feat(LH-69477): Add user and user_api_token resources

client/client.go

@@ -4,10 +4,12 @@ package client
 
 import (
 	"context"
+	"net/http"
+
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/connector"
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/device/asa/asaconfig"
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/device/genericssh"
-	"net/http"
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/user"
 
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/device"
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/device/ios"
@@ -120,3 +122,31 @@ func (c *Client) UpdateGenericSSH(ctx context.Context, inp genericssh.UpdateInpu
 func (c *Client) DeleteGenericSSH(ctx context.Context, inp genericssh.DeleteInput) (*genericssh.DeleteOutput, error) {
 	return genericssh.Delete(ctx, c.client, inp)
 }
+
+func (c *Client) ReadUserByUsername(ctx context.Context, inp user.ReadByUsernameInput) (*user.UserDetails, error) {
+	return user.ReadByUsername(ctx, c.client, inp)
+}
+
+func (c *Client) ReadUserByUid(ctx context.Context, inp user.ReadByUidInput) (*user.UserDetails, error) {
+	return user.ReadByUid(ctx, c.client, inp)
+}
+
+func (c *Client) CreateUser(ctx context.Context, inp user.CreateUserInput) (*user.UserDetails, error) {
+	return user.Create(ctx, c.client, inp)
+}
+
+func (c *Client) DeleteUser(ctx context.Context, inp user.DeleteUserInput) (*user.DeleteUserOutput, error) {
+	return user.Delete(ctx, c.client, inp)
+}
+
+func (c *Client) UpdateUser(ctx context.Context, inp user.UpdateUserInput) (*user.UserDetails, error) {
+	return user.Update(ctx, c.client, inp)
+}
+
+func (c *Client) GenerateApiToken(ctx context.Context, inp user.GenerateApiTokenInput) (*user.ApiTokenResponse, error) {
+	return user.GenerateApiToken(ctx, c.client, inp)
+}
+
+func (c *Client) RevokeApiToken(ctx context.Context, inp user.RevokeApiTokenInput) (*user.RevokeApiTokenOutput, error) {
+	return user.RevokeApiToken(ctx, c.client, inp)
+}

client/internal/http/request.go

@@ -55,7 +55,7 @@ func NewRequest(config cdo.Config, httpClient *http.Client, logger *log.Logger,
 func (r *Request) Send(output any) error {
 	err := retry.Do(func() (bool, error) {
 
-		err := r.send(output)
+		err := r.send(output, "application/json")
 		if err != nil {
 			return false, err
 		}
@@ -72,13 +72,33 @@ func (r *Request) Send(output any) error {
 	return err
 }
 
-func (r *Request) send(output any) error {
+func (r *Request) SendFormUrlEncoded(output any) error {
+	err := retry.Do(func() (bool, error) {
+
+		err := r.send(output, "application/x-www-form-urlencoded")
+		if err != nil {
+			return false, err
+		}
+		return true, nil
+
+	}, *retry.NewOptions(
+		r.logger,
+		r.config.Timeout,
+		r.config.Delay,
+		r.config.Retries,
+		false,
+	))
+
+	return err
+}
+
+func (r *Request) send(output any, contentType string) error {
 	// clear prev response
 	r.Response = nil
 	r.Error = nil
 
 	// build net/http.Request
-	req, err := r.build()
+	req, err := r.build(contentType)
 	if err != nil {
 		r.Error = err
 		return err
@@ -124,7 +144,7 @@ func (r *Request) send(output any) error {
 }
 
 // build the net/http.Request
-func (r *Request) build() (*http.Request, error) {
+func (r *Request) build(contentType string) (*http.Request, error) {
 
 	bodyReader, err := toReader(r.body)
 	if err != nil {
@@ -139,12 +159,16 @@ func (r *Request) build() (*http.Request, error) {
 		req = req.WithContext(r.ctx)
 	}
 	r.addAuthHeader(req)
+	r.addContentTypeHeader(req, contentType)
 	return req, nil
 }
 
 func (r *Request) addAuthHeader(req *http.Request) {
 	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", r.config.ApiToken))
-	req.Header.Add("Content-Type", "application/json")
+}
+
+func (r *Request) addContentTypeHeader(req *http.Request, contentType string) {
+	req.Header.Add("Content-Type", contentType)
 }
 
 // toReader try to convert anything to io.Reader.

client/internal/url/url.go

@@ -3,6 +3,7 @@ package url
 
 import (
 	"fmt"
+
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/model/devicetype"
 )
 
