Skip to content

Commit 5698255

Browse files
Rajesh-PiratiRajesh-Pirati
committed
skip service-id and trusted-profile-id validation when creating policies
Signed-off-by: Rajesh Pirati <[email protected]>
1 parent d03ec83 commit 5698255

13 files changed

+146
-396
lines changed

ibm/provider/provider.go

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2184,9 +2184,7 @@ func Validator() validate.ValidatorDict {
21842184
"ibm_iam_service_api_key": iamidentity.ResourceIBMIAMServiceAPIKeyValidator(),
21852185
"ibm_iam_trusted_profile_identity": iamidentity.ResourceIBMIamTrustedProfileIdentityValidator(),
21862186

2187-
"ibm_iam_trusted_profile_policy": iampolicy.ResourceIBMIAMTrustedProfilePolicyValidator(),
21882187
"ibm_iam_access_group_policy": iampolicy.ResourceIBMIAMAccessGroupPolicyValidator(),
2189-
"ibm_iam_service_policy": iampolicy.ResourceIBMIAMServicePolicyValidator(),
21902188
"ibm_iam_authorization_policy": iampolicy.ResourceIBMIAMAuthorizationPolicyValidator(),
21912189
"ibm_iam_policy_template": iampolicy.ResourceIBMIAMPolicyTemplateValidator(),
21922190
"ibm_iam_policy_template_version": iampolicy.ResourceIBMIAMPolicyTemplateVersionValidator(),
@@ -2330,9 +2328,7 @@ func Validator() validate.ValidatorDict {
23302328
"ibm_iam_trusted_profile": iamidentity.DataSourceIBMIamTrustedProfileValidator(),
23312329
"ibm_iam_trusted_profile_claim_rules": iamidentity.DataSourceIBMIamTrustedProfileClaimRulesValidator(),
23322330

2333-
"ibm_iam_access_group_policy": iampolicy.DataSourceIBMIAMAccessGroupPolicyValidator(),
2334-
"ibm_iam_service_policy": iampolicy.DataSourceIBMIAMServicePolicyValidator(),
2335-
"ibm_iam_trusted_profile_policy": iampolicy.DataSourceIBMIAMTrustedProfilePolicyValidator(),
2331+
"ibm_iam_access_group_policy": iampolicy.DataSourceIBMIAMAccessGroupPolicyValidator(),
23362332
},
23372333
}
23382334
})

ibm/service/iampolicy/data_source_ibm_iam_service_policy.go

Lines changed: 5 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,9 @@ import (
88

99
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
1010
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
11-
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate"
1211
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
1312

1413
"github.com/IBM/go-sdk-core/v5/core"
15-
"github.com/IBM/platform-services-go-sdk/iamidentityv1"
1614
"github.com/IBM/platform-services-go-sdk/iampolicymanagementv1"
1715
)
1816

@@ -22,19 +20,10 @@ func DataSourceIBMIAMServicePolicy() *schema.Resource {
2220
Read: dataSourceIBMIAMServicePolicyRead,
2321

2422
Schema: map[string]*schema.Schema{
25-
"iam_service_id": {
26-
Type: schema.TypeString,
27-
Optional: true,
28-
ExactlyOneOf: []string{"iam_service_id", "iam_id"},
29-
Description: "UUID of ServiceID",
30-
ValidateFunc: validate.InvokeDataSourceValidator("ibm_iam_service_policy",
31-
"iam_service_id"),
32-
},
3323
"iam_id": {
34-
Type: schema.TypeString,
35-
Optional: true,
36-
ExactlyOneOf: []string{"iam_service_id", "iam_id"},
37-
Description: "IAM ID of ServiceID",
24+
Type: schema.TypeString,
25+
Required: true,
26+
Description: "IAM ID of ServiceID",
3827
},
3928
"sort": {
4029
Description: "Sort query for policies",
@@ -212,40 +201,10 @@ func DataSourceIBMIAMServicePolicy() *schema.Resource {
212201
},
213202
}
214203
}
215-
func DataSourceIBMIAMServicePolicyValidator() *validate.ResourceValidator {
216-
validateSchema := make([]validate.ValidateSchema, 0)
217-
validateSchema = append(validateSchema,
218-
validate.ValidateSchema{
219-
Identifier: "iam_service_id",
220-
ValidateFunctionIdentifier: validate.ValidateCloudData,
221-
Type: validate.TypeString,
222-
CloudDataType: "iam",
223-
CloudDataRange: []string{"service:service_id", "resolved_to:id"},
224-
Optional: true})
225-
226-
iBMIAMServicePolicyValidator := validate.ResourceValidator{ResourceName: "ibm_iam_service_policy", Schema: validateSchema}
227-
return &iBMIAMServicePolicyValidator
228-
}
229204

