feat: [CCM-19505]: Terraform Support for Governance Rule Sets (#1075)

* feat: [CCM-19505]: Terraform Support for Governance Rule Sets * feat: [CCM-19505]: Terraform Support for Governance Rule Sets * feat: [CCM-19505]: Terraform Support for Governance Rule Sets * feat: [CCM-19505]: Lint * feat: [CCM-19505]: Terraform Support for Governance Rule Sets * feat: [CCM-19505]: Terraform Support for Governance Rule Sets
harness · Oct 8, 2024 · 7d78977 · 7d78977
1 parent ff81fff
commit 7d78977
Show file tree

Hide file tree

Showing 10 changed files with 460 additions and 3 deletions.
diff --git a/.changelog/1075.txt b/.changelog/1075.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+harness_governance_rule_set - Added Governance Rule Set resource in Harness terraform provider
+```
diff --git a/docs/data-sources/governance_rule_set.md b/docs/data-sources/governance_rule_set.md
@@ -0,0 +1,28 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "harness_governance_rule_set Data Source - terraform-provider-harness"
+subcategory: "Next Gen"
+description: |-
+  Datasource for looking up a rule.
+---
+
+# harness_governance_rule_set (Data Source)
+
+Datasource for looking up a rule.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `rule_set_id` (String) Id of rule set.
+
+### Read-Only
+
+- `cloud_provider` (String) The cloud provider for the rule set.
+- `description` (String) Description for rule set.
+- `id` (String) The ID of this resource.
+- `name` (String) Name of the rule set.
+- `rule_ids` (List of String) List of target regions.
diff --git a/docs/resources/governance_rule_set.md b/docs/resources/governance_rule_set.md
@@ -0,0 +1,31 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "harness_governance_rule_set Resource - terraform-provider-harness"
+subcategory: "Next Gen"
+description: |-
+  Resource for creating, updating, and managing rule.
+---
+
+# harness_governance_rule_set (Resource)
+
+Resource for creating, updating, and managing rule.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cloud_provider` (String) The cloud provider for the rule set. It should be either AWS, AZURE or GCP.
+- `name` (String) Name of the rule set.
+- `rule_ids` (List of String) List of rule IDs
+
+### Optional
+
+- `description` (String) Description for rule set.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `rule_set_id` (String) Id of the rule.
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/antihax/optional v1.0.0
 	github.com/aws/aws-sdk-go v1.46.4
 	github.com/docker/docker v24.0.5+incompatible
-	github.com/harness/harness-go-sdk v0.4.9
+	github.com/harness/harness-go-sdk v0.4.10
 	github.com/harness/harness-openapi-go-client v0.0.21
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320

diff --git a/go.sum b/go.sum
@@ -54,8 +54,8 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/harness/harness-go-sdk v0.4.9 h1:dNx0GrAfT4X8UMxYTvL1sp66jeJeN1v8lgjMLBItWI4=
-github.com/harness/harness-go-sdk v0.4.9/go.mod h1:a/1HYTgVEuNEoh3Z3IsOHZdlUNxl94KcX57ZSNVGll0=
+github.com/harness/harness-go-sdk v0.4.10 h1:iRpsG35I1bZ618FOHnAMKG7FBfiEpTGPyLz0mICsuAU=
+github.com/harness/harness-go-sdk v0.4.10/go.mod h1:a/1HYTgVEuNEoh3Z3IsOHZdlUNxl94KcX57ZSNVGll0=
 github.com/harness/harness-openapi-go-client v0.0.21 h1:VtJnpQKZvCAlaCmUPbNR69OT3c5WRdhNN5TOgUwtwZ4=
 github.com/harness/harness-openapi-go-client v0.0.21/go.mod h1:u0vqYb994BJGotmEwJevF4L3BNAdU9i8ui2d22gmLPA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -10,6 +10,7 @@ import (
 	"github.com/harness/terraform-provider-harness/internal/service/platform/gitx/webhook"
 	governance_enforcement "github.com/harness/terraform-provider-harness/internal/service/platform/governance/enforcement"
 	governance_rule "github.com/harness/terraform-provider-harness/internal/service/platform/governance/rule"
+	governance_rule_set "github.com/harness/terraform-provider-harness/internal/service/platform/governance/rule_set"
 	"github.com/harness/terraform-provider-harness/internal/service/platform/notification_rule"
 
