add data source

Author: psauvage0

ovh/data_me_identity_provider.go

@@ -0,0 +1,105 @@
+package ovh
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceMeIdentityProvider() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceMeIdentityProviderRead,
+
+		Schema: map[string]*schema.Schema{
+			"group_attribute_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"requested_attributes": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"is_required": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"name_format": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"values": {
+							Type: schema.TypeList,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+							Computed: true,
+						},
+					},
+				},
+			},
+			"idp_signing_certificates": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"expiration": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"subject": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"sso_service_url": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"user_attribute_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"disable_users": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"creation": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"last_update": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceMeIdentityProviderRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	config := meta.(*Config)
+
+	providerConfDetails := &MeIdentityProviderResponse{}
+	if err := config.OVHClient.GetWithContext(ctx, "/me/identity/provider", providerConfDetails); err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId("ovh_sso")
+	d.Set("group_attribute_name", providerConfDetails.GroupAttributeName)
+	d.Set("disable_users", providerConfDetails.DisableUsers)
+	d.Set("requested_attributes", requestedAttributesToMapList(providerConfDetails.Extensions.RequestedAttributes))
+	d.Set("idp_signing_certificates", idpSigningCertificatesToMapList(providerConfDetails.IdpSigningCertificates))
+	d.Set("sso_service_url", providerConfDetails.SsoServiceUrl)
+	d.Set("user_attribute_name", providerConfDetails.UserAttributeName)
+	d.Set("creation", providerConfDetails.Creation)
+	d.Set("last_update", providerConfDetails.LastUpdate)
+
+	return nil
+}

