Merge pull request #41 from kaufland-ecommerce/feature/app-group-conf…

…iguration

Implement configuration of allowed groups / allowed groups (operations)

docs/resources/app.md

@@ -57,8 +57,10 @@ description: |-
 
 - `accent_color` (String)
 - `allowed_fields` (List of String)
+- `allowed_groups` (Attributes List) (see [below for nested schema](#nestedatt--allowed_groups))
 - `allowed_mfa` (List of String)
 - `client_display_name` (String)
+- `operations_allowed_groups` (Attributes List) (see [below for nested schema](#nestedatt--operations_allowed_groups))
 - `password_policy` (String)
 - `primary_color` (String)
 - `required_fields` (List of String)
@@ -83,6 +85,26 @@ Read-Only:
 - `provider_type` (String)
 
 
+<a id="nestedatt--allowed_groups"></a>
+### Nested Schema for `allowed_groups`
+
+Required:
+
+- `default_roles` (List of String)
+- `group_id` (String)
+- `roles` (List of String)
+
+
+<a id="nestedatt--operations_allowed_groups"></a>
+### Nested Schema for `operations_allowed_groups`
+
+Required:
+
+- `default_roles` (List of String)
+- `group_id` (String)
+- `roles` (List of String)
+
+
 <a id="nestedatt--app_key"></a>
 ### Nested Schema for `app_key`
 

internal/client/auth.go

@@ -36,7 +36,7 @@ func (c *client) SignIn() (*authResponse, error) {
 	if res.StatusCode > http.StatusOK {
 		b, err := io.ReadAll(res.Body)
 		if err != nil {
-			return nil, fmt.Errorf("auth failed: unkown error")
+			return nil, fmt.Errorf("auth failed: unknown error")
 		}
 
 		return nil, fmt.Errorf("auth failed: %s", b)

internal/client/client.go

@@ -2,7 +2,7 @@ package client
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"time"
 )
@@ -102,7 +102,7 @@ func (c *client) doRequest(req *http.Request) ([]byte, error) {
 
 	defer res.Body.Close()
 
-	body, err := ioutil.ReadAll(res.Body)
+	body, err := io.ReadAll(res.Body)
 	if err != nil {
 		return nil, err
 	}

internal/client/model.go

@@ -55,6 +55,12 @@ type AppKey struct {
 	PublicKey  string `json:"publicKey"`
 }
 
+type AllowedGroup struct {
+	GroupId      string   `json:"groupId" tfsdk:"group_id"`
+	Roles        []string `json:"roles" tfsdk:"roles"`
+	DefaultRoles []string `json:"default_roles" tfsdk:"default_roles"`
+}
+
 type App struct {
 	ID                               string  `json:"id"`
 	ClientId                         string  `json:"client_id"`
@@ -91,6 +97,8 @@ type App struct {
 	AppKey *AppKey `json:"appKey,omitempty"`
 
 	AllowLoginWith               []string         `json:"allow_login_with"`
+	OperationsAllowedGroups      []AllowedGroup   `json:"operations_allowed_groups"`
+	AllowedGroups                []AllowedGroup   `json:"allowed_groups"`
 	RedirectUris                 []string         `json:"redirect_uris"`
 	AllowedLogoutUrls            []string         `json:"allowed_logout_urls"`
 	AllowedScopes                []string         `json:"allowed_scopes"`

internal/client/template_group.go

@@ -61,6 +61,10 @@ func (c *client) UpdateTemplateGroup(group *TemplateGroup) error {
 		strings.NewReader(string(rb)),
 	)
 
+	if err != nil {
+		return err
+	}
+
 	req.Header.Add("content-type", "application/json")
 
 	resp, err := c.doRequest(req)

internal/provider/models.go

@@ -83,6 +83,8 @@ type App struct {
 	AppKey                           types.Object `tfsdk:"app_key"`
 	TemplateGroupId                  types.String `tfsdk:"template_group_id"`
 