230205
func dataSourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{}) error {
231206

232207
var iamID string
233-
if v, ok := d.GetOk("iam_service_id"); ok && v != nil {
234-
235-
serviceIDUUID := v.(string)
236-
iamClient, err := meta.(conns.ClientSession).IAMIdentityV1API()
237-
if err != nil {
238-
return err
239-
}
240-
getServiceIDOptions := iamidentityv1.GetServiceIDOptions{
241-
ID: &serviceIDUUID,
242-
}
243-
serviceID, resp, err := iamClient.GetServiceID(&getServiceIDOptions)
244-
if err != nil || resp == nil {
245-
return fmt.Errorf("[ERROR] Error] Error Getting Service Id %s %s", err, resp)
246-
}
247-
iamID = *serviceID.IamID
248-
}
249208
if v, ok := d.GetOk("iam_id"); ok && v != nil {
250209
iamID = v.(string)
251210
}
@@ -293,10 +252,7 @@ func dataSourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{})
293252
"resources": resources,
294253
"resource_tags": flex.FlattenV2PolicyResourceTags(*policy.Resource),
295254
}
296-
if v, ok := d.GetOk("iam_service_id"); ok && v != nil {
297-
serviceIDUUID := v.(string)
298-
p["id"] = fmt.Sprintf("%s/%s", serviceIDUUID, *policy.ID)
299-
} else if v, ok := d.GetOk("iam_id"); ok && v != nil {
255+
if v, ok := d.GetOk("iam_id"); ok && v != nil {
300256
iamID := v.(string)
301257
p["id"] = fmt.Sprintf("%s/%s", iamID, *policy.ID)
302258
}
@@ -315,10 +271,7 @@ func dataSourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{})
315271
servicePolicies = append(servicePolicies, p)
316272
}
317273

318-
if v, ok := d.GetOk("iam_service_id"); ok && v != nil {
319-
serviceIDUUID := v.(string)
320-
d.SetId(serviceIDUUID)
321-
} else if v, ok := d.GetOk("iam_id"); ok && v != nil {
274+
if v, ok := d.GetOk("iam_id"); ok && v != nil {
322275
iamID := v.(string)
323276
d.SetId(iamID)
324277
}

ibm/service/iampolicy/data_source_ibm_iam_service_policy_test.go

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -131,7 +131,7 @@ resource "ibm_resource_instance" "instance" {
131131
}
132132
133133
resource "ibm_iam_service_policy" "policy" {
134-
iam_service_id = ibm_iam_service_id.serviceID.id
134+
iam_id = ibm_iam_service_id.serviceID.iam_id
135135
roles = ["Manager", "Viewer", "Administrator"]
136136
137137
resources {
@@ -141,7 +141,7 @@ resource "ibm_iam_service_policy" "policy" {
141141
}
142142
143143
data "ibm_iam_service_policy" "testacc_ds_service_policy" {
144-
iam_service_id = ibm_iam_service_policy.policy.iam_service_id
144+
iam_id = ibm_iam_service_policy.policy.iam_id
145145
}`, name, name)
146146

147147
}
@@ -162,7 +162,7 @@ resource "ibm_resource_instance" "instance" {
162162
}
163163
164164
resource "ibm_iam_service_policy" "policy" {
165-
iam_service_id = ibm_iam_service_id.serviceID.id
165+
iam_id = ibm_iam_service_id.serviceID.iam_id
166166
roles = ["Manager", "Viewer", "Administrator"]
167167
168168
resources {
@@ -176,7 +176,7 @@ data "ibm_resource_group" "group" {
176176
}
177177
178178
resource "ibm_iam_service_policy" "policy1" {
179-
iam_service_id = ibm_iam_service_id.serviceID.id
179+
iam_id = ibm_iam_service_id.serviceID.iam_id
180180
roles = ["Viewer"]
181181
182182
resources {
@@ -187,8 +187,8 @@ resource "ibm_iam_service_policy" "policy1" {
187187
188188
189189
data "ibm_iam_service_policy" "testacc_ds_service_policy" {
190-
iam_service_id = ibm_iam_service_policy.policy.iam_service_id
191-
sort = "id"
190+
iam_id = ibm_iam_service_policy.policy.iam_id
191+
sort = "created_at"
192192
}`, name, name)
193193

