add originator id (#45)

For https://linear.app/pomerium/issue/ENG-1758/terraform-add-originator-id
pomerium · Feb 26, 2025 · d03dddd · d03dddd
1 parent 3cd77d8
commit d03dddd
Show file tree

Hide file tree

Showing 11 changed files with 333 additions and 43 deletions.
diff --git a/internal/provider/keychain.go → internal/provider/key_chain.go b/internal/provider/keychain.go → internal/provider/key_chain.go
@@ -94,19 +94,8 @@ func (r *KeyChainResource) Create(ctx context.Context, req resource.CreateReques
 		return
 	}
 
-	keyPairReq := &pb.CreateKeyPairRequest{
-		NamespaceId: plan.NamespaceID.ValueString(),
-		Name:        plan.Name.ValueString(),
-		Format:      pb.Format_PEM,
-		Certificate: []byte(plan.Certificate.ValueString()),
-	}
-
-	if !plan.Key.IsNull() {
-		keyData := []byte(plan.Key.ValueString())
-		keyPairReq.Key = keyData
-	}
-
-	respKeyPair, err := r.client.KeyChainService.CreateKeyPair(ctx, keyPairReq)
+	createReq := ConvertKeyPairToCreatePB(&plan)
+	respKeyPair, err := r.client.KeyChainService.CreateKeyPair(ctx, createReq)
 	if err != nil {
 		resp.Diagnostics.AddError("Error creating key pair", err.Error())
 		return
@@ -157,18 +146,7 @@ func (r *KeyChainResource) Update(ctx context.Context, req resource.UpdateReques
 		return
 	}
 
-	fmt := pb.Format_PEM
-	updateReq := &pb.UpdateKeyPairRequest{
-		Id:          plan.ID.ValueString(),
-		Name:        plan.Name.ValueStringPointer(),
-		Format:      &fmt,
-		Certificate: []byte(plan.Certificate.ValueString()),
-	}
-
-	if !plan.Key.IsNull() {
-		updateReq.Key = []byte(plan.Key.ValueString())
-	}
-
+	updateReq := ConvertKeyPairToUpdatePB(&plan)
 	_, err := r.client.KeyChainService.UpdateKeyPair(ctx, updateReq)
 	if err != nil {
 		resp.Diagnostics.AddError("Error updating key pair", err.Error())

diff --git a/internal/provider/key_chain_model.go b/internal/provider/key_chain_model.go
@@ -2,12 +2,45 @@ package provider
 
 import (
 	"github.com/hashicorp/terraform-plugin-framework/types"
+
+	"github.com/pomerium/enterprise-client-go/pb"
 )
 
 type KeyPairModel struct {
+	Certificate types.String `tfsdk:"certificate"`
 	ID          types.String `tfsdk:"id"`
+	Key         types.String `tfsdk:"key"`
 	Name        types.String `tfsdk:"name"`
 	NamespaceID types.String `tfsdk:"namespace_id"`
-	Certificate types.String `tfsdk:"certificate"`
-	Key         types.String `tfsdk:"key"`
+}
+
+func ConvertKeyPairToCreatePB(src *KeyPairModel) *pb.CreateKeyPairRequest {
+	dst := &pb.CreateKeyPairRequest{
+		OriginatorId: originatorID,
+		NamespaceId:  src.NamespaceID.ValueString(),
+		Name:         src.Name.ValueString(),
+		Format:       pb.Format_PEM,
+		Certificate:  []byte(src.Certificate.ValueString()),
+	}
+	if !src.Key.IsNull() {
+		keyData := []byte(src.Key.ValueString())
+		dst.Key = keyData
+	}
+	return dst
+}
+
+func ConvertKeyPairToUpdatePB(src *KeyPairModel) *pb.UpdateKeyPairRequest {
+	fmt := pb.Format_PEM
+	dst := &pb.UpdateKeyPairRequest{
+		OriginatorId: originatorID,
+		Id:           src.ID.ValueString(),
+		Name:         src.Name.ValueStringPointer(),
+		Format:       &fmt,
+		Certificate:  []byte(src.Certificate.ValueString()),
+	}
+	if !src.Key.IsNull() {
+		keyData := []byte(src.Key.ValueString())
+		dst.Key = keyData
+	}
+	return dst
 }
diff --git a/internal/provider/key_chain_model_test.go b/internal/provider/key_chain_model_test.go
@@ -0,0 +1,60 @@
+package provider_test
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/testing/protocmp"
+
+	"github.com/pomerium/enterprise-client-go/pb"
+	"github.com/pomerium/enterprise-terraform-provider/internal/provider"
+)
+
+func TestConvertKeyPairToCreatePB(t *testing.T) {
+	t.Parallel()
+
+	expected := &pb.CreateKeyPairRequest{
+		Certificate:  []byte("CERTIFICATE"),
+		Format:       pb.Format_PEM,
+		Key:          []byte("KEY"),
+		Name:         "NAME",
+		NamespaceId:  "NAMESPACE_ID",
+		OriginatorId: "terraform",
+	}
+	actual := provider.ConvertKeyPairToCreatePB(&provider.KeyPairModel{
+		ID:          types.StringValue("ID"),
+		Name:        types.StringValue("NAME"),
+		NamespaceID: types.StringValue("NAMESPACE_ID"),
+		Certificate: types.StringValue("CERTIFICATE"),
+		Key:         types.StringValue("KEY"),
+	})
+	if diff := cmp.Diff(expected, actual, protocmp.Transform()); diff != "" {
+		t.Errorf("unexpected difference: %s", diff)
+	}
+}
+
+func TestConvertKeyPairToUpdatePB(t *testing.T) {
+	t.Parallel()
+
+	fmt := pb.Format_PEM
+	expected := &pb.UpdateKeyPairRequest{
+		Certificate:  []byte("CERTIFICATE"),
+		Format:       &fmt,
+		Id:           "ID",
+		Key:          []byte("KEY"),
+		Name:         proto.String("NAME"),
+		OriginatorId: "terraform",
+	}
+	actual := provider.ConvertKeyPairToUpdatePB(&provider.KeyPairModel{
+		ID:          types.StringValue("ID"),
+		Name:        types.StringValue("NAME"),
+		NamespaceID: types.StringValue("NAMESPACE_ID"),
+		Certificate: types.StringValue("CERTIFICATE"),
+		Key:         types.StringValue("KEY"),
+	})
+	if diff := cmp.Diff(expected, actual, protocmp.Transform()); diff != "" {
+		t.Errorf("unexpected difference: %s", diff)
+	}
+}
diff --git a/internal/provider/models.go b/internal/provider/models.go
@@ -11,6 +11,8 @@ import (
 	"github.com/pomerium/enterprise-client-go/pb"
 )
 