 	"github.com/harness/terraform-provider-harness/internal/service/platform/feature_flag"
@@ -284,6 +285,7 @@ func Provider(version string) func() *schema.Provider {
 				"harness_platform_gitx_webhook":                    webhook.DataSourceWebhook(),
 				"harness_governance_rule_enforcement":              governance_enforcement.DatasourceRuleEnforcement(),
 				"harness_governance_rule":                          governance_rule.DatasourceRule(),
+				"harness_governance_rule_set":                      governance_rule_set.DatasourceRuleSet(),
 			},
 			ResourcesMap: map[string]*schema.Resource{
 				"harness_platform_template":                        pl_template.ResourceTemplate(),
@@ -428,6 +430,7 @@ func Provider(version string) func() *schema.Provider {
 				"harness_platform_gitx_webhook":                    webhook.ResourceWebhook(),
 				"harness_governance_rule_enforcement":              governance_enforcement.ResourceRuleEnforcement(),
 				"harness_governance_rule":                          governance_rule.ResourceRule(),
+				"harness_governance_rule_set":                      governance_rule_set.ResourceRuleSet(),
 			},
 		}
 

diff --git a/internal/service/platform/governance/rule_set/rule_set.go b/internal/service/platform/governance/rule_set/rule_set.go
@@ -0,0 +1,176 @@
+package governance_rule_set
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/harness/harness-go-sdk/harness/nextgen"
+	"github.com/harness/terraform-provider-harness/helpers"
+	"github.com/harness/terraform-provider-harness/internal"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
+
+func ResourceRuleSet() *schema.Resource {
+	resource := &schema.Resource{
+		Description:   "Resource for creating, updating, and managing rule.",
+		ReadContext:   resourceRuleSetRead,
+		CreateContext: resourceRuleSetCreateOrUpdate,
+		UpdateContext: resourceRuleSetCreateOrUpdate,
+		DeleteContext: resourceRuleDelete,
+		Importer:      helpers.AccountLevelResourceImporter,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Description: "Name of the rule set.",
+				Type:        schema.TypeString,
+				Required:    true,
+			},
+			"description": {
+				Description: "Description for rule set.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			"cloud_provider": {
+				Description:  "The cloud provider for the rule set. It should be either AWS, AZURE or GCP.",
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringInSlice([]string{"AWS", "GCP", "AZURE"}, false),
+			},
+			"rule_ids": {
+				Description: "List of rule IDs",
+				Type:        schema.TypeList,
+				Required:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"rule_set_id": {
+				Description: "Id of the rule.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+		},
+	}
+
+	return resource
+}
+
+func resourceRuleSetRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	c, ctx := meta.(*internal.Session).GetPlatformClientWithContext(ctx)
+
+	id := d.Id()
+	resp, httpResp, err := c.RuleSetsApi.ListRuleSets(ctx, readRuleSetRequest(id), c.AccountId)
+
+	if err != nil {
+		return helpers.HandleReadApiError(err, d, httpResp)
+	}
+
+	if resp.Data != nil {
+		err := readRuleSetResponse(d, resp.Data)
+		if err != nil {
+			return helpers.HandleReadApiError(err, d, httpResp)
+		}
+	}
+
+	return nil
+}
+
+func readRuleSetRequest(id string) nextgen.CreateRuleSetFilterDto {
+	return nextgen.CreateRuleSetFilterDto{
+		RuleSet: &nextgen.RuleSetRequest{
+			RuleSetIds: []string{id},
+		},
+	}
+}
+
+func readRuleSetResponse(d *schema.ResourceData, ruleSetsList *nextgen.RuleSetList) error {
+	ruleSet := ruleSetsList.RuleSet[0]
+
+	d.Set("name", ruleSet.Name)
+	d.Set("cloud_provider", ruleSet.CloudProvider)
+	d.Set("description", ruleSet.Description)
+	d.Set("rule_ids", ruleSet.RulesIdentifier)
+
+	return nil
+}
+
+func resourceRuleSetCreateOrUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	c, ctx := meta.(*internal.Session).GetPlatformClientWithContext(ctx)
+
+	var err error
+	var resp nextgen.ResponseDtoRuleSet
+	var httpResp *http.Response
+
+	id := d.Id()
+
+	if id == "" {
+		resp, httpResp, err = c.RuleSetsApi.AddRuleSet(ctx, buildRuleSet(d, false), c.AccountId)
+	} else {
+		resp, httpResp, err = c.RuleSetsApi.UpdateRuleSet(ctx, buildRuleSet(d, true), c.AccountId)
+	}
+
+	if err != nil {
+		return helpers.HandleApiError(err, d, httpResp)
+	}
+
+	if resp.Data != nil {
+		createOrUpdateRuleSetResponse(d, resp.Data)
+	}
+
+	return nil
+}
+
+func buildRuleSet(d *schema.ResourceData, update bool) nextgen.CreateRuleSetDto {
+	ruleSet := &nextgen.RuleSet{
+		Name:            d.Get("name").(string),
+		CloudProvider:   d.Get("cloud_provider").(string),
+		Description:     d.Get("description").(string),
+		RulesIdentifier: expandStringList(d.Get("rule_ids").([]interface{})),
+		IsOOTB:          false,
+	}
+
+	if update {
+		ruleSet.Uuid = d.Id()
+	}
+
+	return nextgen.CreateRuleSetDto{
+		RuleSet: ruleSet,
+	}
+}
+
+func createOrUpdateRuleSetResponse(d *schema.ResourceData, ruleSet *nextgen.RuleSet) error {
+	d.SetId(ruleSet.Uuid)
+	d.Set("rule_set_id", ruleSet.Uuid)
+	d.Set("name", ruleSet.Name)
+	d.Set("cloud_provider", ruleSet.CloudProvider)
+	d.Set("description", ruleSet.Description)
+	d.Set("rule_ids", ruleSet.RulesIdentifier)
+
+	return nil
+}
+
+func resourceRuleDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	c, ctx := meta.(*internal.Session).GetPlatformClientWithContext(ctx)
+
+	id := d.Id()
+
+	_, httpResp, err := c.RuleSetsApi.DeleteRuleSet(ctx, c.AccountId, id)
+
+	if err != nil {
+		return helpers.HandleApiError(err, d, httpResp)
+	}
+
+	return nil
+}
+
+func expandStringList(givenStringListInterface []interface{}) []string {
+	var expandedStringList []string
+
+	if len(givenStringListInterface) > 0 {
+		for _, id := range givenStringListInterface {
+			expandedStringList = append(expandedStringList, id.(string))
+		}
+	}
+	return expandedStringList
+}
diff --git a/internal/service/platform/governance/rule_set/rule_set_data_source.go b/internal/service/platform/governance/rule_set/rule_set_data_source.go
@@ -0,0 +1,71 @@
+package governance_rule_set
+
+import (
+	"context"
+
+	"github.com/harness/terraform-provider-harness/helpers"
+	"github.com/harness/terraform-provider-harness/internal"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DatasourceRuleSet() *schema.Resource {
+	return &schema.Resource{
+		Description: "Datasource for looking up a rule.",
+
+		ReadContext: resourceRuleSetReadDataSource,
+
+		Schema: map[string]*schema.Schema{
+			"rule_set_id": {
+				Description: "Id of rule set.",
+				Type:        schema.TypeString,
+				Required:    true,
+			},
+			"name": {
+				Description: "Name of the rule set.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			"cloud_provider": {
+				Description: "The cloud provider for the rule set.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			"description": {
+				Description: "Description for rule set.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			"rule_ids": {
+				Description: "List of target regions.",
+				Type:        schema.TypeList,
+				Computed:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func resourceRuleSetReadDataSource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	c, ctx := meta.(*internal.Session).GetPlatformClientWithContext(ctx)
+
+	id := d.Get("rule_set_id").(string)
+	resp, httpResp, err := c.RuleSetsApi.ListRuleSets(ctx, readRuleSetRequest(id), c.AccountId)
+
+	if err != nil {
+		return helpers.HandleReadApiError(err, d, httpResp)
+	}
+
+	if resp.Data != nil {
+		err := readRuleSetResponse(d, resp.Data)
+		if err != nil {
+			return helpers.HandleReadApiError(err, d, httpResp)
+		}
+	}
+
+	d.SetId(id)
+
+	return nil
+}