OAS-4479: Support for scheduled root password rotation (#36)

go.mod

@@ -1,7 +1,7 @@
 module github.com/arangodb-managed/terraform-provider-oasis
 
 require (
-	github.com/arangodb-managed/apis v0.73.1
+	github.com/arangodb-managed/apis v0.73.8
 	github.com/arangodb-managed/log-helper v0.2.0
 	github.com/gogo/protobuf v1.3.0
 	github.com/hashicorp/hcl v1.0.0 // indirect

go.sum

@@ -45,8 +45,8 @@ github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFU
 github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
 github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0=
 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
-github.com/arangodb-managed/apis v0.73.1 h1:jewiM4D0weW2epIZQeZttd7IEWHWV/dGltyMAYMF++s=
-github.com/arangodb-managed/apis v0.73.1/go.mod h1:dSEV+DTPdZNH06qVqFWA+F0OcaL2ePGEo+odyMaU72Y=
+github.com/arangodb-managed/apis v0.73.8 h1:D0QZsNNC/eF2wIdNHkH8izPu4TYydzX7rl8epiBIPK0=
+github.com/arangodb-managed/apis v0.73.8/go.mod h1:dSEV+DTPdZNH06qVqFWA+F0OcaL2ePGEo+odyMaU72Y=
 github.com/arangodb-managed/log-helper v0.2.0 h1:QK85i0a+mGM++wK625Oe1z4HuXhvaN3vR/Nunwa1qAA=
 github.com/arangodb-managed/log-helper v0.2.0/go.mod h1:WJogNCCXWM5OQx/ZYvtRo/1zwm/IpKj+f4QVtM8hNJw=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=

pkg/resource_deployment.go

@@ -54,6 +54,7 @@ const (
 	deplNotificationConfigurationFieldName               = "notification_settings"
 	deplNotificationConfigurationEmailAddressesFieldName = "email_addresses"
 	deplDiskPerformanceFieldName                         = "disk_performance"
+	deplDisableScheduledRootPasswordRotationFieldName    = "disable_scheduled_root_password_rotation"
 )
 
 func resourceDeployment() *schema.Resource {
@@ -210,6 +211,11 @@ func resourceDeployment() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+
+			deplDisableScheduledRootPasswordRotationFieldName: {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -309,26 +315,36 @@ func resourceDeploymentCreate(d *schema.ResourceData, m interface{}) error {
 	}
 
 	rmc := rm.NewResourceManagerServiceClient(client.conn)
-	orgURL, err := expandedDepl.GetOrganizationID()
+	proj, err := rmc.GetProject(client.ctxWithToken, &common.IDOptions{Id: expandedDepl.GetProjectId()})
 	if err != nil {
-		client.log.Error().Err(err).Msg("GetOrganizationID failed")
+		client.log.Error().Err(err).Msg("Failed to get project")
 		return err
 	}
-
-	tAndC, err := rmc.GetCurrentTermsAndConditions(client.ctxWithToken, &common.IDOptions{Id: orgURL})
+	tAndC, err := rmc.GetCurrentTermsAndConditions(client.ctxWithToken, &common.IDOptions{Id: proj.GetOrganizationId()})
 	if err != nil {
 		client.log.Error().Err(err).Msg("Failed to get Terms and Conditions")
 		return err
 	}
 	client.log.Info().Str("id", tAndC.GetId()).Msg("Terms and Conditions are accepted")
 	expandedDepl.AcceptedTermsAndConditionsId = tAndC.GetId()
 
-	if depl, err := datac.CreateDeployment(client.ctxWithToken, expandedDepl); err != nil {
+	depl, err := datac.CreateDeployment(client.ctxWithToken, expandedDepl)
+	if err != nil {
 		client.log.Error().Err(err).Msg("Failed to create deployment.")
 		return err
-	} else {
-		d.SetId(depl.GetId())
 	}
+	d.SetId(depl.GetId())
+
+	if !expandedDepl.GetIsScheduledRootPasswordRotationEnabled() {
+		if _, err := datac.UpdateDeploymentScheduledRootPasswordRotation(client.ctxWithToken, &data.UpdateDeploymentScheduledRootPasswordRotationRequest{
+			DeploymentId: depl.GetId(),
+			Enabled:      false,
+		}); err != nil {
+			client.log.Error().Err(err).Msg("Failed to update scheduled root password rotation setting.")
+			return err
+		}
+	}
+
 	return resourceDeploymentRead(d, m)
 }
 
