terraform-provider-stackitprivatepreview/stackit/internal/services/sqlserverflexalpha/user/resource.go

package sqlserverflexalpha

import (
	"context"
	_ "embed"
	"errors"
	"fmt"
	"net/http"
	"slices"
	"strconv"
	"strings"
	"time"

	"github.com/hashicorp/terraform-plugin-framework/path"
	"github.com/hashicorp/terraform-plugin-framework/resource"
	"github.com/hashicorp/terraform-plugin-framework/resource/identityschema"
	"github.com/hashicorp/terraform-plugin-framework/types"
	"github.com/hashicorp/terraform-plugin-log/tflog"
	"github.com/stackitcloud/stackit-sdk-go/core/oapierror"

	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/pkg_gen/sqlserverflexalpha"
	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/conversion"
	sqlserverflexalphagen "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/sqlserverflexalpha/user/resources_gen"
	sqlserverflexalphaUtils "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/sqlserverflexalpha/utils"
	sqlserverflexalphaWait "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/wait/sqlserverflexalpha"

	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/core"
	"tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/utils"

	sqlserverflexalphaResGen "tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview/stackit/internal/services/sqlserverflexalpha/user/resources_gen"
)

var (
	_ resource.Resource                   = &userResource{}
	_ resource.ResourceWithConfigure      = &userResource{}
	_ resource.ResourceWithImportState    = &userResource{}
	_ resource.ResourceWithModifyPlan     = &userResource{}
	_ resource.ResourceWithIdentity       = &userResource{}
	_ resource.ResourceWithValidateConfig = &userResource{}
)

func NewUserResource() resource.Resource {
	return &userResource{}
}

// resourceModel describes the resource data model.
type resourceModel = sqlserverflexalphaResGen.UserModel

// UserResourceIdentityModel describes the resource's identity attributes.
type UserResourceIdentityModel struct {
	ProjectID  types.String `tfsdk:"project_id"`
	Region     types.String `tfsdk:"region"`
	InstanceID types.String `tfsdk:"instance_id"`
	UserID     types.Int64  `tfsdk:"user_id"`
}

type userResource struct {
	client       *sqlserverflexalpha.APIClient
	providerData core.ProviderData
}

func (r *userResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
	resp.TypeName = req.ProviderTypeName + "_sqlserverflexalpha_user"
}

// Configure adds the provider configured client to the resource.
func (r *userResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
	var ok bool
	r.providerData, ok = conversion.ParseProviderData(ctx, req.ProviderData, &resp.Diagnostics)
	if !ok {
		return
	}

	apiClient := sqlserverflexalphaUtils.ConfigureClient(ctx, &r.providerData, &resp.Diagnostics)
	if resp.Diagnostics.HasError() {
		return
	}
	r.client = apiClient
	tflog.Info(ctx, "SQLServer Beta Flex user client configured")
}

// ModifyPlan implements resource.ResourceWithModifyPlan.
// Use the modifier to set the effective region in the current plan.
func (r *userResource) ModifyPlan(
	ctx context.Context,
	req resource.ModifyPlanRequest,
	resp *resource.ModifyPlanResponse,
) { // nolint:gocritic // function signature required by Terraform
	var configModel resourceModel
	// skip initial empty configuration to avoid follow-up errors
	if req.Config.Raw.IsNull() {
		return
	}
	resp.Diagnostics.Append(req.Config.Get(ctx, &configModel)...)
	if resp.Diagnostics.HasError() {
		return
	}

	var planModel resourceModel
	resp.Diagnostics.Append(req.Plan.Get(ctx, &planModel)...)
	if resp.Diagnostics.HasError() {
		return
	}

	utils.AdaptRegion(ctx, configModel.Region, &planModel.Region, r.providerData.GetRegion(), resp)
	if resp.Diagnostics.HasError() {
		return
	}

	resp.Diagnostics.Append(resp.Plan.Set(ctx, planModel)...)
	if resp.Diagnostics.HasError() {
		return
	}
}

//go:embed planModifiers.yaml
var modifiersFileByte []byte

// Schema defines the schema for the resource.
func (r *userResource) Schema(ctx context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
	s := sqlserverflexalphagen.UserResourceSchema(ctx)

	fields, err := utils.ReadModifiersConfig(modifiersFileByte)
	if err != nil {
		resp.Diagnostics.AddError("error during read modifiers config file", err.Error())
		return
	}

	err = utils.AddPlanModifiersToResourceSchema(fields, &s)
	if err != nil {
		resp.Diagnostics.AddError("error adding plan modifiers", err.Error())
		return
	}
	resp.Schema = s
}

