From ee33ead0987bf49226ff4c535b1b976f555d22dc Mon Sep 17 00:00:00 2001 From: Naresh Kakubal Date: Thu, 4 Apr 2024 14:55:40 -0700 Subject: [PATCH] Revert "access tier group terraform changes (#157)" (#166) This reverts commit aedea9ec4f14187c47807ec6d325e9d20ab91550. --- banyan/provider.go | 2 - banyan/resource_accesstier_group.go | 268 ---------------------- banyan/resource_accesstier_group_test.go | 46 ---- banyan/resource_service_tunnel.go | 27 +-- banyan/resource_service_tunnel_test.go | 87 ------- banyan/resource_service_web.go | 10 +- banyan/resource_service_web_test.go | 2 - banyan/schema_helpers.go | 31 --- banyan/specs/service_web/web-at.json | 1 - banyan/specs/service_web/web-certs.json | 1 - banyan/specs/service_web/web-conn.json | 1 - client/accesstiregroup/accesstiergroup.go | 69 ------ client/accesstiregroup/client.go | 186 --------------- client/accesstiregroup/client_test.go | 68 ------ client/client_holder.go | 7 +- client/servicetunnel/service_tunnel.go | 2 - 16 files changed, 7 insertions(+), 801 deletions(-) delete mode 100644 banyan/resource_accesstier_group.go delete mode 100644 banyan/resource_accesstier_group_test.go delete mode 100644 client/accesstiregroup/accesstiergroup.go delete mode 100644 client/accesstiregroup/client.go delete mode 100644 client/accesstiregroup/client_test.go diff --git a/banyan/provider.go b/banyan/provider.go index 9b7eb1db..d096b130 100644 --- a/banyan/provider.go +++ b/banyan/provider.go @@ -42,8 +42,6 @@ func Provider() *schema.Provider { "banyan_api_key": resourceApiKey(), "banyan_connector": resourceConnector(), "banyan_accesstier": resourceAccessTier(), - - "banyan_accesstier_group": resourceAccessTierGroup(), }, DataSourcesMap: map[string]*schema.Resource{ "banyan_oidc_settings": dataSourceOidcSettings(), diff --git a/banyan/resource_accesstier_group.go b/banyan/resource_accesstier_group.go deleted file mode 100644 index c6216f8e..00000000 --- a/banyan/resource_accesstier_group.go +++ /dev/null @@ -1,268 +0,0 @@ -package banyan - -import ( - "context" - "reflect" - - "github.com/banyansecurity/terraform-banyan-provider/client" - "github.com/banyansecurity/terraform-banyan-provider/client/accesstier" - "github.com/banyansecurity/terraform-banyan-provider/client/accesstiregroup" - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" -) - -func resourceAccessTierGroup() *schema.Resource { - return &schema.Resource{ - Description: "The access tier group resource allows for configuration of the access tier group API object. ", - CreateContext: resourceAccessTierGroupCreate, - ReadContext: resourceAccessTierGroupRead, - DeleteContext: resourceAccessTierGroupDelete, - UpdateContext: resourceAccessTierGroupUpdate, - Schema: AccessTierGroupSchema(), - Importer: &schema.ResourceImporter{ - StateContext: schema.ImportStatePassthroughContext, - }, - } -} - -func AccessTierGroupSchema() map[string]*schema.Schema { - s := map[string]*schema.Schema{ - "id": { - Type: schema.TypeString, - Computed: true, - Description: "ID of the access tier group in Banyan", - ForceNew: true, - }, - "name": { - Type: schema.TypeString, - Required: true, - Description: "Name of the access tier group", - }, - "description": { - Type: schema.TypeString, - Optional: true, - Description: "Description of access tier group", - }, - "cluster": { - Type: schema.TypeString, - Required: true, - Description: "Cluster / shield name in Banyan", - }, - "dns_search_domains": { - Type: schema.TypeString, - Required: true, - Description: "", - }, - "cidrs": { - Type: schema.TypeSet, - Required: true, - Description: "CIDR range", - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "dns_enabled": { - Type: schema.TypeBool, - Optional: true, - Description: "Enable DNS for service tunnels (needed to work properly with both private and public targets)", - }, - "udp_port_number": { - Type: schema.TypeInt, - Required: true, - Description: "UDP port", - }, - "keepalive": { - Type: schema.TypeInt, - Required: true, - Description: "Keepalive", - }, - "domains": { - Type: schema.TypeSet, - Required: true, - Description: "Any internal domains that can only be resolved on your internal network’s private DNS", - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "advanced_settings": { - Type: schema.TypeString, - Required: true, - Description: "Advanced settings", - }, - "shared_fqdn": { - Type: schema.TypeString, - Required: true, - Description: "Shared FQDN", - }, - "attach_access_tier_ids": { - Type: schema.TypeSet, - Optional: true, - Description: "Access tier IDs to attach to access tier group", - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "detach_access_tier_ids": { - Type: schema.TypeSet, - Optional: true, - Description: "Access tier IDs to detach from access tier group", - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - } - return s -} - -func resourceAccessTierGroupCreate(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostics diag.Diagnostics) { - c := m.(*client.Holder) - atg, err := c.AccessTierGroup.Create(atgFromState(d)) - if err != nil { - return diag.FromErr(err) - } - - d.SetId(atg.ID) - - attachIDs := convertSchemaSetToStringSlice(d.Get("attach_access_tier_ids").(*schema.Set)) - if len(attachIDs) != 0 { - err = attachAccessTiers(c, d.Get("id").(string), attachIDs) - if err != nil { - return - } - } - - return -} - -func resourceAccessTierGroupRead(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostics diag.Diagnostics) { - c := m.(*client.Holder) - key, err := c.AccessTierGroup.Get(d.Id()) - if err != nil { - handleNotFoundError(d, err) - return - } - d.SetId(key.ID) - err = d.Set("name", key.Name) - if err != nil { - return diag.FromErr(err) - } - err = d.Set("description", key.Description) - if err != nil { - return diag.FromErr(err) - } - - err = d.Set("cluster", key.ClusterName) - if err != nil { - return diag.FromErr(err) - } - - err = d.Set("cidrs", key.TunnelConfig.CIDRs) - if err != nil { - return diag.FromErr(err) - } - - err = d.Set("domains", key.TunnelConfig.Domains) - if err != nil { - return diag.FromErr(err) - } - - err = d.Set("dns_enabled", key.TunnelConfig.DNSEnabled) - if err != nil { - return diag.FromErr(err) - } - - err = d.Set("shared_fqdn", key.TunnelConfig.SharedFQDN) - if err != nil { - return diag.FromErr(err) - } - - return -} - -func resourceAccessTierGroupUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostics diag.Diagnostics) { - c := m.(*client.Holder) - _, err := c.AccessTierGroup.Update(d.Id(), atgFromState(d)) - if err != nil { - return diag.FromErr(err) - } - - attachIDs := convertSchemaSetToStringSlice(d.Get("attach_access_tier_ids").(*schema.Set)) - if len(attachIDs) != 0 { - err = attachAccessTiers(c, d.Get("id").(string), attachIDs) - if err != nil { - return - } - } - - detachIDs := convertSchemaSetToStringSlice(d.Get("detach_access_tier_ids").(*schema.Set)) - if len(detachIDs) != 0 { - err = detachAccessTiers(c, d.Get("id").(string), detachIDs) - if err != nil { - return - } - } - - return -} - -func resourceAccessTierGroupDelete(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostics diag.Diagnostics) { - c := m.(*client.Holder) - err := c.AccessTierGroup.Delete(d.Id()) - if err != nil { - diagnostics = diag.FromErr(err) - return - } - d.SetId("") - return -} - -// creates an access tier group from the terraform state -func atgFromState(d *schema.ResourceData) accesstiregroup.AccessTierGroupPost { - at := accesstiregroup.AccessTierGroupPost{ - Name: d.Get("name").(string), - Description: d.Get("description").(string), - SharedFQDN: d.Get("shared_fqdn").(string), - ClusterName: d.Get("cluster").(string), - TunnelEnduser: setATGTunnelConfigEndUserRequest(d), - AdvancedSettings: d.Get("advanced_settings").(string), - } - return at -} - -func setATGTunnelConfigEndUserRequest(d *schema.ResourceData) (expanded *accesstier.AccessTierTunnelInfoPost) { - e := accesstier.AccessTierTunnelInfoPost{ - UDPPortNumber: d.Get("udp_port_number").(int), - DNSEnabled: d.Get("dns_enabled").(bool), - CIDRs: convertSchemaSetToStringSlice(d.Get("cidrs").(*schema.Set)), - Domains: convertSchemaSetToStringSlice(d.Get("domains").