feat: group_metadata get multiple metadata about NeuVector group me…

…mbers

Makefile

@@ -1,6 +1,6 @@
 # Provider metadata and versionning
 PROVIDER = neuvector
-VERSION = 0.4.2
+VERSION = 0.4.3
 RELEASE_VERSION ?= v$(VERSION)
 
 # Terraform metadata for installation

docs/data-sources/group_metadata.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "neuvector_group_metadata Data Source - terraform-provider-neuvector"
+subcategory: ""
+description: |-
+  
+---
+
+# neuvector_group_metadata (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "neuvector_group_metadata" "test" {
+  name = "nodes"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the gorup.
+
+### Read-Only
+
+- `container_ids` (Set of String) List of every container id in the group.
+- `id` (String) The ID of this resource.
+- `image_ids` (Set of String) List of every image id in the group.
+- `services` (Set of String) List of every service name in the group.
+
+

examples/data-sources/neuvector_group_metadata/data-source.tf

@@ -0,0 +1,3 @@
+data "neuvector_group_metadata" "test" {
+  name = "nodes"
+}

internal/provider/provider.go

@@ -59,7 +59,7 @@ func Provider() *schema.Provider {
 			"neuvector_registry_names": neuvector.DataSourceRegistryNames(),
 			"neuvector_policy_ids":     neuvector.DataSourcePolicyIDs(),
 			"neuvector_eula":           neuvector.DataSourceEULA(),
-			"neuvector_group_services": neuvector.DataSourceGroupServices(),
+			"neuvector_group_metadata":    neuvector.DataSourceGroupMetadata(),
 		},
 	}
 

internal/resources/neuvector/data_source_group_metadata.go

@@ -0,0 +1,140 @@
+// data_source_group_services.go
+package neuvector
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/go-uuid"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	goneuvector "github.com/theobori/go-neuvector/neuvector"
+	"github.com/theobori/go-neuvector/util"
+)
+
+var AllowedMetadata = []string{
+	"services",
+	"container_ids",
+	"image_ids",
+}
+
+var dataGroupMetadataSchema = map[string]*schema.Schema{
+	"services": {
+		Type:        schema.TypeSet,
+		Description: "List of every service name in the group.",
+		Computed:    true,
+		Elem:        &schema.Schema{Type: schema.TypeString},
+	},
+	"container_ids": {
+		Type:        schema.TypeSet,
+		Description: "List of every container id in the group.",
+		Computed:    true,
+		Elem:        &schema.Schema{Type: schema.TypeString},
+	},
+	"image_ids": {
+		Type:        schema.TypeSet,
+		Description: "List of every image id in the group.",
+		Computed:    true,
+		Elem:        &schema.Schema{Type: schema.TypeString},
+	},
+	"name": {
+		Type:        schema.TypeString,
+		Description: "The name of the gorup.",
+		Required:    true,
+	},
+}
+
+func DataSourceGroupMetadata() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceGroupMetadataRead,
+		Schema:      dataGroupMetadataSchema,
+	}
+}
+
+func getMemberFieldFromString(m *goneuvector.WorkloadBrief, s string) (string, error) {
+	var ret string
+
+	switch s {
+	case "services":
+		ret = m.Service
+	case "container_ids":
+		ret = m.ID
+	case "image_ids":
+		ret = m.ImageID
+	default:
+		return ret, fmt.Errorf("invalid key")
+	}
+
+	return ret, nil
+}
+
+func addGroupInfo(
+	infos *map[string][]string,
+	m *goneuvector.WorkloadBrief,
+	key string,
+) error {
+	value, err := getMemberFieldFromString(m, key)
+
+	if err != nil {
+		return err
+	}
+
+	exists, _ := util.ItemExists(
+		(*infos)[key],
+		value,
+	)
+
+	if exists {
+		return fmt.Errorf("already exists")
+	}
+
+	(*infos)[key] = append((*infos)[key], value)
+
+	return nil
+}
+
+func addGroupMetadata(
+	infos *map[string][]string,
+	m *goneuvector.WorkloadBrief,
+	keys ...string,
+) {
+	for _, key := range keys {
+		// We do not need to handle the error there
+		addGroupInfo(infos, m, key)
+	}
+}
+
+func dataSourceGroupMetadataRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	infos := map[string][]string{}
+
+	APIClient := meta.(*goneuvector.Client)
+
+	name := d.Get("name").(string)
+	group, err := APIClient.
+		WithContext(ctx).
+		GetGroup(name)
+
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	members := group.Group.Members
+
+	for _, m := range members {
+		addGroupMetadata(&infos, &m, AllowedMetadata...)
+	}
+
+	for k, v := range infos {
+		d.Set(k, v)
+	}
+
+	id, err := uuid.GenerateUUID()
+
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(id)
+
+	return nil
+}