// IdentitySchema defines the schema for the resource's identity attributes.
func (r *userResource) IdentitySchema(
	_ context.Context,
	_ resource.IdentitySchemaRequest,
	response *resource.IdentitySchemaResponse,
) {
	response.IdentitySchema = identityschema.Schema{
		Attributes: map[string]identityschema.Attribute{
			"project_id": identityschema.StringAttribute{
				RequiredForImport: true, // must be set during import by the practitioner
			},
			"region": identityschema.StringAttribute{
				RequiredForImport: true, // can be defaulted by the provider configuration
			},
			"instance_id": identityschema.StringAttribute{
				RequiredForImport: true, // can be defaulted by the provider configuration
			},
			"user_id": identityschema.Int64Attribute{
				RequiredForImport: true, // can be defaulted by the provider configuration
			},
		},
	}
}

func (r *userResource) ValidateConfig(
	ctx context.Context,
	req resource.ValidateConfigRequest,
	resp *resource.ValidateConfigResponse,
) {
	var data resourceModel

	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
	if resp.Diagnostics.HasError() {
		return
	}

	var roles []string
	diags := data.Roles.ElementsAs(ctx, &roles, false)
	resp.Diagnostics.Append(diags...)
	if diags.HasError() {
		return
	}

	var resRoles []string
	for _, role := range roles {
		if slices.Contains(resRoles, role) {
			resp.Diagnostics.AddAttributeError(
				path.Root("roles"),
				"Attribute Configuration Error",
				"defined roles MUST NOT contain duplicates",
			)
			return
		}
		resRoles = append(resRoles, role)
	}
}

// Create creates the resource and sets the initial Terraform state.
func (r *userResource) Create(
	ctx context.Context,
	req resource.CreateRequest,
	resp *resource.CreateResponse,
) { // nolint:gocritic // function signature required by Terraform
	var model resourceModel
	diags := req.Plan.Get(ctx, &model)
	resp.Diagnostics.Append(diags...)
	if resp.Diagnostics.HasError() {
		return
	}

	ctx = core.InitProviderContext(ctx)

	projectId := model.ProjectId.ValueString()
	instanceId := model.InstanceId.ValueString()
	region := model.Region.ValueString()

	ctx = tflog.SetField(ctx, "project_id", projectId)
	ctx = tflog.SetField(ctx, "instance_id", instanceId)
	ctx = tflog.SetField(ctx, "region", region)

	var roles []string
	if !model.Roles.IsNull() && !model.Roles.IsUnknown() {
		diags = model.Roles.ElementsAs(ctx, &roles, false)
		resp.Diagnostics.Append(diags...)
		if resp.Diagnostics.HasError() {
			return
		}

		slices.Sort(roles)
	}

	// Generate API request body from model
	payload, err := toCreatePayload(&model, roles)
	if err != nil {
		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating user", fmt.Sprintf("Creating API payload: %v", err))
		return
	}
	// Create new user
	userResp, err := r.client.CreateUserRequest(
		ctx,
		projectId,
		region,
		instanceId,
	).CreateUserRequestPayload(*payload).Execute()
	if err != nil {
		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating user", fmt.Sprintf("Calling API: %v", err))
		return
	}

	ctx = core.LogResponse(ctx)

	if userResp == nil || userResp.Id == nil || *userResp.Id == 0 {
		core.LogAndAddError(
			ctx,
			&resp.Diagnostics,
			"Error creating user",
			"API didn't return user Id. A user might have been created",
		)
		return
	}

	userId := *userResp.Id
	ctx = tflog.SetField(ctx, "user_id", userId)