(*schema.Set)), - } - if reflect.DeepEqual(e, accesstier.AccessTierTunnelInfoPost{}) { - return nil - } - return &e -} - -func attachAccessTiers(c *client.Holder, atgID string, atIDs []string) (err error) { - - attachReqBody := accesstiregroup.AccessTierList{ - AccessTierIDs: atIDs, - } - _, err = c.AccessTierGroup.AttachAccessTiers(atgID, attachReqBody) - if err != nil { - return - } - - return -} - -func detachAccessTiers(c *client.Holder, atgID string, atIDs []string) (err error) { - attachReqBody := accesstiregroup.AccessTierList{ - AccessTierIDs: atIDs, - } - _, err = c.AccessTierGroup.DetachAccessTiers(atgID, attachReqBody) - if err != nil { - return - } - - return -} diff --git a/banyan/resource_accesstier_group_test.go b/banyan/resource_accesstier_group_test.go deleted file mode 100644 index 899204a3..00000000 --- a/banyan/resource_accesstier_group_test.go +++ /dev/null @@ -1,46 +0,0 @@ -package banyan - -import ( - "fmt" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" -) - -func TestAccAccessTierGroup_basic(t *testing.T) { - - rName := fmt.Sprintf("tf-acc-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) - - resource.Test(t, resource.TestCase{ - Providers: testAccProviders, - CheckDestroy: nil, - Steps: []resource.TestStep{ - // Creates the access_tier_group with the given terraform configuration and asserts that the access_tier_group is created - { - Config: testAccAccessTierGroup_basic_create(rName), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("banyan_accesstier_group.example", "name", rName), - ), - }, - }, - }) -} - -func testAccAccessTierGroup_basic_create(name string) string { - return fmt.Sprintf(` -resource "banyan_accesstier_group" "example" { - name = "%s" - description = "testing-1" - cluster = "cluster1" - dns_search_domains = "" - advanced_settings = "{\"kind\":\"BanyanAccessTierLocalConfig\",\"api_version\":\"rbac.banyanops.com/v1\",\"type\":\"attribute-based\",\"metadata\":{},\"spec\":{\"base\":{\"shield_address\":\"ted-us-west1.shield.bnntest.com:34140\",\"site_address\":\"\"},\"logging\":{},\"events\":{},\"hosted_web_services\":{}}}" - domains = ["test-1.com"] - cidrs = ["198.169.0.1/24"] - dns_enabled = false - shared_fqdn = "testing.com" - udp_port_number = 16580 - keepalive = 30 -} -`, name) -} diff --git a/banyan/resource_service_tunnel.go b/banyan/resource_service_tunnel.go index db9ce500..8e6f3f0d 100644 --- a/banyan/resource_service_tunnel.go +++ b/banyan/resource_service_tunnel.go @@ -138,11 +138,6 @@ func TunnelSchema() (s map[string]*schema.Schema) { Type: schema.TypeString, }, }, - "access_tier_group": { - Type: schema.TypeString, - Optional: true, - Description: "Name of the access_tier group which the service tunnel should be associated with", - }, } return } @@ -293,22 +288,14 @@ func expandServiceTunnelSpec(d *schema.ResourceData) (expanded servicetunnel.Spe exclApplications := convertSchemaSetToStringSlice(d.Get("applications_exclude").(*schema.Set)) var peers []servicetunnel.PeerAccessTier - accessTierGroup := d.Get("access_tier_group").(string) - // if access_tiers not set and access tier group is empty => global-edge, use ["*"] + + // if access_tiers not set => global-edge, use ["*"] if len(ats) == 0 { - peer := servicetunnel.PeerAccessTier{ + peers = append(peers, servicetunnel.PeerAccessTier{ Cluster: d.Get("cluster").(string), AccessTiers: []string{"*"}, Connectors: conns, - } - - if accessTierGroup != "" { - peer.AccessTiers = nil - peer.Connectors = nil - peer.AccessTierGroup = accessTierGroup - } - - peers = append(peers, peer) + }) } else { // If multiple accessTiers are set create peer foreach. for i, eachAts := range ats { @@ -436,12 +423,6 @@ func flattenServiceTunnelSpec(d *schema.ResourceData, tun servicetunnel.ServiceT } } } - - err = d.Set("access_tier_group", eachPeer.AccessTierGroup) - if err != nil { - return err - } - } err = d.Set("access_tiers", ats) if err != nil { diff --git a/banyan/resource_service_tunnel_test.go b/banyan/resource_service_tunnel_test.go index 