feat: add OIDC configuration to containerRegistry

Signed-off-by: Thomas Coudert <[email protected]>

Author: thcdrt

ovh/data_cloud_project_capabilities_containerregistry_filter_test.go

@@ -11,7 +11,7 @@ import (
 func TestAccCloudProjectCapabilitiesContainerRegistryFilterDataSource_basic(t *testing.T) {
 	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
 	planName := "SMALL"
-	region := "GRA"
+	region := os.Getenv("OVH_CLOUD_PROJECT_CONTAINERREGISTRY_REGION_TEST")
 
 	config := fmt.Sprintf(
 		testAccCloudProjectCapabilitiesContainerRegistryFilterDatasourceConfig_Basic,
@@ -21,7 +21,7 @@ func TestAccCloudProjectCapabilitiesContainerRegistryFilterDataSource_basic(t *t
 	)
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheckCloud(t) },
+		PreCheck:  func() { testAccPreCheckContainerRegistry(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			{
@@ -30,7 +30,7 @@ func TestAccCloudProjectCapabilitiesContainerRegistryFilterDataSource_basic(t *t
 					resource.TestCheckResourceAttr(
 						"data.ovh_cloud_project_capabilities_containerregistry_filter.cap",
 						"region",
-						"GRA",
+						region,
 					),
 					resource.TestCheckResourceAttr(
 						"data.ovh_cloud_project_capabilities_containerregistry_filter.cap",

ovh/data_cloud_project_capabilities_containerregistry_test.go

@@ -16,7 +16,7 @@ func TestAccCloudProjectCapabilitiesContainerRegistryDataSource_basic(t *testing
 	)
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheckCloud(t) },
+		PreCheck:  func() { testAccPreCheckContainerRegistry(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			{

ovh/data_cloud_project_containerregistry_oidc.go

@@ -0,0 +1,98 @@
+package ovh
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceCloudProjectContainerRegistryOIDC() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceCloudProjectContainerRegistryOIDCRead,
+		Schema: map[string]*schema.Schema{
+			"service_name": {
+				Type:        schema.TypeString,
+				Description: "Service name",
+				Required:    true,
+				ForceNew:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OVH_CLOUD_PROJECT_SERVICE", nil),
+			},
+			"registry_id": {
+				Type:        schema.TypeString,
+				Description: "Registry ID",
+				Required:    true,
+				ForceNew:    true,
+			},
+			"oidc_name": {
+				Type:     schema.TypeString,
+				Required: false,
+				Optional: true,
+			},
+			"oidc_endpoint": {
+				Type:     schema.TypeString,
+				Required: false,
+				Optional: true,
+			},
+			"oidc_client_id": {
+				Type:     schema.TypeString,
+				Required: false,
+				Optional: true,
+			},
+			"oidc_scope": {
+				Type:     schema.TypeString,
+				Required: false,
+				Optional: true,
+			},
+			"oidc_groups_claim": {
+				Type:     schema.TypeString,
+				Required: false,
+				Optional: true,
+			},
+			"oidc_admin_group": {
+				Type:     schema.TypeString,
+				Required: false,
+				Optional: true,
+			},
+			"oidc_verify_cert": {
+				Type:     schema.TypeBool,
+				Required: false,
+				Optional: true,
+			},
+			"oidc_auto_onboard": {
+				Type:     schema.TypeBool,
+				Required: false,
+				Optional: true,
+			},
+			"oidc_user_claim": {
+				Type:     schema.TypeString,
+				Required: false,
+				Optional: true,
+			},
+		},
+	}
+}
+
+func dataSourceCloudProjectContainerRegistryOIDCRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	serviceName := d.Get("service_name").(string)
+	registryID := d.Get("registry_id").(string)
+
+	endpoint := fmt.Sprintf("/cloud/project/%s/containerRegistry/%s/openIdConnect", serviceName, registryID)
+	res := &CloudProjectContainerRegistryOIDCResponse{}
+
+	log.Printf("[DEBUG] Will read OIDC from registry %s and project: %s", registryID, serviceName)
+	err := config.OVHClient.Get(endpoint, res)
+	if err != nil {
+		return fmt.Errorf("calling get %s %w", endpoint, err)
+	}
+	for k, v := range res.ToMap() {
+		if k != "id" {
+			d.Set(k, v)
+		}
+	}
+	d.SetId(registryID + "-" + res.ClientID + "-" + res.Endpoint)
+
+	log.Printf("[DEBUG] Read OIDC %+v", res)
+	return nil
+}

