Merge pull request #145 from EduardoEspinozaPerez/feature/kong_consumer_oauth2

add kong_consumer_oauth2 resource

Author: kevholditch-f3

.gitignore

@@ -1,6 +1,7 @@
 *.dll
 *.exe
 .DS_Store
+.devcontainer
 example.tf
 terraform.tfplan
 terraform.tfstate

docs/resources/consumer_oauth2.md

@@ -0,0 +1,44 @@
+# kong_consumer_oauth2
+
+Resource that allows you to configure the OAuth2 plugin credentials for a consumer.
+
+## Example Usage
+
+```hcl
+resource "kong_consumer" "my_consumer" {
+  username  = "User1"
+  custom_id = "123"
+}
+
+resource "kong_plugin" "oauth2_plugin" {
+	name = "oauth2"
+	config_json = <<EOT
+	{
+		"global_credentials": true,
+		"enable_password_grant": true,
+		"token_expiration": 180,
+		"refresh_token_ttl": 180,
+		"provision_key": "testprovisionkey"
+	}
+EOT
+}
+
+resource "kong_consumer_oauth2" "consumer_oauth2" {
+	name          = "test_application"
+	consumer_id   = "${kong_consumer.my_consumer.id}"
+	client_id     = "client_id"
+	client_secret = "client_secret"
+	redirect_uris = ["https://asdf.com/callback", "https://test.cl/callback"]
+	tags          = ["myTag"]
+}
+```
+
+## Argument Reference
+
+* `name` - (Required) The name associated with the credential.
+* `consumer_id` - (Required) The id of the consumer to be configured with oauth2.
+* `client_id` - (Optional) Unique oauth2 client id. If not set, the oauth2 plugin will generate one
+* `client_secret` - (Optional) Unique oauth2 client secret. If not set, the oauth2 plugin will generate one
+* `hash_secret` - (Optional) A boolean flag that indicates whether the client_secret field will be stored in hashed form. If enabled on existing plugin instances, client secrets are hashed on the fly upon first usage. Default: `false`.
+* `redirect_uris` - (Required) An array with one or more URLs in your app where users will be sent after authorization ([RFC 6742 Section 3.1.2](https://tools.ietf.org/html/rfc6749#section-3.1.2)).
+* `tags` - (Optional) A list of strings associated with the consumer for grouping and filtering.

go.mod

@@ -11,13 +11,11 @@ require (
 	github.com/docker/cli v20.10.8+incompatible // indirect
 	github.com/docker/docker v20.10.8+incompatible // indirect
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.1
-	github.com/kong/go-kong v0.20.0
+	github.com/kong/go-kong v0.28.0
 	github.com/lib/pq v1.0.0
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/opencontainers/runc v1.0.1 // indirect
 	github.com/ory/dockertest/v3 v3.7.0
 	github.com/pkg/errors v0.9.1
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d // indirect
-	golang.org/x/sys v0.0.0-20210809203939-894668206c86 // indirect
 )

go.sum

@@ -72,6 +72,7 @@ func Provider() *schema.Provider {
 			"kong_consumer_acl":        resourceKongConsumerACL(),
 			"kong_consumer_basic_auth": resourceKongConsumerBasicAuth(),
 			"kong_consumer_key_auth":   resourceKongConsumerKeyAuth(),
+			"kong_consumer_oauth2":     resourceKongConsumerOAuth2(),
 			"kong_plugin":              resourceKongPlugin(),
 			"kong_upstream":            resourceKongUpstream(),
 			"kong_target":              resourceKongTarget(),