298ec0a9..55f02e46 100644 --- a/banyan/resource_service_tunnel_test.go +++ b/banyan/resource_service_tunnel_test.go @@ -57,7 +57,6 @@ func TestSchemaServiceTunnel_tunnel_public(t *testing.T) { "public_domains_include": []interface{}{"cnn.com", "icanhazip.com", "fast.com", "yahoo.com", "banyansecurity.io"}, "public_traffic_tunnel_via_access_tier": "gcp-tdnovpn-v2", "applications_include": []interface{}{"067c3a25-8271-4764-89dd-c3543ac99a5a", "0b90e7d0-e8fc-43fb-95b7-4ad5d6881bb8"}, - "access_tier_group": "", } d := schema.TestResourceDataRaw(t, TunnelSchema(), svc_tunnel_public) svc_obj := TunFromState(d) @@ -79,7 +78,6 @@ func TestSchemaServiceTunnel_tunnel_public_one_at(t *testing.T) { "public_domains_include": []interface{}{"cnn.com", "icanhazip.com", "fast.com", "yahoo.com", "banyansecurity.io"}, "applications_include": []interface{}{"067c3a25-8271-4764-89dd-c3543ac99a5a", "0b90e7d0-e8fc-43fb-95b7-4ad5d6881bb8"}, - "access_tier_group": "", } d := schema.TestResourceDataRaw(t, TunnelSchema(), svc_tunnel_public) svc_obj := TunFromState(d) @@ -101,7 +99,6 @@ func TestSchemaServiceTunnel_tunnel_public_select_at_from_multiple(t *testing.T) "public_domains_include": []interface{}{"cnn.com", "icanhazip.com", "fast.com", "yahoo.com", "banyansecurity.io"}, "applications_include": []interface{}{"067c3a25-8271-4764-89dd-c3543ac99a5a", "0b90e7d0-e8fc-43fb-95b7-4ad5d6881bb8"}, "public_traffic_tunnel_via_access_tier": "gcp-tdnovpn-v2", - "access_tier_group": "", } d := schema.TestResourceDataRaw(t, TunnelSchema(), svc_tunnel_public) svc_obj := TunFromState(d) @@ -294,87 +291,3 @@ func TestAccServiceTunnel_change_policy(t *testing.T) { }, }) } - -func TestSchemaServiceTunnel_with_access_tier_group(t *testing.T) { - svc_tunnel_public := map[string]interface{}{ - "name": "tunnel-domains", - "description": "describe tunnel-domains", - "cluster": "cluster1", - "access_tier_group": "atg-1", - } - d := schema.TestResourceDataRaw(t, TunnelSchema(), svc_tunnel_public) - svc_obj := TunFromState(d) - - json_spec := []byte(`{ - "kind": "BanyanServiceTunnel", - "api_version": "rbac.banyanops.com/v1", - "type": "origin", - "metadata": - { - "name": "tunnel-domains", - "friendly_name": "tunnel-domains", - "description": "describe tunnel-domains", - "tags": - { - "icon": "", - "description_link": "" - }, - "autorun": false - }, - "spec": - { - "peer_access_tiers": - [ - { - "cluster": "cluster1", - "access_tier_group":"atg-1" - } - ] - } - }`) - var ref_obj servicetunnel.Info - _ = json.Unmarshal([]byte(json_spec), &ref_obj) - - AssertServiceTunnelEqual(t, svc_obj, ref_obj) -} - -func TestAccServiceTunnel_with_access_tier_group(t *testing.T) { - - rName := fmt.Sprintf("tf-acc-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) - - resource.Test(t, resource.TestCase{ - Providers: testAccProviders, - CheckDestroy: nil, - Steps: []resource.TestStep{ - // Creates the servicetunnel with the given terraform configuration and asserts that the servicetunnel is created - { - Config: fmt.Sprintf(` - - resource "banyan_policy_tunnel" "example" { - name = "%s" - description = "some tunnel policy description" - access { - roles = ["ANY"] - trust_level = "High" - } - } - - resource "banyan_service_tunnel" "example" { - name = "%s" - description = "realdescription" - access_tier_group = "new-grp-1" - policy = banyan_policy_tunnel.example.id - } - `, rName, rName), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("banyan_service_tunnel.example", "name", rName), - ), - }, - { - ResourceName: "banyan_service_tunnel.example", - ImportState: true, - ImportStateVerify: true, - }, - }, - }) -} diff --git a/banyan/resource_service_web.go b/banyan/resource_service_web.go index e596854f..7bc079c6 100644 --- a/banyan/resource_service_web.go +++ b/banyan/resource_service_web.go @@ -3,14 +3,13 @@ package banyan import ( "context" "fmt" - "log" - "strconv" - "github.com/banyansecurity/terraform-banyan-provider/client" "github.com/banyansecurity/terraform-banyan-provider/client/service" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "log" + "strconv" ) // Schema