ovh/data_cloud_project_containerregistry_oidc_test.go

@@ -0,0 +1,101 @@
+package ovh
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccCloudProjectContainerRegistryOIDCDataSource_basic(t *testing.T) {
+	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
+	region := os.Getenv("OVH_CLOUD_PROJECT_CONTAINERREGISTRY_REGION_TEST")
+	registryName := acctest.RandomWithPrefix(test_prefix)
+	oidcEndpoint := os.Getenv("OVH_CLOUD_PROJECT_CONTAINERREGISTRY_OIDC_ENDPOINT_TEST")
+
+	config := fmt.Sprintf(
+		testAccCloudProjectContainerRegistryOIDCDataSourceConfig,
+		serviceName,
+		region,
+		registryName,
+		oidcEndpoint,
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckContainerRegistryOIDC(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_name", "name"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_endpoint", oidcEndpoint),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_client_id", "clientID"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_scope", "openid,profile,email,offline_access"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_groups_claim", "groupsClaim"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_admin_group", "adminGroup"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_verify_cert", "true"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_auto_onboard", "true"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_oidc.oidcData", "oidc_user_claim", "userClaim"),
+				),
+			},
+		},
+	})
+}
+
+var testAccCloudProjectContainerRegistryOIDCDataSourceConfig = `
+data "ovh_cloud_project_capabilities_containerregistry_filter" "registryCap" {
+	service_name = "%s"
+    plan_name    = "SMALL"
+    region       = "%s"
+}
+
+resource "ovh_cloud_project_containerregistry" "registry" {
+	service_name = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.service_name
+    plan_id      = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.id
+	name         = "%s"
+    region       = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.region
+}
+
+resource "ovh_cloud_project_containerregistry_oidc" "oidc" {
+	service_name = ovh_cloud_project_containerregistry.registry.service_name
+	registry_id  = ovh_cloud_project_containerregistry.registry.id
+	
+	oidc_name = "name"
+	oidc_endpoint = "%s"
+	oidc_client_id = "clientID"
+	oidc_client_secret = "clientSecret"
+	oidc_scope = "openid,profile,email,offline_access"
+	oidc_groups_claim = "groupsClaim"
+	oidc_admin_group = "adminGroup"
+	oidc_verify_cert = "true"
+	oidc_auto_onboard = "true"
+	oidc_user_claim = "userClaim"
+
+	depends_on = [
+		ovh_cloud_project_containerregistry.registry
+	]
+}
+
+data "ovh_cloud_project_containerregistry_oidc" "oidcData" {
+    service_name = ovh_cloud_project_containerregistry.registry.service_name
+    registry_id = ovh_cloud_project_containerregistry.registry.id
+
+	depends_on = [
+		ovh_cloud_project_containerregistry_oidc.oidc
+	]
+}
+`

ovh/data_cloud_project_containerregistry_test.go

@@ -11,17 +11,17 @@ import (
 
 func TestAccCloudProjectContainerRegistryDataSource_basic(t *testing.T) {
 	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
-	regName := acctest.RandomWithPrefix(test_prefix)
-	region := "GRA"
+	registryName := acctest.RandomWithPrefix(test_prefix)
+	region := os.Getenv("OVH_CLOUD_PROJECT_CONTAINERREGISTRY_REGION_TEST")
 	config := fmt.Sprintf(
 		testAccCloudProjectContainerRegistryDatasourceConfig_Basic,
 		serviceName,
 		region,
-		regName,
+		registryName,
 	)
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheckCloud(t) },
+		PreCheck:  func() { testAccPreCheckContainerRegistry(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			{