	// Set data returned by API in identity
	identity := UserResourceIdentityModel{
		ProjectID:  types.StringValue(projectId),
		Region:     types.StringValue(region),
		InstanceID: types.StringValue(instanceId),
		UserID:     types.Int64Value(userId),
	}
	resp.Diagnostics.Append(resp.Identity.Set(ctx, identity)...)
	if resp.Diagnostics.HasError() {
		return
	}

	err = mapFieldsCreate(userResp, &model, region)
	if err != nil {
		core.LogAndAddError(
			ctx,
			&resp.Diagnostics,
			"Error creating user",
			fmt.Sprintf("Processing API payload: %v", err),
		)
		return
	}

	waitResp, err := sqlserverflexalphaWait.CreateUserWaitHandler(
		ctx,
		r.client,
		projectId,
		instanceId,
		region,
		userId,
	).SetSleepBeforeWait(
		90 * time.Second,
	).SetTimeout(
		90 * time.Minute,
	).WaitWithContext(ctx)

	if err != nil {
		core.LogAndAddError(
			ctx,
			&resp.Diagnostics,
			"create user",
			fmt.Sprintf("Instance creation waiting: %v", err),
		)
		return
	}

	if waitResp.Id == nil {
		core.LogAndAddError(
			ctx,
			&resp.Diagnostics,
			"create user",
			"Instance creation waiting: returned id is nil",
		)
		return
	}

	// Map response body to schema
	err = mapFields(waitResp, &model, region)
	if err != nil {
		core.LogAndAddError(
			ctx,
			&resp.Diagnostics,
			"Error creating user",
			fmt.Sprintf("Processing API payload: %v", err),
		)
		return
	}
	// Set state to fully populated data
	diags = resp.State.Set(ctx, model)
	resp.Diagnostics.Append(diags...)
	if resp.Diagnostics.HasError() {
		return
	}
	tflog.Info(ctx, "SQLServer Flex user created")
}

// Read refreshes the Terraform state with the latest data.
func (r *userResource) Read(
	ctx context.Context,
	req resource.ReadRequest,
	resp *resource.ReadResponse,
) { // nolint:gocritic // function signature required by Terraform
	var model resourceModel
	diags := req.State.Get(ctx, &model)
	resp.Diagnostics.Append(diags...)
	if resp.Diagnostics.HasError() {
		return
	}

	ctx = core.InitProviderContext(ctx)

	projectId := model.ProjectId.ValueString()
	instanceId := model.InstanceId.ValueString()
	userId := model.UserId.ValueInt64()
	region := r.providerData.GetRegionWithOverride(model.Region)
	ctx = tflog.SetField(ctx, "project_id", projectId)
	ctx = tflog.SetField(ctx, "instance_id", instanceId)
	ctx = tflog.SetField(ctx, "user_id", userId)
	ctx = tflog.SetField(ctx, "region", region)

	recordSetResp, err := r.client.GetUserRequest(ctx, projectId, region, instanceId, userId).Execute()
	if err != nil {
		var oapiErr *oapierror.GenericOpenAPIError
		ok := errors.As(
			err,
			&oapiErr,
		)
		//nolint:errorlint //complaining that error.As should be used to catch wrapped errors, but this error should not be wrapped
		if ok && oapiErr.StatusCode == http.StatusNotFound {
			resp.State.RemoveResource(ctx)
			return
		}
		core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading user", fmt.Sprintf("Calling API: %v", err))
		return
	}

	ctx = core.LogResponse(ctx)

	// Map response body to schema
	err = mapFields(recordSetResp, &model, region)
	if err != nil {
		core.LogAndAddError(
			ctx,
			&resp.Diagnostics,
			"Error reading user",
			fmt.Sprintf("Processing API payload: %v", err),
		)
		return
	}

	// Set data returned by API in identity
	identity := UserResourceIdentityModel{
		ProjectID:  types.StringValue(projectId),
		Region:     types.StringValue(region),
		InstanceID: types.StringValue(instanceId),
		UserID:     types.Int64Value(userId),
	}
	resp.Diagnostics.Append(resp.Identity.Set(ctx, identity)...)
	if resp.Diagnostics.HasError() {
		return
	}

	// Set refreshed state
	diags = resp.State.Set(ctx, model)
	resp.Diagnostics.Append(diags...)
	if resp.Diagnostics.HasError() {
		return
	}
	tflog.Info(ctx, "SQLServer Flex user read")
}

// Update updates the resource and sets the updated Terraform state on success.
func (r *userResource) Update(
	ctx context.Context,
	_ resource.UpdateRequest,
	resp *resource.UpdateResponse,
) { // nolint:gocritic // function signature required by Terraform
	// Update shouldn't be called
	core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating user", "User can't be updated")
}