kong/provider.go

@@ -0,0 +1,176 @@
+package kong
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/kong/go-kong/kong"
+)
+
+func resourceKongConsumerOAuth2() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceKongConsumerOAuth2Create,
+		ReadContext:   resourceKongConsumerOAuth2Read,
+		DeleteContext: resourceKongConsumerOAuth2Delete,
+		UpdateContext: resourceKongConsumerOAuth2Update,
+		Schema: map[string]*schema.Schema{
+			"consumer_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: false,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: false,
+			},
+			"client_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: false,
+			},
+			"client_secret": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: false,
+			},
+			"hash_secret": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: false,
+				Default:  false,
+			},
+			"redirect_uris": {
+				Type:     schema.TypeList,
+				Required: true,
+				ForceNew: false,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"tags": {
+				Type:     schema.TypeList,
+				Optional: true,
+				ForceNew: false,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func resourceKongConsumerOAuth2Create(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	OAuth2CredentialRequest := &kong.Oauth2Credential{
+		Name:         readStringPtrFromResource(d, "name"),
+		ClientID:     readStringPtrFromResource(d, "client_id"),
+		ClientSecret: readStringPtrFromResource(d, "client_secret"),
+		HashSecret:   readBoolPtrFromResource(d, "hash_secret"),
+		RedirectURIs: readStringArrayPtrFromResource(d, "redirect_uris"),
+		Tags:         readStringArrayPtrFromResource(d, "tags"),
+	}
+
+	consumerId := kong.String(d.Get("consumer_id").(string))
+
+	client := meta.(*config).adminClient.Oauth2Credentials
+	oAuth2Credentials, err := client.Create(ctx, consumerId, OAuth2CredentialRequest)
+
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("failed to create oauth2 credentials: %v error: %v", OAuth2CredentialRequest, err))
+	}
+
+	d.SetId(buildConsumerPairID(*oAuth2Credentials.ID, *consumerId))
+
+	return resourceKongConsumerOAuth2Read(ctx, d, meta)
+}
+
+func resourceKongConsumerOAuth2Update(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	id, _ := splitConsumerID(d.Id())
+
+	OAuth2CredentialRequest := &kong.Oauth2Credential{
+		ID:           kong.String(id.ID),
+		Name:         readStringPtrFromResource(d, "name"),
+		ClientID:     readStringPtrFromResource(d, "client_id"),
+		ClientSecret: readStringPtrFromResource(d, "client_secret"),
+		HashSecret:   readBoolPtrFromResource(d, "hash_secret"),
+		RedirectURIs: readStringArrayPtrFromResource(d, "redirect_uris"),
+		Tags:         readStringArrayPtrFromResource(d, "tags"),
+	}
+
+	consumerId := kong.String(d.Get("consumer_id").(string))
+
+	client := meta.(*config).adminClient.Oauth2Credentials
+	_, err := client.Update(ctx, consumerId, OAuth2CredentialRequest)
+
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("error updating kong oauth2 credentials: %s", err))
+	}
+
+	return resourceKongConsumerOAuth2Read(ctx, d, meta)
+}
+
+func resourceKongConsumerOAuth2Read(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	id, err := splitConsumerID(d.Id())
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	client := meta.(*config).adminClient.Oauth2Credentials
+	oAuth2Credentials, err := client.Get(ctx, kong.String(id.ConsumerID), kong.String(id.ID))
+
+	if kong.IsNotFoundErr(err) {
+		d.SetId("")
+	} else if err != nil {
+		return diag.FromErr(fmt.Errorf("could not find kong oauth2 credentials with id: %s error: %v", id, err))
+	}
+
+	if oAuth2Credentials == nil {
+		d.SetId("")
+	} else {
+		err = d.Set("consumer_id", oAuth2Credentials.Consumer.ID)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		err = d.Set("name", oAuth2Credentials.Name)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		err = d.Set("client_id", oAuth2Credentials.ClientID)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		err = d.Set("client_secret", oAuth2Credentials.ClientSecret)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		err = d.Set("hash_secret", oAuth2Credentials.HashSecret)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		err = d.Set("redirect_uris", oAuth2Credentials.RedirectURIs)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		err = d.Set("tags", oAuth2Credentials.Tags)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	return diags
+}
+
+func resourceKongConsumerOAuth2Delete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	id, err := splitConsumerID(d.Id())
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	client := meta.(*config).adminClient.Oauth2Credentials
+	err = client.Delete(ctx, kong.String(id.ConsumerID), kong.String(id.ID))
+
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("could not delete kong oauth2 credentials: %v", err))
+	}
+
+	return diags
+}