ovh/data_me_identity_provider_test.go

@@ -0,0 +1,125 @@
+package ovh
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccMeIdentityProviderDataSource_basic(t *testing.T) {
+	groupAttributeName := "http://schemas.xmlsoap.org/claims/Group"
+	disableUsers := "false"
+	reqAttributeRequired := "false"
+	reqAttributeName := "identity"
+	reqAttributeNameFormat := "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+	reqAttributeValue := "foobar"
+
+	preSetup := fmt.Sprintf(
+		testAccMeIdentityProviderDataSourceConfig_preSetup,
+		groupAttributeName,
+		samlIDPMetadata,
+		disableUsers,
+		reqAttributeRequired,
+		reqAttributeName,
+		reqAttributeNameFormat,
+		reqAttributeValue,
+	)
+	config := fmt.Sprintf(
+		testAccMeIdentityProviderDataSourceConfig_keys,
+		groupAttributeName,
+		samlIDPMetadata,
+		disableUsers,
+		reqAttributeRequired,
+		reqAttributeName,
+		reqAttributeNameFormat,
+		reqAttributeValue,
+	)
+
+	userAttributeName := "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
+	ssoServiceUrl := "https://ovhcloud.com/"
+	certificateExpiration := "2033-11-06T10:06:24Z"
+	certificateSubject := "CN=ovhcloud.com,O=OVHcloud,L=RBX,ST=Some-State,C=FR"
+
+	requestedAttributes := map[string]string{
+		"is_required": reqAttributeRequired,
+		"name":        reqAttributeName,
+		"name_format": reqAttributeNameFormat,
+		"values":      reqAttributeValue,
+	}
+
+	checks := checkIdentityProviderResourceAttr("ovh_me_identity_provider.sso", groupAttributeName, disableUsers, samlIDPMetadata, requestedAttributes)
+	dataSourceChecks := checkIdentityProviderDataSourceAttr("data.ovh_me_identity_provider.sso", groupAttributeName, userAttributeName, ssoServiceUrl, disableUsers, certificateExpiration, certificateSubject, requestedAttributes)
+	dataSourceChecks = append(dataSourceChecks, resource.TestCheckOutput("keys_present", "true"))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheckCredentials(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: preSetup,
+				Check:  resource.ComposeTestCheckFunc(checks...),
+			}, {
+				Config: config,
+				Check:  resource.ComposeTestCheckFunc(dataSourceChecks...),
+			},
+		},
+	})
+}
+
+func checkIdentityProviderDataSourceAttr(name, group_attribute, user_attribute, sso_service_url, disable_users, certificateExpiration, certificateSubject string, requestedAttributes map[string]string) []resource.TestCheckFunc {
+	checks := []resource.TestCheckFunc{}
+	checks = append(checks, resource.TestCheckResourceAttr(name, "group_attribute_name", group_attribute))
+	checks = append(checks, resource.TestCheckResourceAttr(name, "user_attribute_name", user_attribute))
+	checks = append(checks, resource.TestCheckResourceAttr(name, "sso_service_url", sso_service_url))
+	checks = append(checks, resource.TestCheckResourceAttr(name, "disable_users", disable_users))
+	checks = append(checks, resource.TestCheckResourceAttr(name, "idp_signing_certificates.0.expiration", certificateExpiration))
+	checks = append(checks, resource.TestCheckResourceAttr(name, "idp_signing_certificates.0.subject", certificateSubject))
+	if requestedAttributes != nil {
+		checks = append(checks, resource.TestCheckResourceAttr(name, "requested_attributes.0.is_required", requestedAttributes["is_required"]))
+		checks = append(checks, resource.TestCheckResourceAttr(name, "requested_attributes.0.name", requestedAttributes["name"]))
+		checks = append(checks, resource.TestCheckResourceAttr(name, "requested_attributes.0.name_format", requestedAttributes["name_format"]))
+		checks = append(checks, resource.TestCheckResourceAttr(name, "requested_attributes.0.values.0", requestedAttributes["values"]))
+	}
+	return checks
+}
+
+const testAccMeIdentityProviderDataSourceConfig_preSetup = `
+resource "ovh_me_identity_provider" "sso" {
+    group_attribute_name = "%s"
+	metadata = <<EOT
+%s
+EOT
+    disable_users = %s
+    requested_attributes {
+      is_required = %s
+      name = "%s"
+      name_format = "%s"
+      values = ["%s"]
+    }
+}`
+
+const testAccMeIdentityProviderDataSourceConfig_keys = `
+resource "ovh_me_identity_provider" "sso" {
+    group_attribute_name = "%s"
+	metadata = <<EOT
+%s
+EOT
+    disable_users = %s
+    requested_attributes {
+      is_required = %s
+      name = "%s"
+      name_format = "%s"
+      values = ["%s"]
+    }
+}
+
+data "ovh_me_identity_provider" "sso" {}
+
+output "keys_present" {
+	value = tostring(
+		data.ovh_me_identity_provider.sso.group_attribute_name == ovh_me_identity_provider.sso.group_attribute_name &&
+		data.ovh_me_identity_provider.sso.requested_attributes.0.name == ovh_me_identity_provider.sso.requested_attributes.0.name
+	)
+}
+`

ovh/provider.go

@@ -124,6 +124,7 @@ func Provider() *schema.Provider {
 			"ovh_me_api_oauth2_clients":                               dataSourceMeApiOauth2Clients(),
 			"ovh_me_identity_group":                                   dataSourceMeIdentityGroup(),
 			"ovh_me_identity_groups":                                  dataSourceMeIdentityGroups(),
+			"ovh_me_identity_provider":                                dataSourceMeIdentityProvider(),
 			"ovh_me_identity_user":                                    dataSourceMeIdentityUser(),
 			"ovh_me_identity_users":                                   dataSourceMeIdentityUsers(),
 			"ovh_me_installation_template":                            dataSourceMeInstallationTemplate(),

ovh/types_me.go

@@ -351,3 +351,14 @@ func requestedAttributesToMapList(attributes []MeIdentityProviderAttribute) []ma
 	return requestedAttributes
 }
 
+// idpSigningCertificatesToMapList transforms an array of MeIdentityProviderIDPCertificates to an array of map
+func idpSigningCertificatesToMapList(idpSigningCertificates []MeIdentityProviderIDPCertificates) []map[string]interface{} {
+	certificates := []map[string]interface{}{}
+	for _, v := range idpSigningCertificates {
+		certificates = append(certificates, map[string]interface{}{
+			"expiration": v.Expiration,
+			"subject":    v.Subject,
+		})
+	}
+	return certificates
+}