@@ -362,15 +378,16 @@ type configuration struct {
 func expandDeploymentResource(d *schema.ResourceData, defaultProject string) (*data.Deployment, error) {
 	project := defaultProject
 	var (
-		name                string
-		description         string
-		ver                 version
-		loc                 location
-		conf                configuration
-		sec                 securityFields
-		err                 error
-		notificationSetting *data.Deployment_NotificationSettings
-		diskPerformanceID   string
+		name                                  string
+		description                           string
+		ver                                   version
+		loc                                   location
+		conf                                  configuration
+		sec                                   securityFields
+		err                                   error
+		notificationSetting                   *data.Deployment_NotificationSettings
+		diskPerformanceID                     string
+		scheduledRootPasswordRotationDisabled bool
 	)
 	if v, ok := d.GetOk(deplNameFieldName); ok {
 		name = v.(string)
@@ -420,6 +437,9 @@ func expandDeploymentResource(d *schema.ResourceData, defaultProject string) (*d
 	if v, ok := d.GetOk(deplDiskPerformanceFieldName); ok {
 		diskPerformanceID = v.(string)
 	}
+	if v, ok := d.GetOk(deplDisableScheduledRootPasswordRotationFieldName); ok {
+		scheduledRootPasswordRotationDisabled = v.(bool)
+	}
 
 	return &data.Deployment{
 		Name:                      name,
@@ -436,9 +456,10 @@ func expandDeploymentResource(d *schema.ResourceData, defaultProject string) (*d
 			NodeDiskSize: int32(conf.nodeDiskSize),
 			NodeSizeId:   conf.nodeSizeId,
 		},
-		NotificationSettings: notificationSetting,
-		DiskAutoSizeSettings: autoSizeSettings,
-		DiskPerformanceId:    diskPerformanceID,
+		NotificationSettings:                   notificationSetting,
+		DiskAutoSizeSettings:                   autoSizeSettings,
+		DiskPerformanceId:                      diskPerformanceID,
+		IsScheduledRootPasswordRotationEnabled: !scheduledRootPasswordRotationDisabled,
 	}, nil
 }
 
@@ -564,14 +585,15 @@ func flattenDeployment(depl *data.Deployment) map[string]interface{} {
 	notificationSetting := flattenNotificationSettings(depl)
 
 	result := map[string]interface{}{
-		deplNameFieldName:            depl.GetName(),
-		deplProjectFieldName:         depl.GetProjectId(),
-		deplDescriptionFieldName:     depl.GetDescription(),
-		deplConfigurationFieldName:   conf,
-		deplLocationFieldName:        loc,
-		deplVersionFieldName:         ver,
-		deplSecurityFieldName:        sec,
-		deplDiskPerformanceFieldName: depl.GetDiskPerformanceId(),
+		deplNameFieldName:                                 depl.GetName(),
+		deplProjectFieldName:                              depl.GetProjectId(),
+		deplDescriptionFieldName:                          depl.GetDescription(),
+		deplConfigurationFieldName:                        conf,
+		deplLocationFieldName:                             loc,
+		deplVersionFieldName:                              ver,
+		deplSecurityFieldName:                             sec,
+		deplDiskPerformanceFieldName:                      depl.GetDiskPerformanceId(),
+		deplDisableScheduledRootPasswordRotationFieldName: !depl.GetIsScheduledRootPasswordRotationEnabled(),
 	}
 	if notificationSetting != nil {
 		result[deplNotificationConfigurationFieldName] = notificationSetting
@@ -719,6 +741,19 @@ func resourceDeploymentUpdate(d *schema.ResourceData, m interface{}) error {
 	} else {
 		d.SetId(res.GetId())
 	}
+
+	if d.HasChange(deplDisableScheduledRootPasswordRotationFieldName) {
+		disabled := d.Get(deplDisableScheduledRootPasswordRotationFieldName).(bool)
+		if _, err := datac.UpdateDeploymentScheduledRootPasswordRotation(client.ctxWithToken, &data.UpdateDeploymentScheduledRootPasswordRotationRequest{
+			DeploymentId: depl.GetId(),
+			Enabled:      !disabled,
+		}); err != nil {
+			client.log.Error().Err(err).Msg("Failed to update scheduled root password rotation setting")
+			return err
+		}
+		depl.IsScheduledRootPasswordRotationEnabled = !disabled
+	}
+
 	return resourceDeploymentRead(d, m)
 }
 