194194
}
@@ -202,7 +202,7 @@ resource "ibm_iam_service_id" "serviceID" {
202202
}
203203
204204
resource "ibm_iam_service_policy" "policy" {
205-
iam_service_id = ibm_iam_service_id.serviceID.id
205+
iam_id = ibm_iam_service_id.serviceID.iam_id
206206
roles = ["Manager", "Viewer", "Administrator"]
207207
208208
resource_attributes {
@@ -217,7 +217,7 @@ resource "ibm_iam_service_policy" "policy" {
217217
}
218218
219219
data "ibm_iam_service_policy" "testacc_ds_service_policy" {
220-
iam_service_id = ibm_iam_service_policy.policy.iam_service_id
220+
iam_id = ibm_iam_service_policy.policy.iam_id
221221
}`, name)
222222

223223
}
@@ -232,7 +232,7 @@ func testAccCheckIBMIAMServicePolicyDataSourceTimeBasedWeekly(name string) strin
232232
}
233233
234234
resource "ibm_iam_service_policy" "policy" {
235-
iam_service_id = ibm_iam_service_id.serviceID.id
235+
iam_id = ibm_iam_service_id.serviceID.iam_id
236236
roles = ["Viewer"]
237237
resources {
238238
service = "kms"
@@ -246,7 +246,7 @@ func testAccCheckIBMIAMServicePolicyDataSourceTimeBasedWeekly(name string) strin
246246
}
247247
248248
data "ibm_iam_service_policy" "testacc_ds_service_policy" {
249-
iam_service_id = ibm_iam_service_policy.policy.iam_service_id
249+
iam_id = ibm_iam_service_policy.policy.iam_id
250250
}
251251
`, name)
252252
}
@@ -261,7 +261,7 @@ func testAccCheckIBMIAMServicePolicyDataSourceTimeBasedCustom(name string) strin
261261
}
262262
263263
resource "ibm_iam_service_policy" "policy" {
264-
iam_service_id = ibm_iam_service_id.serviceID.id
264+
iam_id = ibm_iam_service_id.serviceID.iam_id
265265
roles = ["Viewer"]
266266
resources {
267267
service = "kms"
@@ -286,7 +286,7 @@ func testAccCheckIBMIAMServicePolicyDataSourceTimeBasedCustom(name string) strin
286286
}
287287
288288
data "ibm_iam_service_policy" "testacc_ds_service_policy" {
289-
iam_service_id = ibm_iam_service_policy.policy.iam_service_id
289+
iam_id = ibm_iam_service_policy.policy.iam_id
290290
}
291291
`, name)
292292
}
@@ -301,7 +301,7 @@ func testAccCheckIBMIAMServicePolicyDataSourceServiceGroupID(name string) string
301301
}
302302
303303
resource "ibm_iam_service_policy" "policy" {
304-
iam_service_id = ibm_iam_service_id.serviceID.id
304+
iam_id = ibm_iam_service_id.serviceID.iam_id
305305
roles = ["Viewer"]
306306
resources {
307307
service_group_id = "IAM"
@@ -326,7 +326,7 @@ func testAccCheckIBMIAMServicePolicyDataSourceServiceGroupID(name string) string
326326
}
327327
328328
data "ibm_iam_service_policy" "testacc_ds_service_policy" {
329-
iam_service_id = ibm_iam_service_policy.policy.iam_service_id
329+
iam_id = ibm_iam_service_policy.policy.iam_id
330330
}
331331
`, name)
332332
}

ibm/service/iampolicy/data_source_ibm_iam_trusted_profile_policy.go

Lines changed: 5 additions & 53 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,9 @@ import (
88

99
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
1010
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
11-
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate"
1211
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
1312

1413
"github.com/IBM/go-sdk-core/v5/core"
15-
"github.com/IBM/platform-services-go-sdk/iamidentityv1"
1614
"github.com/IBM/platform-services-go-sdk/iampolicymanagementv1"
1715
)
1816