+const originatorID = "terraform"
+
 // ServiceAccountModel represents the shared model for service account resources and data sources
 type ServiceAccountModel struct {
 	ID          types.String `tfsdk:"id"`
@@ -77,8 +79,9 @@ func ConvertNamespaceToPB(_ context.Context, src *NamespaceResourceModel) (*pb.N
 	var diagnostics diag.Diagnostics
 
 	pbNamespace := &pb.Namespace{
-		Id:   src.ID.ValueString(),
-		Name: src.Name.ValueString(),
+		OriginatorId: originatorID,
+		Id:           src.ID.ValueString(),
+		Name:         src.Name.ValueString(),
 	}
 
 	if !src.ParentID.IsNull() {

diff --git a/internal/provider/policy_model.go b/internal/provider/policy_model.go
@@ -5,34 +5,36 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/types"
+
 	"github.com/pomerium/enterprise-client-go/pb"
 )
 
 // PolicyModel represents the shared model for policy resources and data sources
 type PolicyModel struct {
+	Description types.String   `tfsdk:"description"`
+	Enforced    types.Bool     `tfsdk:"enforced"`
+	Explanation types.String   `tfsdk:"explanation"`
 	ID          types.String   `tfsdk:"id"`
 	Name        types.String   `tfsdk:"name"`
-	Description types.String   `tfsdk:"description"`
 	NamespaceID types.String   `tfsdk:"namespace_id"`
 	PPL         PolicyLanguage `tfsdk:"ppl"`
 	Rego        types.List     `tfsdk:"rego"`
-	Enforced    types.Bool     `tfsdk:"enforced"`
-	Explanation types.String   `tfsdk:"explanation"`
 	Remediation types.String   `tfsdk:"remediation"`
 }
 
 func ConvertPolicyToPB(ctx context.Context, src *PolicyResourceModel) (*pb.Policy, diag.Diagnostics) {
 	var diagnostics diag.Diagnostics
 
 	pbPolicy := &pb.Policy{
-		Id:          src.ID.ValueString(),
-		Name:        src.Name.ValueString(),
-		Description: src.Description.ValueString(),
-		NamespaceId: src.NamespaceID.ValueString(),
-		Ppl:         string(src.PPL.PolicyJSON),
-		Enforced:    src.Enforced.ValueBool(),
-		Explanation: src.Explanation.ValueString(),
-		Remediation: src.Remediation.ValueString(),
+		OriginatorId: originatorID,
+		Id:           src.ID.ValueString(),
+		Name:         src.Name.ValueString(),
+		Description:  src.Description.ValueString(),
+		NamespaceId:  src.NamespaceID.ValueString(),
+		Ppl:          string(src.PPL.PolicyJSON),
+		Enforced:     src.Enforced.ValueBool(),
+		Explanation:  src.Explanation.ValueString(),
+		Remediation:  src.Remediation.ValueString(),
 	}
 	diagnostics.Append(src.Rego.ElementsAs(ctx, &pbPolicy.Rego, false)...)
 