for the service resource. For more information on Banyan services, see the documentation @@ -281,11 +280,6 @@ func WebSchema() (s map[string]*schema.Schema) { }, }, }, - "access_tier_group": { - Type: schema.TypeString, - Optional: true, - Description: "access tier group which is associated with service", - }, } return } diff --git a/banyan/resource_service_web_test.go b/banyan/resource_service_web_test.go index fbe67318..e840f214 100644 --- a/banyan/resource_service_web_test.go +++ b/banyan/resource_service_web_test.go @@ -306,7 +306,6 @@ func testAccService_basic_web_create_json(name string) string { ], "host_tag_selector": [ { - "com.banyanops.hosttag.access_tier_group": "", "com.banyanops.hosttag.site_name": "us-west1" } ], @@ -406,7 +405,6 @@ func testAccService_basic_web_update_json(name string) string { ], "host_tag_selector": [ { - "com.banyanops.hosttag.access_tier_group": "", "com.banyanops.hosttag.site_name": "us-west1" } ], diff --git a/banyan/schema_helpers.go b/banyan/schema_helpers.go index 1f4cbb41..50ab3c3e 100644 --- a/banyan/schema_helpers.go +++ b/banyan/schema_helpers.go @@ -11,7 +11,6 @@ import ( "strings" "github.com/banyansecurity/terraform-banyan-provider/client" - "github.com/banyansecurity/terraform-banyan-provider/client/accesstiregroup" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -164,7 +163,6 @@ func GetIntPtr(d *schema.ResourceData, key string) (result *int) { func buildHostTagSelector(d *schema.ResourceData) (hostTagSelector []map[string]string, err error) { conn, connOk := d.GetOk("connector") at, atOk := d.GetOk("access_tier") - atg, atgOk := d.GetOk("access_tier_group") // error if both are set if connOk && atOk { @@ -172,21 +170,11 @@ func buildHostTagSelector(d *schema.ResourceData) (hostTagSelector []map[string] return } - if (atgOk && atOk) || (connOk && atgOk) { - err = errors.New("cannot have both access_tier or connector and access tier group set") - return - } - // if connector is set, ensure access_tier is * if conn.(string) != "" { at = "*" } siteNameSelector := map[string]string{"com.banyanops.hosttag.site_name": at.(string)} - - if atg != nil { - siteNameSelector["com.banyanops.hosttag.access_tier_group"] = atg.(string) - } - hostTagSelector = append(hostTagSelector, siteNameSelector) return } @@ -219,8 +207,6 @@ func determineCluster(c *client.Holder, d *schema.ResourceData) (clusterName str _, connsOk := d.GetOk("connectors") ats, atsOk := d.GetOk("access_tiers") - atg, atgOk := d.GetOk("access_tier_group") - // error if singular and plural are used if (connOk && connsOk) || (atOk && atsOk) { err = errors.New("cannot have both access_tier and access_tiers set or both connector and connectors set") @@ -233,11 +219,6 @@ func determineCluster(c *client.Holder, d *schema.ResourceData) (clusterName str return } - if (atgOk && atOk) || (atgOk && atsOk) { - err = errors.New("cannot have both access_tier and access tier group set") - return - } - // set to global-edge if connector is set if connOk || connsOk { clusterName = "global-edge" @@ -252,18 +233,6 @@ func determineCluster(c *client.Holder, d *schema.ResourceData) (clusterName str } } - if atg != nil { - var atDetails accesstiregroup.AccessTierGroupResponse - atDetails, err = c.AccessTierGroup.GetName(atg.(string)) - if err != nil { - _ = fmt.Errorf("accesstier group %s not found", atg.(string)) - clusterName, err = getFirstCluster(c) - return - } - clusterName = atDetails.ClusterName - return - } - // otherwise determine which cluster to set based off of the access tier atDetails, err := c.AccessTier.GetName(at.