@@ -76,3 +77,23 @@ func ReadSmartLicense(baseUrl string) string {
 func ReadAccessPolicies(baseUrl string, domainUid string, limit int) string {
 	return fmt.Sprintf("%s/fmc/api/fmc_config/v1/domain/%s/policy/accesspolicies?limit=%d", baseUrl, domainUid, limit)
 }
+
+func CreateUser(baseUrl string, username string) string {
+	return fmt.Sprintf("%s/anubis/rest/v1/users/%s", baseUrl, username)
+}
+
+func ReadUserByUsername(baseUrl string, username string) string {
+	return fmt.Sprintf("%s/anubis/rest/v1/users?q=name:%s", baseUrl, username)
+}
+
+func UserByUid(baseUrl string, uid string) string {
+	return fmt.Sprintf("%s/anubis/rest/v1/users/%s", baseUrl, uid)
+}
+
+func GenerateApiToken(baseUrl string, username string) string {
+	return fmt.Sprintf("%s/anubis/rest/v1/oauth/token/%s", baseUrl, username)
+}
+
+func RevokeApiToken(baseUrl string, tokenId string) string {
+	return fmt.Sprintf("%s/anubis/rest/v1/oauth/revoke/%s", baseUrl, tokenId)
+}

client/user/create.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/internal/http"
+)
+
+func Create(ctx context.Context, client http.Client, createInp CreateUserInput) (*UserDetails, error) {
+	client.Logger.Println(fmt.Sprintf("Creating user %s", createInp.Username))
+	req := NewCreateRequest(ctx, client, createInp)
+
+	var outp UserTenantAssociation
+	if err := req.SendFormUrlEncoded(&outp); err != nil {
+		return nil, err
+	}
+
+	// the user creation endpoint annoyingly returns an association, so we need to make a read request to get the actual user
+	readReq := NewReadByUidRequest(ctx, client, outp.Source.Uid)
+	var readOutp UserDetails
+	if readErr := readReq.Send(&readOutp); readErr != nil {
+		return nil, readErr
+	}
+
+	return &readOutp, nil
+}

client/user/create_test.go

@@ -0,0 +1,89 @@
+package user_test
+
+import (
+	"context"
+	"fmt"
+	netHttp "net/http"
+	"testing"
+	"time"
+
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/internal/http"
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/user"
+	"github.com/jarcoal/httpmock"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreate(t *testing.T) {
+	httpmock.Activate()
+	defer httpmock.DeactivateAndReset()
+
+	validUserTenantAssociation := user.UserTenantAssociation{
+		Uid: "association-uuid",
+		Source: user.Association{
+			Uid:       "sample-uuid",
+			Namespace: "systemdb",
+			Type:      "users",
+		},
+	}
+
+	t.Run("successfully create user", func(t *testing.T) {
+		httpmock.Reset()
+		expected := user.UserDetails{
+			Name:        "[email protected]",
+			ApiOnlyUser: false,
+			UserRoles:   []string{"ROLE_SUPER_ADMIN"},
+		}
+
+		httpmock.RegisterResponder(
+			netHttp.MethodPost,
+			fmt.Sprintf("/anubis/rest/v1/users/%s", expected.Name),
+			httpmock.NewJsonResponderOrPanic(200, validUserTenantAssociation),
+		)
+		httpmock.RegisterResponder(
+			netHttp.MethodGet,
+			"/anubis/rest/v1/users/"+validUserTenantAssociation.Source.Uid,
+			httpmock.NewJsonResponderOrPanic(200, expected),
+		)
+
+		actual, err := user.Create(context.Background(), *http.MustNewWithConfig(baseUrl, "valid_token", 0, 0, time.Minute), *user.NewCreateUserInput(expected.Name, expected.UserRoles[0], expected.ApiOnlyUser))
+
+		assert.NotNil(t, actual, "User details returned must not be nil")
+		assert.Equal(t, expected, *actual, "Actual user details do not match expected")
+		assert.Nil(t, err, "error should be nil")
+	})
+
+	t.Run("should error if failed to create user", func(t *testing.T) {
+		username := "[email protected]"
+		apiOnlyUser := false
+		userRoles := []string{"ROLE_READ_ONLY"}
+		httpmock.RegisterResponder(
+			netHttp.MethodPost,
+			fmt.Sprintf("/anubis/rest/v1/users/%s", username),
+			httpmock.NewJsonResponderOrPanic(500, nil),
+		)
+
+		actual, err := user.Create(context.Background(), *http.MustNewWithConfig(baseUrl, "valid_token", 0, 0, time.Minute), *user.NewCreateUserInput(username, userRoles[0], apiOnlyUser))
+		assert.Nil(t, actual, "Expected actual user not to be created")
+		assert.NotNil(t, err, "Expected error")
+	})
+
+	t.Run("should error if failed to read user details after creation", func(t *testing.T) {
+		username := "[email protected]"
+		apiOnlyUser := false
+		userRoles := []string{"ROLE_READ_ONLY"}
+		httpmock.RegisterResponder(
+			netHttp.MethodPost,
+			fmt.Sprintf("/anubis/rest/v1/users/%s", username),
+			httpmock.NewJsonResponderOrPanic(200, validUserTenantAssociation),
+		)
+		httpmock.RegisterResponder(
+			netHttp.MethodGet,
+			"/anubis/rest/v1/users/"+validUserTenantAssociation.Source.Uid,
+			httpmock.NewJsonResponderOrPanic(500, nil),
+		)
+
+		actual, err := user.Create(context.Background(), *http.MustNewWithConfig(baseUrl, "valid_token", 0, 0, time.Minute), *user.NewCreateUserInput(username, userRoles[0], apiOnlyUser))
+		assert.Nil(t, actual, "Expected actual user not to be created")
+		assert.NotNil(t, err, "Expected error")
+	})
+}