// Delete deletes the resource and removes the Terraform state on success.
func (r *userResource) Delete(
	ctx context.Context,
	req resource.DeleteRequest,
	resp *resource.DeleteResponse,
) { // nolint:gocritic // function signature required by Terraform
	// Retrieve values from plan
	var model resourceModel
	diags := req.State.Get(ctx, &model)
	resp.Diagnostics.Append(diags...)
	if resp.Diagnostics.HasError() {
		return
	}

	ctx = core.InitProviderContext(ctx)

	projectId := model.ProjectId.ValueString()
	instanceId := model.InstanceId.ValueString()
	userId := model.UserId.ValueInt64()
	region := model.Region.ValueString()
	ctx = tflog.SetField(ctx, "project_id", projectId)
	ctx = tflog.SetField(ctx, "instance_id", instanceId)
	ctx = tflog.SetField(ctx, "user_id", userId)
	ctx = tflog.SetField(ctx, "region", region)

	// Delete existing record set
	// err := r.client.DeleteUserRequest(ctx, projectId, region, instanceId, userId).Execute()
	err := r.client.DeleteUserRequestExecute(ctx, projectId, region, instanceId, userId)
	if err != nil {
		var oapiErr *oapierror.GenericOpenAPIError
		ok := errors.As(err, &oapiErr)
		if !ok {
			// TODO err handling
			return
		}

		switch oapiErr.StatusCode {
		case http.StatusNotFound:
			resp.State.RemoveResource(ctx)
			return
		// case http.StatusInternalServerError:
		// 	tflog.Warn(ctx, "[delete user] Wait handler got error 500")
		// 	return false, nil, nil
		default:
			// TODO err handling
			return
		}
	}
	// Delete existing record set
	_, err = sqlserverflexalphaWait.DeleteUserWaitHandler(ctx, r.client, projectId, region, instanceId, userId).
		WaitWithContext(ctx)
	// err := r.client.DeleteUserRequest(ctx, arg.projectId, arg.region, arg.instanceId, userId).Execute()
	if err != nil {
		core.LogAndAddError(ctx, &resp.Diagnostics, "User Delete Error", fmt.Sprintf("Calling API: %v", err))
		return
	}

	ctx = core.LogResponse(ctx)

	resp.State.RemoveResource(ctx)

	tflog.Info(ctx, "SQLServer Flex user deleted")
}

// ImportState imports a resource into the Terraform state on success.
// The expected format of the resource import identifier is: project_id,zone_id,record_set_id
func (r *userResource) ImportState(
	ctx context.Context,
	req resource.ImportStateRequest,
	resp *resource.ImportStateResponse,
) {
	ctx = core.InitProviderContext(ctx)

	if req.ID != "" {
		idParts := strings.Split(req.ID, core.Separator)

		if len(idParts) != 4 || idParts[0] == "" || idParts[1] == "" || idParts[2] == "" || idParts[3] == "" {
			core.LogAndAddError(
				ctx, &resp.Diagnostics,
				"Error importing user",
				fmt.Sprintf(
					"Expected import identifier with format [project_id],[region],[instance_id],[user_id], got %q",
					req.ID,
				),
			)
			return
		}

		userId, err := strconv.ParseInt(idParts[3], 10, 64)
		if err != nil {
			core.LogAndAddError(
				ctx,
				&resp.Diagnostics,
				"Error importing user",
				fmt.Sprintf("Invalid user_id format: %q. It must be a valid integer.", idParts[3]),
			)
			return
		}

		resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), idParts[0])...)
		resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("region"), idParts[1])...)
		resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("instance_id"), idParts[2])...)
		resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("user_id"), userId)...)

		tflog.Info(ctx, "SQLServer Flex user state imported")

		return
	}

	// If no ID is provided, attempt to read identity attributes from the import configuration
	var identityData UserResourceIdentityModel
	resp.Diagnostics.Append(req.Identity.Get(ctx, &identityData)...)
	if resp.Diagnostics.HasError() {
		return
	}

	projectId := identityData.ProjectID.ValueString()
	region := identityData.Region.ValueString()
	instanceId := identityData.InstanceID.ValueString()
	userId := identityData.UserID.ValueInt64()

	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), projectId)...)
	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("region"), region)...)
	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("instance_id"), instanceId)...)
	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("user_id"), userId)...)

	core.LogAndAddWarning(
		ctx,
		&resp.Diagnostics,
		"SQLServer Flex user imported with empty password",
		"The user password is not imported as it is only available upon creation of a new user. The password field will be empty.",
	)
	tflog.Info(ctx, "SQLServer Flex user state imported")
}