@@ -22,19 +20,10 @@ func DataSourceIBMIAMTrustedProfilePolicy() *schema.Resource {
2220
Read: dataSourceIBMIAMTrustedProfilePolicyRead,
2321

2422
Schema: map[string]*schema.Schema{
25-
"profile_id": {
26-
Type: schema.TypeString,
27-
Optional: true,
28-
ExactlyOneOf: []string{"profile_id", "iam_id"},
29-
Description: "UUID of trusted profile",
30-
ValidateFunc: validate.InvokeDataSourceValidator("ibm_iam_trusted_profile_policy",
31-
"profile_id"),
32-
},
3323
"iam_id": {
34-
Type: schema.TypeString,
35-
Optional: true,
36-
ExactlyOneOf: []string{"profile_id", "iam_id"},
37-
Description: "IAM ID of trusted profile",
24+
Type: schema.TypeString,
25+
Required: true,
26+
Description: "IAM ID of trusted profile",
3827
},
3928
"sort": {
4029
Description: "Sort query for policies",
@@ -251,40 +240,9 @@ func DataSourceIBMIAMTrustedProfilePolicy() *schema.Resource {
251240
}
252241
}
253242

254-
func DataSourceIBMIAMTrustedProfilePolicyValidator() *validate.ResourceValidator {
255-
validateSchema := make([]validate.ValidateSchema, 0)
256-
validateSchema = append(validateSchema,
257-
validate.ValidateSchema{
258-
Identifier: "profile_id",
259-
ValidateFunctionIdentifier: validate.ValidateCloudData,
260-
Type: validate.TypeString,
261-
CloudDataType: "iam",
262-
CloudDataRange: []string{"service:trusted_profile", "resolved_to:id"},
263-
Required: true})
264-
265-
iBMIAMTrustedProfilePolicyValidator := validate.ResourceValidator{ResourceName: "ibm_iam_trusted_profile_policy", Schema: validateSchema}
266-
return &iBMIAMTrustedProfilePolicyValidator
267-
}
268-
269243
func dataSourceIBMIAMTrustedProfilePolicyRead(d *schema.ResourceData, meta interface{}) error {
270244

271245
var iamID string
272-
if v, ok := d.GetOk("profile_id"); ok && v != nil {
273-
274-
profileUUID := v.(string)
275-
iamClient, err := meta.(conns.ClientSession).IAMIdentityV1API()
276-
if err != nil {
277-
return err
278-
}
279-
getprofileOptions := iamidentityv1.GetProfileOptions{
280-
ProfileID: &profileUUID,
281-
}
282-
profile, resp, err := iamClient.GetProfile(&getprofileOptions)
283-
if err != nil {
284-
return fmt.Errorf("[ERROR] Error getting profile ID %s %s", err, resp)
285-
}
286-
iamID = *profile.IamID
287-
}
288246
if v, ok := d.GetOk("iam_id"); ok && v != nil {
289247
iamID = v.(string)
290248
}
@@ -332,10 +290,7 @@ func dataSourceIBMIAMTrustedProfilePolicyRead(d *schema.ResourceData, meta inter
332290
"resources": resources,
333291
"resource_tags": flex.FlattenV2PolicyResourceTags(*policy.Resource),
334292
}
335-
if v, ok := d.GetOk("profile_id"); ok && v != nil {
336-
profileUUID := v.(string)
337-
p["id"] = fmt.Sprintf("%s/%s", profileUUID, *policy.ID)
338-
} else if v, ok := d.GetOk("iam_id"); ok && v != nil {
293+
if v, ok := d.GetOk("iam_id"); ok && v != nil {
339294
iamID := v.(string)
340295
p["id"] = fmt.Sprintf("%s/%s", iamID, *policy.ID)
341296
}
@@ -358,10 +313,7 @@ func dataSourceIBMIAMTrustedProfilePolicyRead(d *schema.ResourceData, meta inter
358313
profilePolicies = append(profilePolicies, p)
359314
}
360315

361-
if v, ok := d.GetOk("profile_id"); ok && v != nil {
362-
profileUUID := v.(string)
363-
d.SetId(profileUUID)
364-
} else if v, ok := d.GetOk("iam_id"); ok && v != nil {
316+
if v, ok := d.GetOk("iam_id"); ok && v != nil {
365317
iamID := v.(string)
366318
d.SetId(iamID)
367319
}

0 commit comments

Comments
 (0)