context, _ resource.UpdateRequest, resp *resource.UpdateResponse, ) { // nolint:gocritic // function signature required by Terraform // Update shouldn't be called core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating user", "an SQL server user can not be updated, only created") } // Delete deletes the resource and removes the Terraform state on success. func (r *userResource) Delete( ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse, ) { // nolint:gocritic // function signature required by Terraform // Retrieve values from plan var model resourceModel diags := req.State.Get(ctx, &model) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } ctx = core.InitProviderContext(ctx) projectId := model.ProjectId.ValueString() instanceId := model.InstanceId.ValueString() userId := model.UserId.ValueInt64() region := model.Region.ValueString() ctx = tflog.SetField(ctx, "project_id", projectId) ctx = tflog.SetField(ctx, "instance_id", instanceId) ctx = tflog.SetField(ctx, "user_id", userId) ctx = tflog.SetField(ctx, "region", region) // Delete existing record set // err := r.client.DeleteUserRequest(ctx, projectId, region, instanceId, userId).Execute() err := r.client.DeleteUserRequestExecute(ctx, projectId, region, instanceId, userId) if err != nil { var oapiErr *oapierror.GenericOpenAPIError ok := errors.As(err, &oapiErr) if !ok { // TODO err handling return } switch oapiErr.StatusCode { case http.StatusNotFound: resp.State.RemoveResource(ctx) return // case http.StatusInternalServerError: // tflog.Warn(ctx, "[delete user] Wait handler got error 500") // return false, nil, nil default: // TODO err handling return } } // Delete existing record set _, err = sqlserverflexbetaWait.DeleteUserWaitHandler(ctx, r.client, projectId, region, instanceId, userId). WaitWithContext(ctx) // err := r.client.DeleteUserRequest(ctx, arg.projectId, arg.region, arg.instanceId, userId).Execute() if err != nil { core.LogAndAddError(ctx, &resp.Diagnostics, "User Delete Error", fmt.Sprintf("Calling API: %v", err)) return } ctx = core.LogResponse(ctx) resp.State.RemoveResource(ctx) tflog.Info(ctx, "SQLServer Flex user deleted") } // ImportState imports a resource into the Terraform state on success. // The expected format of the resource import identifier is: project_id,zone_id,record_set_id func (r *userResource) ImportState( ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse, ) { ctx = core.InitProviderContext(ctx) if req.ID != "" { idParts := strings.Split(req.ID, core.Separator) if len(idParts) != 4 || idParts[0] == "" || idParts[1] == "" || idParts[2] == "" || idParts[3] == "" { core.LogAndAddError( ctx, &resp.Diagnostics, "Error importing user", fmt.Sprintf( "Expected import identifier with format [project_id],[region],[instance_id],[user_id], got %q", req.ID, ), ) return } userId, err := strconv.ParseInt(idParts[3], 10, 64) if err != nil { core.LogAndAddError( ctx, &resp.Diagnostics, "Error importing user", fmt.Sprintf("Invalid user_id format: %q. It must be a valid integer.", idParts[3]), ) return } resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), idParts[0])...) resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("region"), idParts[1])...) resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("instance_id"), idParts[2])...) resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("user_id"), userId)...) tflog.Info(ctx, "SQLServer Flex user state imported") return } // If no ID is provided, attempt to read identity attributes from the import configuration var identityData UserResourceIdentityModel resp.Diagnostics.Append(req.Identity.Get(ctx, &identityData)...) if resp.Diagnostics.HasError() { return } projectId := identityData.ProjectID.ValueString() region := identityData.Region.ValueString() instanceId := identityData.InstanceID.ValueString() userId := identityData.UserID.ValueInt64() resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), projectId)...) resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("region"), region)...) resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("instance_id"), instanceId)...) resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("user_id"), userId)...) core.LogAndAddWarning( ctx, &resp.Diagnostics, "SQLServer Flex user imported with empty password", "The user password is not imported as it is only available upon creation of a new user. The password field will be empty.", ) tflog.Info(ctx, "SQLServer Flex user state imported") }