(string)) if err != nil { diff --git a/banyan/specs/service_web/web-at.json b/banyan/specs/service_web/web-at.json index f20e16dc..e4a89fef 100644 --- a/banyan/specs/service_web/web-at.json +++ b/banyan/specs/service_web/web-at.json @@ -30,7 +30,6 @@ ], "host_tag_selector": [ { - "com.banyanops.hosttag.access_tier_group": "", "com.banyanops.hosttag.site_name": "gcp-wg" } ], diff --git a/banyan/specs/service_web/web-certs.json b/banyan/specs/service_web/web-certs.json index b3756174..3cdfbd0f 100644 --- a/banyan/specs/service_web/web-certs.json +++ b/banyan/specs/service_web/web-certs.json @@ -30,7 +30,6 @@ ], "host_tag_selector": [ { - "com.banyanops.hosttag.access_tier_group": "", "com.banyanops.hosttag.site_name": "*" } ], diff --git a/banyan/specs/service_web/web-conn.json b/banyan/specs/service_web/web-conn.json index bbb96cd7..7d6e48a4 100644 --- a/banyan/specs/service_web/web-conn.json +++ b/banyan/specs/service_web/web-conn.json @@ -30,7 +30,6 @@ ], "host_tag_selector": [ { - "com.banyanops.hosttag.access_tier_group": "", "com.banyanops.hosttag.site_name": "*" } ], diff --git a/client/accesstiregroup/accesstiergroup.go b/client/accesstiregroup/accesstiergroup.go deleted file mode 100644 index 4caf45f3..00000000 --- a/client/accesstiregroup/accesstiergroup.go +++ /dev/null @@ -1,69 +0,0 @@ -package accesstiregroup - -import "github.com/banyansecurity/terraform-banyan-provider/client/accesstier" - -type AccessTierGroupInfo struct { - ID string `json:"id"` - Name string `json:"name"` - OrgID string `json:"org_id"` - Description string `json:"description"` - TunnelConfigID string `json:"tunnel_config_id"` - AdvancedSettings string `json:"advanced_settings"` - ClusterName string `json:"cluster_name"` - CreatedAt int64 `json:"created_at"` - UpdatedAt int64 `json:"updated_at"` -} - -type AccessTierGroupPost struct { - Name string `json:"name"` - Description string `json:"description"` - SharedFQDN string `json:"shared_fqdn"` - ClusterName string `json:"cluster_name"` - TunnelEnduser *accesstier.AccessTierTunnelInfoPost `json:"tunnel_enduser,omitempty"` - AdvancedSettings string `json:"advanced_settings"` -} - -type AccessTierGroupResponse struct { - ID string `json:"id"` - Name string `json:"name"` - OrgID string `json:"org_id"` - Description string `json:"description"` - AdvancedSettings string `json:"advanced_settings"` - AccessTierIDs []string `json:"access_tier_ids"` - ClusterName string `json:"cluster_name"` - CreatedAt int64 `json:"created_at"` - UpdatedAt int64 `json:"updated_at"` - TunnelConfig TunnelConfigInfo `json:"tunnel_config"` -} - -type TunnelConfigInfo struct { - ID string `json:"id"` - OrgID string `json:"org_id"` - TunnelPeerType string `json:"tunnel_peer_type"` - DNSSearchDomains string `json:"dns_search_domains"` - UDPPortNumber int64 `json:"udp_port_number"` - TunnelIPAddress string `json:"tunnel_ip_address"` - WireguardPublicKey string `json:"wireguard_public_key"` - WireguardPrivateKey string `json:"wireguard_private_key,omitempty"` - DNSEnabled bool `json:"dns_enabled"` - Keepalive int64 `json:"keepalive"` - CreatedAt int64 `json:"created_at"` - UpdatedAt int64 `json:"updated_at"` - SharedFQDN string `json:"shared_fqdn,omitempty"` - - CIDRs []string `json:"cidrs"` - Domains []string `json:"domains"` - - ClientCIDRRange string `json:"client_cidr_range"` -} - -type ATGResponse struct { - RequestId string `json:"request_id"` - ErrorCode int `json:"error_code"` - ErrorDescription string `json:"error_description"` - Data AccessTierGroupResponse `json:"data"` -} - -type AccessTierList struct { - AccessTierIDs []string `json:"access_tier_ids"` -} diff --git a/client/accesstiregroup/client.go b/client/accesstiregroup/client.go deleted file mode 100644 index 187115e1..00000000 --- a/client/accesstiregroup/client.go +++ /dev/null @@ -1,186 +0,0 @@ -package accesstiregroup - -import ( - "bytes" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - - "github.com/banyansecurity/terraform-banyan-provider/client/restclient" -) - -const apiVersion = "api/v2" -const component = "access_tier_groups" - -type AccessTierGroup struct { - restClient *restclient.Client -} - -// NewClient returns a new client for interacting with the access tier resource -func NewClient(restClient *restclient.Client) Client { - client := AccessTierGroup{ - restClient: restClient, - } - return &client -} - -type Client interface { - Create(spec AccessTierGroupPost) (created AccessTierGroupResponse, err error) - Get(id string) (atg