pkg/resource_deployment_test.go

@@ -85,7 +85,8 @@ func TestFlattenDeploymentResource(t *testing.T) {
 		DiskAutoSizeSettings: &data.Deployment_DiskAutoSizeSettings{
 			MaximumNodeDiskSize: 40,
 		},
-		DiskPerformanceId: "dp-1",
+		DiskPerformanceId:                      "dp-1",
+		IsScheduledRootPasswordRotationEnabled: false,
 	}
 	flattened := flattenDeployment(depl)
 	expected := map[string]interface{}{
@@ -118,7 +119,8 @@ func TestFlattenDeploymentResource(t *testing.T) {
 				deplConfigurationMaximumNodeDiskSizeFieldName: 40,
 			},
 		},
-		deplDiskPerformanceFieldName: "dp-1",
+		deplDiskPerformanceFieldName:                      "dp-1",
+		deplDisableScheduledRootPasswordRotationFieldName: true,
 	}
 	assert.Equal(t, expected, flattened)
 }
@@ -141,6 +143,7 @@ func TestFlattenDeploymentResourceDisableFoxxAuth(t *testing.T) {
 			NodeCount:    3,
 			NodeDiskSize: 32,
 		},
+		IsScheduledRootPasswordRotationEnabled: true,
 	}
 	flattened := flattenDeployment(depl)
 	expected := map[string]interface{}{
@@ -172,7 +175,8 @@ func TestFlattenDeploymentResourceDisableFoxxAuth(t *testing.T) {
 				deplConfigurationNodeDiskSizeFieldName: 32,
 			},
 		},
-		deplDiskPerformanceFieldName: "", // Not set
+		deplDiskPerformanceFieldName:                      "", // Not set
+		deplDisableScheduledRootPasswordRotationFieldName: false,
 	}
 	assert.Equal(t, expected, flattened)
 }
@@ -198,6 +202,7 @@ func TestFlattenDeploymentResourceNotificationSettings(t *testing.T) {
 		NotificationSettings: &data.Deployment_NotificationSettings{
 			EmailAddresses: []string{"[email protected]"},
 		},
+		IsScheduledRootPasswordRotationEnabled: false,
 	}
 	flattened := flattenDeployment(depl)
 	expected := map[string]interface{}{
@@ -234,7 +239,8 @@ func TestFlattenDeploymentResourceNotificationSettings(t *testing.T) {
 				deplNotificationConfigurationEmailAddressesFieldName: []string{"[email protected]"},
 			},
 		},
-		deplDiskPerformanceFieldName: "",
+		deplDiskPerformanceFieldName:                      "",
+		deplDisableScheduledRootPasswordRotationFieldName: true,
 	}
 	assert.Equal(t, expected, flattened)
 }
@@ -260,7 +266,8 @@ func TestExpandingDeploymentResource(t *testing.T) {
 		DiskAutoSizeSettings: &data.Deployment_DiskAutoSizeSettings{
 			MaximumNodeDiskSize: 40,
 		},
-		DiskPerformanceId: "dp-2",
+		DiskPerformanceId:                      "dp-2",
+		IsScheduledRootPasswordRotationEnabled: true,
 	}
 	raw := map[string]interface{}{
 		deplProjectFieldName:     "123456789",
@@ -292,7 +299,8 @@ func TestExpandingDeploymentResource(t *testing.T) {
 				deplConfigurationMaximumNodeDiskSizeFieldName: 40,
 			},
 		},
-		deplDiskPerformanceFieldName: "dp-2",
+		deplDiskPerformanceFieldName:                      "dp-2",
+		deplDisableScheduledRootPasswordRotationFieldName: false,
 	}
 	s := resourceDeployment().Schema
 	resourceData := schema.TestResourceDataRaw(t, s, raw)
@@ -319,6 +327,7 @@ func TestExpandingDeploymentResourceDisableFoxxAuth(t *testing.T) {
 			NodeCount:    3,
 			NodeDiskSize: 32,
 		},
+		IsScheduledRootPasswordRotationEnabled: true,
 	}
 	raw := map[string]interface{}{
 		deplProjectFieldName:     "123456789",
@@ -349,6 +358,7 @@ func TestExpandingDeploymentResourceDisableFoxxAuth(t *testing.T) {
 				deplConfigurationNodeDiskSizeFieldName: 32,
 			},
 		},
+		deplDisableScheduledRootPasswordRotationFieldName: false,
 	}
 	s := resourceDeployment().Schema
 	resourceData := schema.TestResourceDataRaw(t, s, raw)
@@ -374,6 +384,7 @@ func TestExpandDeploymentOverrideProjectID(t *testing.T) {
 			NodeCount:    3,
 			NodeDiskSize: 32,
 		},
+		IsScheduledRootPasswordRotationEnabled: false,
 	}
 	raw := map[string]interface{}{
 		deplProjectFieldName:     "overrideid",
@@ -403,6 +414,7 @@ func TestExpandDeploymentOverrideProjectID(t *testing.T) {
 				deplConfigurationNodeDiskSizeFieldName: 32,
 			},
 		},
+		deplDisableScheduledRootPasswordRotationFieldName: true,
 	}
 	s := resourceDeployment().Schema
 	resourceData := schema.TestResourceDataRaw(t, s, raw)