+	AllowedGroups                types.List       `tfsdk:"allowed_groups"`
+	OperationsAllowedGroups      types.List       `tfsdk:"operations_allowed_groups"`
 	AllowLoginWith               []string         `tfsdk:"allow_login_with"`
 	RedirectUris                 []string         `tfsdk:"redirect_uris"`
 	AllowedLogoutUrls            []string         `tfsdk:"allowed_logout_urls"`

internal/provider/resource_app.go

@@ -258,9 +258,43 @@ func (r *appResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *
 				Required: true,
 			},
 
-			// Groupes & Roles
-			// TODO
-
+			// Groups & Roles
+			"allowed_groups": schema.ListNestedAttribute{
+				Optional: true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"group_id": schema.StringAttribute{
+							Required: true,
+						},
+						"roles": schema.ListAttribute{
+							Required:    true,
+							ElementType: types.StringType,
+						},
+						"default_roles": schema.ListAttribute{
+							Required:    true,
+							ElementType: types.StringType,
+						},
+					},
+				},
+			},
+			"operations_allowed_groups": schema.ListNestedAttribute{
+				Optional: true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"group_id": schema.StringAttribute{
+							Required: true,
+						},
+						"roles": schema.ListAttribute{
+							Required:    true,
+							ElementType: types.StringType,
+						},
+						"default_roles": schema.ListAttribute{
+							Required:    true,
+							ElementType: types.StringType,
+						},
+					},
+				},
+			},
 			// Encryption Settings
 			"jwe_enabled": schema.BoolAttribute{
 				Required: true,
@@ -346,7 +380,12 @@ func (r appResource) Create(ctx context.Context, req resource.CreateRequest, res
 		return
 	}
 
-	plannedApp := planToApp(ctx, &plan, &plan)
+	plannedApp, diags := planToApp(ctx, &plan, &plan)
+	resp.Diagnostics.Append(diags...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
 
 	app, err := r.provider.client.CreateApp(plannedApp)
 	if err != nil {
@@ -430,7 +469,12 @@ func (r appResource) Update(ctx context.Context, req resource.UpdateRequest, res
 
 	resp.Diagnostics.Append(diags...)
 
-	plannedApp := planToApp(ctx, &plan, &state)
+	plannedApp, diags := planToApp(ctx, &plan, &state)
+
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
 
 	app, err := r.provider.client.UpdateApp(*plannedApp)
 
@@ -534,6 +578,26 @@ func applyAppToState(ctx context.Context, state *App, app *client.App) diag.Diag
 	state.JweEnabled = types.BoolValue(app.JweEnabled)
 	state.AlwaysAskMfa = types.BoolValue(app.AlwaysAskMfa)
 
+	state.AllowedGroups, diags = types.ListValueFrom(ctx, types.ObjectType{
+		AttrTypes: map[string]attr.Type{
+			"group_id":      types.StringType,
+			"roles":         types.ListType{ElemType: types.StringType},
+			"default_roles": types.ListType{ElemType: types.StringType},
+		},
+	}, app.AllowedGroups)
+
+	ret.Append(diags...)
+
+	state.OperationsAllowedGroups, diags = types.ListValueFrom(ctx, types.ObjectType{
+		AttrTypes: map[string]attr.Type{
+			"group_id":      types.StringType,
+			"roles":         types.ListType{ElemType: types.StringType},
+			"default_roles": types.ListType{ElemType: types.StringType},
+		},
+	}, app.OperationsAllowedGroups)
+
+	ret.Append(diags...)
+
 	tfsdk.ValueFrom(ctx, app.RegisterWithLoginInformation, types.BoolType, &state.RegisterWithLoginInformation)
 	tfsdk.ValueFrom(ctx, app.PasswordPolicy, types.StringType, &state.PasswordPolicy)
 	tfsdk.ValueFrom(ctx, app.TemplateGroupId, types.StringType, &state.TemplateGroupId)
@@ -578,7 +642,10 @@ func applyAppToState(ctx context.Context, state *App, app *client.App) diag.Diag
 	return ret
 }
 