diff --git a/internal/provider/policy_model_test.go b/internal/provider/policy_model_test.go
@@ -0,0 +1,48 @@
+package provider_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/testing/protocmp"
+
+	"github.com/pomerium/enterprise-client-go/pb"
+	"github.com/pomerium/enterprise-terraform-provider/internal/provider"
+)
+
+func TestConvertPolicyToPB(t *testing.T) {
+	t.Parallel()
+
+	expected := &pb.Policy{
+		Description:  "DESCRIPTION",
+		Enforced:     true,
+		Explanation:  "EXPLANATION",
+		Id:           "ID",
+		Name:         "NAME",
+		NamespaceId:  "NAMESPACE_ID",
+		OriginatorId: "terraform",
+		Rego:         []string{"REGO"},
+		Remediation:  "REMEDIATION",
+	}
+	actual, diag := provider.ConvertPolicyToPB(context.Background(), &provider.PolicyModel{
+		Description: types.StringValue("DESCRIPTION"),
+		Enforced:    types.BoolValue(true),
+		Explanation: types.StringValue("EXPLANATION"),
+		ID:          types.StringValue("ID"),
+		Name:        types.StringValue("NAME"),
+		NamespaceID: types.StringValue("NAMESPACE_ID"),
+		PPL:         provider.PolicyLanguage{},
+		Rego:        types.ListValueMust(types.StringType, []attr.Value{types.StringValue("REGO")}),
+		Remediation: types.StringValue("REMEDIATION"),
+	})
+	if !assert.Equal(t, 0, diag.ErrorsCount()) {
+		t.Log(diag.Errors())
+	}
+	if diff := cmp.Diff(expected, actual, protocmp.Transform()); diff != "" {
+		t.Errorf("unexpected difference: %s", diff)
+	}
+}
diff --git a/internal/provider/route_model.go b/internal/provider/route_model.go
@@ -181,6 +181,7 @@ func ConvertRouteToPB(
 	pbRoute.RewriteResponseHeaders = rewriteHeadersToPB(src.RewriteResponseHeaders)
 	pbRoute.BearerTokenFormat = ToBearerTokenFormat(src.BearerTokenFormat)
 	ToRouteStringList(ctx, &pbRoute.IdpAccessTokenAllowedAudiences, src.IDPAccessTokenAllowedAudiences, &diagnostics)
+	pbRoute.OriginatorId = originatorID
 
 	return pbRoute, diagnostics
 }

diff --git a/internal/provider/route_model_test.go b/internal/provider/route_model_test.go
@@ -5,10 +5,11 @@ import (
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-framework/types"
-	"github.com/pomerium/enterprise-client-go/pb"
-	"github.com/pomerium/enterprise-terraform-provider/internal/provider"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/pomerium/enterprise-client-go/pb"
+	"github.com/pomerium/enterprise-terraform-provider/internal/provider"
 )
 
 func TestConvertRouteFromPB(t *testing.T) {

diff --git a/internal/provider/route_test.go b/internal/provider/route_test.go
@@ -176,6 +176,7 @@ func TestConvertRoute(t *testing.T) {
 		require.False(t, diag.HasError(), diag.Errors())
 
 		expected := &pb.Route{
+			OriginatorId:         "terraform",
 			Id:                   "route-id",
 			Name:                 "route-name",
 			From:                 "from",

diff --git a/internal/provider/settings_model.go b/internal/provider/settings_model.go
@@ -69,6 +69,7 @@ type SettingsModel struct {
 	InsecureServer                                    types.Bool           `tfsdk:"insecure_server"`
 	InstallationID                                    types.String         `tfsdk:"installation_id"`
 	JWTClaimsHeaders                                  types.Map            `tfsdk:"jwt_claims_headers"`
+	JWTGroupsFilter                                   types.Object         `tfsdk:"jwt_groups_filter"`
 	LogLevel                                          types.String         `tfsdk:"log_level"`
 	LogoURL                                           types.String         `tfsdk:"logo_url"`
 	MetricsAddress                                    types.String         `tfsdk:"metrics_address"`
@@ -83,7 +84,6 @@ type SettingsModel struct {
 	TimeoutIdle                                       timetypes.GoDuration `tfsdk:"timeout_idle"`
 	TimeoutRead                                       timetypes.GoDuration `tfsdk:"timeout_read"`
 	TimeoutWrite                                      timetypes.GoDuration `tfsdk:"timeout_write"`
-	JWTGroupsFilter                                   types.Object         `tfsdk:"jwt_groups_filter"`
 }
 
 func ConvertSettingsToPB(
@@ -146,6 +146,7 @@ func ConvertSettingsToPB(
 	pbSettings.LogLevel = src.LogLevel.ValueStringPointer()
 	pbSettings.LogoUrl = src.LogoURL.ValueStringPointer()
 	pbSettings.MetricsAddress = src.MetricsAddress.ValueStringPointer()
+	pbSettings.OriginatorId = originatorID
 	pbSettings.PassIdentityHeaders = src.PassIdentityHeaders.ValueBoolPointer()
 	pbSettings.PrimaryColor = src.PrimaryColor.ValueStringPointer()
 	pbSettings.ProxyLogLevel = src.ProxyLogLevel.ValueStringPointer()