internal/resources/neuvector/data_source_group_services_test.go → internal/resources/neuvector/data_source_group_metadata_test.go

@@ -7,15 +7,15 @@ import (
 	"github.com/theobori/terraform-provider-neuvector/internal/testutils"
 )
 
-func TestAccDataSourceGroupServices(t *testing.T) {
+func TestAccDataSourceGroupMetadata(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		ProviderFactories: testutils.ProviderFactories,
 		Steps: []resource.TestStep{
 			{
-				Config: testutils.TestAccExampleFile(t, "data-sources/neuvector_group_services/data-source.tf"),
+				Config: testutils.TestAccExampleFile(t, "data-sources/neuvector_group_metadata/data-source.tf"),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttrSet("data.neuvector_group_services.test", "name"),
-					resource.TestCheckResourceAttrSet("data.neuvector_group_services.test", "services.#"),
+					resource.TestCheckResourceAttrSet("data.neuvector_group_metadata.test", "name"),
+					resource.TestCheckResourceAttrSet("data.neuvector_group_metadata.test", "services.#"),
 				),
 			},
 		},

internal/resources/neuvector/resource_eula.go

@@ -75,7 +75,7 @@ func resourceEULARead(ctx context.Context, d *schema.ResourceData, meta any) dia
 	APIClient := meta.(*goneuvector.Client)
 
 	eula, err := APIClient.
-		WithContext(ctx).	
+		WithContext(ctx).
 		GetEULA()
 
 	if err != nil {
@@ -101,7 +101,7 @@ func resourceEULADelete(ctx context.Context, d *schema.ResourceData, meta any) d
 			goneuvector.EULA{
 				Accepted: !eula.Accepted,
 			},
-	)
+		)
 
 	if err != nil {
 		return diag.FromErr(err)

internal/resources/neuvector/resource_group.go

@@ -150,7 +150,7 @@ func resourceGroupDelete(ctx context.Context, d *schema.ResourceData, meta any)
 		WithContext(ctx).
 		DeleteGroup(
 			d.Get("name").(string),
-	)
+		)
 
 	if err != nil {
 		return diag.FromErr(err)

internal/resources/neuvector/resource_service.go

@@ -29,12 +29,12 @@ var resourceServiceSchema = map[string]*schema.Schema{
 	"policy_mode": {
 		Type:     schema.TypeString,
 		Optional: true,
-		Default: "Discover",
+		Default:  "Discover",
 	},
 	"baseline_profile": {
 		Type:     schema.TypeString,
 		Optional: true,
-		Default: "zero-drift",
+		Default:  "zero-drift",
 	},
 	"not_scored": {
 		Type:     schema.TypeBool,

internal/resources/neuvector/resource_user_role.go

@@ -106,7 +106,7 @@ func resourceUserRoleUpdate(ctx context.Context, d *schema.ResourceData, meta an
 	if d.HasChange("name") {
 		return diag.Errorf("You are not allowed to change the role name.")
 	}
-	
+
 	APIClient := meta.(*goneuvector.Client)
 
 	body := readUserRole(d)

internal/resources/neuvector/resource_user_role_test.go

@@ -19,9 +19,9 @@ func TestAccResourceUserRole(t *testing.T) {
 				),
 			},
 			{
-				ResourceName:            "neuvector_user_role.test",
-				ImportState:             true,
-				ImportStateVerify:       true,
+				ResourceName:      "neuvector_user_role.test",
+				ImportState:       true,
+				ImportStateVerify: true,
 			},
 		},
 	})