-func planToApp(ctx context.Context, plan *App, state *App) *client.App {
+func planToApp(ctx context.Context, plan *App, state *App) (*client.App, diag.Diagnostics) {
+	ret := diag.Diagnostics{}
+
+	var diags diag.Diagnostics
 	plannedApp := client.App{
 		ID:                               state.ID.ValueString(),
 		ClientSecret:                     state.ClientSecret.ValueString(),
@@ -636,8 +703,17 @@ func planToApp(ctx context.Context, plan *App, state *App) *client.App {
 		)
 	}
 
-	tfsdk.ValueAs(ctx, plan.TemplateGroupId, &plannedApp.TemplateGroupId)
-	tfsdk.ValueAs(ctx, plan.PasswordPolicy, &plannedApp.PasswordPolicy)
+	diags = tfsdk.ValueAs(ctx, plan.AllowedGroups, &plannedApp.AllowedGroups)
+	ret.Append(diags...)
+
+	diags = tfsdk.ValueAs(ctx, plan.OperationsAllowedGroups, &plannedApp.OperationsAllowedGroups)
+	ret.Append(diags...)
+
+	diags = tfsdk.ValueAs(ctx, plan.TemplateGroupId, &plannedApp.TemplateGroupId)
+	ret.Append(diags...)
+
+	diags = tfsdk.ValueAs(ctx, plan.PasswordPolicy, &plannedApp.PasswordPolicy)
+	ret.Append(diags...)
 
-	return &plannedApp
+	return &plannedApp, ret
 }

internal/provider/resource_template.go

@@ -217,6 +217,7 @@ func (r templateResource) Update(ctx context.Context, req resource.UpdateRequest
 	tfsdk.ValueFrom(ctx, template.Content, types.StringType, &templateResult.Content)
 
 	diags = resp.State.Set(ctx, &plan)
+	resp.Diagnostics.Append(diags...)
 }
 
 func (r templateResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {

internal/provider/resource_template_group.go

@@ -222,21 +222,29 @@ func (r templateGroupResource) Update(ctx context.Context, req resource.UpdateRe
 		UnhandledNullAsEmpty    bool
 		UnhandledUnknownAsEmpty bool
 	}{UnhandledNullAsEmpty: true, UnhandledUnknownAsEmpty: true})
+	resp.Diagnostics.Append(diags...)
 
-	plan.SmsSenderConfig.As(ctx, &group.SmsSenderConfig, struct {
+	diags = plan.SmsSenderConfig.As(ctx, &group.SmsSenderConfig, struct {
 		UnhandledNullAsEmpty    bool
 		UnhandledUnknownAsEmpty bool
 	}{UnhandledNullAsEmpty: true, UnhandledUnknownAsEmpty: true})
+	resp.Diagnostics.Append(diags...)
 
-	plan.IVRSenderConfig.As(ctx, &group.IVRSenderConfig, struct {
+	diags = plan.IVRSenderConfig.As(ctx, &group.IVRSenderConfig, struct {
 		UnhandledNullAsEmpty    bool
 		UnhandledUnknownAsEmpty bool
 	}{UnhandledNullAsEmpty: true, UnhandledUnknownAsEmpty: true})
+	resp.Diagnostics.Append(diags...)
 
-	plan.PushSenderConfig.As(ctx, &group.PushSenderConfig, struct {
+	diags = plan.PushSenderConfig.As(ctx, &group.PushSenderConfig, struct {
 		UnhandledNullAsEmpty    bool
 		UnhandledUnknownAsEmpty bool
 	}{UnhandledNullAsEmpty: true, UnhandledUnknownAsEmpty: true})
+	resp.Diagnostics.Append(diags...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
 
 	err := r.provider.client.UpdateTemplateGroup(&group)