AccessTierGroupResponse, err error) - Delete(id string) (err error) - Update(id string, post AccessTierGroupPost) (updatedApiKey AccessTierGroupResponse, err error) - GetName(name string) (spec AccessTierGroupResponse, err error) - AttachAccessTiers(groupID string, ats AccessTierList) (attachedATs []string, err error) - DetachAccessTiers(groupID string, ats AccessTierList) (detachedATs []string, err error) -} - -func (a *AccessTierGroup) Create(atgInfo AccessTierGroupPost) (created AccessTierGroupResponse, err error) { - body, err := json.Marshal(atgInfo) - if err != nil { - return - } - resp, err := a.restClient.Create(apiVersion, component, body, "") - if err != nil { - return - } - var j ATGResponse - err = json.Unmarshal(resp, &j) - if err != nil { - return - } - created = j.Data - return -} - -func (a *AccessTierGroup) Get(id string) (atg AccessTierGroupResponse, err error) { - resp, err := a.restClient.Read(apiVersion, component, id, "") - if err != nil { - return - } - var j ATGResponse - err = json.Unmarshal(resp, &j) - if err != nil { - return - } - return j.Data, nil -} - -func (a *AccessTierGroup) Update(id string, post AccessTierGroupPost) (updatedApiKey AccessTierGroupResponse, err error) { - body, err := json.Marshal(post) - if err != nil { - return - } - resp, err := a.restClient.Update(apiVersion, component, id, body, "") - if err != nil { - return - } - err = json.Unmarshal(resp, &updatedApiKey) - return -} - -func (a *AccessTierGroup) Delete(id string) (err error) { - return a.restClient.Delete(apiVersion, component, id, "") -} - -func (a *AccessTierGroup) GetName(name string) (atg AccessTierGroupResponse, err error) { - v := url.Values{} - v.Add("access_tier_group_name", name) - resp, err := a.restClient.ReadQuery(component, v, fmt.Sprintf("%s/%s", apiVersion, component)) - if err != nil { - return - } - - type atgs struct { - AccessTierGroups []AccessTierGroupResponse `json:"access_tier_groups,omitempty"` - Count int `json:"count"` - } - - response := struct { - RequestId string `json:"request_id"` - ErrorCode int `json:"error_code"` - ErrorDescription string `json:"error_description"` - Data atgs `json:"data"` - }{} - - err = json.Unmarshal(resp, &response) - if err != nil { - return - } - - if response.Data.Count == 0 { - err = fmt.Errorf("access tier with name %s not found", name) - return - } - - for _, accessTierGroup := range response.Data.AccessTierGroups { - if accessTierGroup.Name == name { - atg = accessTierGroup - break - } - } - - if atg.Name == "" { - err = fmt.Errorf("access tier group with name %s not found in results %+v", name, response.Data.AccessTierGroups) - } - - return -} - -func (a *AccessTierGroup) AttachAccessTiers(groupID string, ats AccessTierList) (attachedATs []string, err error) { - body, err := json.Marshal(ats) - if err != nil { - return - } - attachURL := fmt.Sprintf("/%s/%s/attach", component, groupID) - resp, err := a.restClient.Create(apiVersion, attachURL, body, "") - if err != nil { - return - } - var j AccessTierList - err = json.Unmarshal(resp, &j) - if err != nil { - return - } - - attachedATs = j.AccessTierIDs - return -} - -func (a *AccessTierGroup) DetachAccessTiers(groupID string, ats AccessTierList) (detachedATs []string, err error) { - body, err := json.Marshal(ats) - if err != nil { - return - } - detachURL := fmt.Sprintf("%s/%s/%s/detach", apiVersion, component, groupID) - req, err := a.restClient.NewRequest(http.MethodDelete, detachURL, bytes.NewBuffer(body)) - if err != nil { - return - } - - HTTPClient := &http.Client{} - resp, err := HTTPClient.Do(req) - if err != nil { - return - } - - if resp.StatusCode != http.StatusOK { - err = fmt.Errorf("error occurred while detaching access tier from group") - return - } - - response, err := io.ReadAll(resp.Body) - if err != nil { - return - } - - var j AccessTierList - err = json.Unmarshal(response, &j) - if err != nil { - return - } - - detachedATs = j.AccessTierIDs - return -} diff --git a/client/accesstiregroup/client_test.go b/client/accesstiregroup/client_test.go deleted file mode 