client/user/delete.go

@@ -0,0 +1,22 @@
+package user
+
+import (
+	"context"
+
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/internal/http"
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/internal/url"
+)
+
+func Delete(ctx context.Context, client http.Client, deleteInp DeleteUserInput) (*DeleteUserOutput, error) {
+
+	url := url.UserByUid(client.BaseUrl(), deleteInp.Uid)
+
+	req := client.NewDelete(ctx, url)
+
+	var deleteOutp DeleteUserOutput
+	if err := req.Send(&deleteOutp); err != nil {
+		return nil, err
+	}
+
+	return &deleteOutp, nil
+}

client/user/delete_test.go

@@ -0,0 +1,49 @@
+package user_test
+
+import (
+	"context"
+	netHttp "net/http"
+	"testing"
+	"time"
+
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/internal/http"
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/user"
+	"github.com/jarcoal/httpmock"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDelete(t *testing.T) {
+	httpmock.Activate()
+	defer httpmock.DeactivateAndReset()
+
+	t.Run("Should delete a user", func(t *testing.T) {
+		httpmock.Reset()
+		uid := "sample-user-uid"
+		httpmock.RegisterResponder(
+			netHttp.MethodDelete,
+			"/anubis/rest/v1/users/"+uid,
+			httpmock.NewJsonResponderOrPanic(200, nil),
+		)
+		deleteOutput, err := user.Delete(context.Background(), *http.MustNewWithConfig(baseUrl, "valid_token", 0, 0, time.Minute), user.DeleteUserInput{
+			Uid: uid,
+		})
+		assert.NotNil(t, deleteOutput, "Delete output should not be nil")
+		assert.Nil(t, err, "error should be nil")
+	})
+
+	t.Run("Should error if deletion of a user fails", func(t *testing.T) {
+		httpmock.Reset()
+		uid := "sample-user-uid"
+		httpmock.RegisterResponder(
+			netHttp.MethodDelete,
+			"/anubis/rest/v1/users/"+uid,
+			httpmock.NewJsonResponderOrPanic(500, nil),
+		)
+
+		deleteOutput, err := user.Delete(context.Background(), *http.MustNewWithConfig(baseUrl, "valid_token", 0, 0, time.Minute), user.DeleteUserInput{
+			Uid: uid,
+		})
+		assert.Nil(t, deleteOutput, "Delete output should be nil")
+		assert.NotNil(t, err, "error should not be nil")
+	})
+}

client/user/fixtures_test.go

@@ -0,0 +1,12 @@
+package user_test
+
+const (
+	tenantUid    = "99999999-9999-9999-9999-999999999999"
+	tenantName   = "test-tenant-name"
+	accessToken  = "test-access-token"
+	refreshToken = "test-refresh-token"
+	tokenType    = "test-token-type"
+	scope        = "test-scope"
+	baseUrl      = "https://unittest.cdo.cisco.com"
+	host         = "unittest.cdo.cisco.com"
+)

client/user/generate_api_token.go

@@ -0,0 +1,20 @@
+package user
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/internal/http"
+)
+
+func GenerateApiToken(ctx context.Context, client http.Client, generateApiTokenInp GenerateApiTokenInput) (*ApiTokenResponse, error) {
+	client.Logger.Println(fmt.Sprintf("Generating API token for user %s", generateApiTokenInp.Name))
+	req := NewGenerateApiTokenRequest(ctx, client, generateApiTokenInp)
+
+	var outp ApiTokenResponse
+	if err := req.Send(&outp); err != nil {
+		return nil, err
+	}
+
+	return &outp, nil
+}