ovh/data_cloud_project_containerregistry_users_test.go

@@ -11,17 +11,17 @@ import (
 
 func TestAccCloudProjectContainerRegistryUsersDataSource_basic(t *testing.T) {
 	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
-	regName := acctest.RandomWithPrefix(test_prefix)
-	region := "GRA"
+	registryName := acctest.RandomWithPrefix(test_prefix)
+	region := os.Getenv("OVH_CLOUD_PROJECT_CONTAINERREGISTRY_REGION_TEST")
 	config := fmt.Sprintf(
 		testAccCloudProjectContainerRegistryUsersDatasourceConfig_Basic,
 		serviceName,
 		region,
-		regName,
+		registryName,
 	)
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheckCloud(t) },
+		PreCheck:  func() { testAccPreCheckContainerRegistry(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			{

ovh/provider.go

@@ -51,6 +51,7 @@ func Provider() *schema.Provider {
 			"ovh_cloud_project_capabilities_containerregistry_filter": dataSourceCloudProjectCapabilitiesContainerRegistryFilter(),
 			"ovh_cloud_project_containerregistries":                   dataSourceCloudProjectContainerRegistries(),
 			"ovh_cloud_project_containerregistry":                     dataSourceCloudProjectContainerRegistry(),
+			"ovh_cloud_project_containerregistry_oidc":                dataSourceCloudProjectContainerRegistryOIDC(),
 			"ovh_cloud_project_containerregistry_users":               dataSourceCloudProjectContainerRegistryUsers(),
 			"ovh_cloud_project_database":                              dataSourceCloudProjectDatabase(),
 			"ovh_cloud_project_databases":                             dataSourceCloudProjectDatabases(),
@@ -142,6 +143,7 @@ func Provider() *schema.Provider {
 		ResourcesMap: map[string]*schema.Resource{
 			"ovh_cloud_project":                                           resourceCloudProject(),
 			"ovh_cloud_project_containerregistry":                         resourceCloudProjectContainerRegistry(),
+			"ovh_cloud_project_containerregistry_oidc":                    resourceCloudProjectContainerRegistryOIDC(),
 			"ovh_cloud_project_containerregistry_user":                    resourceCloudProjectContainerRegistryUser(),
 			"ovh_cloud_project_database":                                  resourceCloudProjectDatabase(),
 			"ovh_cloud_project_database_database":                         resourceCloudProjectDatabaseDatabase(),

ovh/provider_test.go

@@ -181,6 +181,21 @@ func testAccPreCheckCloud(t *testing.T) {
 	checkEnvOrSkip(t, "OVH_CLOUD_PROJECT_SERVICE_TEST")
 }
 
+// Checks that the environment variables needed for the /cloud/{cloudId}/containerregistry acceptance tests
+// are set.
+func testAccPreCheckContainerRegistry(t *testing.T) {
+	testAccPreCheckCloud(t)
+	testAccCheckCloudProjectExists(t)
+	checkEnvOrSkip(t, "OVH_CLOUD_PROJECT_CONTAINERREGISTRY_REGION_TEST")
+}
+
+// Checks that the environment variables needed for the /cloud/{cloudId}/containerregistry/{registryID}/openIdConnect acceptance tests
+// are set.
+func testAccPreCheckContainerRegistryOIDC(t *testing.T) {
+	testAccPreCheckContainerRegistry(t)
+	checkEnvOrSkip(t, "OVH_CLOUD_PROJECT_CONTAINERREGISTRY_OIDC_ENDPOINT_TEST")
+}
+
 // Checks that the environment variables needed for the /cloud/project/{projectId}/database/ acceptance tests are set.
 func testAccPreCheckCloudDatabase(t *testing.T) {
 	testAccPreCheckCloudDatabaseNoEngine(t)