100644 index 307c8834..00000000 --- a/client/accesstiregroup/client_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package accesstiregroup_test - -import ( - "testing" - - "github.com/banyansecurity/terraform-banyan-provider/client/accesstier" - "github.com/banyansecurity/terraform-banyan-provider/client/accesstiregroup" - "github.com/banyansecurity/terraform-banyan-provider/client/testutil" - "github.com/stretchr/testify/assert" -) - -var want = accesstiregroup.AccessTierGroupPost{ - Name: "new-nnm-88w", - Description: "testing-1", - ClusterName: "cluster1", - AdvancedSettings: "{\"kind\":\"BanyanAccessTierLocalConfig\",\"api_version\":\"rbac.banyanops.com/v1\",\"type\":\"attribute-based\",\"metadata\":{},\"spec\":{\"base\":{\"shield_address\":\"ted-us-west1.shield.bnntest.com:34140\",\"site_address\":\"\"},\"logging\":{},\"events\":{},\"hosted_web_services\":{}}}", - TunnelEnduser: &accesstier.AccessTierTunnelInfoPost{ - DNSSearchDomains: "", - Domains: []string{"test-1.com"}, - CIDRs: []string{"198.169.0.1/24"}, - DNSEnabled: false, - UDPPortNumber: 16578, - }, - SharedFQDN: "testing.com", -} - -func Test_Create(t *testing.T) { - - client, err := testutil.GetClientHolderForTest() - - assert.NoError(t, err, "Expected to not get an error here") - - got, err := client.AccessTierGroup.Create(want) - if err != nil { - t.Fatal(err) - } - - assert.Equal(t, got.Name, want.Name) - assert.Equal(t, got.ClusterName, want.ClusterName) - assert.Equal(t, got.TunnelConfig.SharedFQDN, want.SharedFQDN) -} - -func Test_Get(t *testing.T) { - client, err := testutil.GetClientHolderForTest() - - assert.NoError(t, err, "Expected to not get an error here") - - got, err := client.AccessTierGroup.GetName(want.Name) - - assert.NoError(t, err, "expected no error here") - assert.Equal(t, got.Name, want.Name) -} - -func Test_Delete(t *testing.T) { - client, err := testutil.GetClientHolderForTest() - - assert.NoError(t, err, "Expected to not get an error here") - - data, err := client.AccessTierGroup.Get(want.Name) - if err != nil { - t.Fatal(err) - } - - err = client.ApiKey.Delete(data.ID) - if err != nil { - t.Fatal(err) - } -} diff --git a/client/client_holder.go b/client/client_holder.go index a28f0140..c47d0f04 100644 --- a/client/client_holder.go +++ b/client/client_holder.go @@ -1,10 +1,7 @@ package client import ( - "log" - "github.com/banyansecurity/terraform-banyan-provider/client/accesstier" - "github.com/banyansecurity/terraform-banyan-provider/client/accesstiregroup" admin "github.com/banyansecurity/terraform-banyan-provider/client/admin" "github.com/banyansecurity/terraform-banyan-provider/client/apikey" "github.com/banyansecurity/terraform-banyan-provider/client/policy" @@ -15,6 +12,7 @@ import ( service "github.com/banyansecurity/terraform-banyan-provider/client/service" "github.com/banyansecurity/terraform-banyan-provider/client/servicetunnel" "github.com/banyansecurity/terraform-banyan-provider/client/shield" + "log" ) type Holder struct { @@ -29,8 +27,6 @@ type Holder struct { AccessTier accesstier.Client Shield shield.Client RestClient *restclient.Client - - AccessTierGroup accesstiregroup.Client } // NewClientHolder returns a new client which is used to perform operations on all Banyan resources. @@ -51,7 +47,6 @@ func NewClientHolder(hostUrl string, apiKey string) (client *Holder, err error) Admin: admin.NewClient(restClient), Shield: shield.NewClient(restClient), RestClient: restClient, - AccessTierGroup: accesstiregroup.NewClient(restClient), } return &c, err } diff --git a/client/servicetunnel/service_tunnel.go b/client/servicetunnel/service_tunnel.go index e8370f6c..adb47935 100644 --- a/client/servicetunnel/service_tunnel.go +++ b/client/servicetunnel/service_tunnel.go @@ -92,8 +92,6 @@ type PeerAccessTier struct { PublicCIDRs *IncludeExclude `json:"public_cidrs,omitempty"` PublicDomains *IncludeExclude `json:"public_domains,omitempty"` Applications *IncludeExclude `json:"applications,omitempty"` - - AccessTierGroup string `json:"access_tier_group"` } type IncludeExclude struct {