diff --git a/citrixadc/provider.go b/citrixadc/provider.go index dcc297b9..6e690b90 100644 --- a/citrixadc/provider.go +++ b/citrixadc/provider.go @@ -864,6 +864,8 @@ func providerResources() map[string]*schema.Resource { "citrixadc_gslbservicegroup_gslbservicegroupmember_binding": resourceCitrixAdcGslbservicegroup_gslbservicegroupmember_binding(), "citrixadc_gslbvserver_lbpolicy_binding": resourceCitrixAdcGslbvserver_lbpolicy_binding(), "citrixadc_lbvserver_lbpolicy_binding": resourceCitrixAdcLbvserver_lbpolicy_binding(), + "citrixadc_systemgroup_systemcmdpolicy_binding": resourceCitrixAdcSystemgroup_systemcmdpolicy_binding(), + "citrixadc_systemgroup_systemuser_binding": resourceCitrixAdcSystemgroup_systemuser_binding(), "citrixadc_sslprofile_ecccurve_binding": resourceCitrixAdcSslprofile_ecccurve_binding(), "citrixadc_systemuser_systemcmdpolicy_binding": resourceCitrixAdcSystemuser_systemcmdpolicy_binding(), } diff --git a/citrixadc/resource_citrixadc_systemgroup.go b/citrixadc/resource_citrixadc_systemgroup.go index cca1d4f3..689c6078 100644 --- a/citrixadc/resource_citrixadc_systemgroup.go +++ b/citrixadc/resource_citrixadc_systemgroup.go @@ -93,14 +93,20 @@ func createSystemgroupFunc(d *schema.ResourceData, meta interface{}) error { d.SetId(systemgroupName) - err = updateSystemgroupCmdpolicyBindings(d, meta) - if err != nil { - return err + // Ignore bindings unless there is an explicit configuration for it + if _, ok := d.GetOk("cmdpolicybinding"); ok { + err = updateSystemgroupCmdpolicyBindings(d, meta) + if err != nil { + return err + } } - err = updateSystemgroupSystemuserBindings(d, meta) - if err != nil { - return err + // Ignore bindings unless there is an explicit configuration for it + if _, ok := d.GetOk("systemusers"); ok { + err = updateSystemgroupSystemuserBindings(d, meta) + if err != nil { + return err + } } err = readSystemgroupFunc(d, meta) @@ -122,15 +128,18 @@ func readSystemgroupFunc(d *schema.ResourceData, meta interface{}) error { d.SetId("") return nil } - - err = readSystemgroupCmdpolicybindings(d, meta) - if err != nil { - return err + if _, ok := d.GetOk("cmdpolicybinding"); ok { + err = readSystemgroupCmdpolicybindings(d, meta) + if err != nil { + return err + } } - err = readSystemgroupSystemuserbindings(d, meta) - if err != nil { - return err + if _, ok := d.GetOk("systemusers"); ok { + err = readSystemgroupSystemuserbindings(d, meta) + if err != nil { + return err + } } d.Set("name", data["name"]) diff --git a/citrixadc/resource_citrixadc_systemgroup_systemcmdpolicy_binding.go b/citrixadc/resource_citrixadc_systemgroup_systemcmdpolicy_binding.go new file mode 100644 index 00000000..13b167f8 --- /dev/null +++ b/citrixadc/resource_citrixadc_systemgroup_systemcmdpolicy_binding.go @@ -0,0 +1,152 @@ +package citrixadc + +import ( + "net/url" + + "github.com/citrix/adc-nitro-go/resource/config/system" + "github.com/citrix/adc-nitro-go/service" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + + "fmt" + "log" + "strings" +) + +func resourceCitrixAdcSystemgroup_systemcmdpolicy_binding() *schema.Resource { + return &schema.Resource{ + SchemaVersion: 1, + Create: createSystemgroup_systemcmdpolicy_bindingFunc, + Read: readSystemgroup_systemcmdpolicy_bindingFunc, + Delete: deleteSystemgroup_systemcmdpolicy_bindingFunc, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "groupname": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "policyname": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "priority": { + Type: schema.TypeInt, + Required: true, + ForceNew: true, + }, + }, + } +} + +func createSystemgroup_systemcmdpolicy_bindingFunc(d *schema.ResourceData, meta interface{}) error { + log.Printf("[DEBUG] citrixadc-provider: In createSystemgroup_systemcmdpolicy_bindingFunc") + client := meta.(*NetScalerNitroClient).client + groupname := d.Get("groupname") + policyname := d.Get("policyname") + bindingId := fmt.Sprintf("%s,%s", groupname, policyname) + systemgroup_systemcmdpolicy_binding := system.Systemgroupsystemcmdpolicybinding{ + Groupname: d.Get("groupname").(string), + Policyname: d.Get("policyname").(string), + Priority: d.Get("priority").(int), + } + + _, err := client.AddResource(service.Systemgroup_systemcmdpolicy_binding.Type(), bindingId, &systemgroup_systemcmdpolicy_binding) + if err != nil { + return err + } + + d.SetId(bindingId) + + err = readSystemgroup_systemcmdpolicy_bindingFunc(d, meta) + if err != nil { + log.Printf("[ERROR] netscaler-provider: ?? we just created this systemgroup_systemcmdpolicy_binding but we can't read it ?? %s", bindingId) + return nil + } + return nil +} + +func readSystemgroup_systemcmdpolicy_bindingFunc(d *schema.ResourceData, meta interface{}) error { + log.Printf("[DEBUG] citrixadc-provider: In readSystemgroup_systemcmdpolicy_bindingFunc") + client := meta.(*NetScalerNitroClient).client + bindingId := d.Id() + idSlice := strings.SplitN(bindingId, ",", 2) + + groupname := idSlice[0] + policyname := idSlice[1] + + log.Printf("[DEBUG] citrixadc-provider: Reading systemgroup_systemcmdpolicy_binding state %s", bindingId) + + findParams := service.FindParams{ + ResourceType: "systemgroup_systemcmdpolicy_binding", + ResourceName: groupname, + ResourceMissingErrorCode: 258, + } + dataArr, err := client.FindResourceArrayWithParams(findParams) + + // Unexpected error + if err != nil { + log.Printf("[DEBUG] citrixadc-provider: Error during FindResourceArrayWithParams %s", err.Error()) + return err + } + + // Resource is missing + if len(dataArr) == 0 { + log.Printf("[DEBUG] citrixadc-provider: FindResourceArrayWithParams returned empty array") + log.Printf("[WARN] citrixadc-provider: Clearing systemgroup_systemcmdpolicy_binding state %s", bindingId) + d.SetId("") + return nil + } + + // Iterate through results to find the one with the right id + foundIndex := -1 + for i, v := range dataArr { + if v["policyname"].(string) == policyname { + foundIndex = i + break + } + } + + // Resource is missing + if foundIndex == -1 { + log.Printf("[DEBUG] citrixadc-provider: FindResourceArrayWithParams secondIdComponent not found in array") + log.Printf("[WARN] citrixadc-provider: Clearing systemgroup_systemcmdpolicy_binding state %s", bindingId) + d.SetId("") + return nil + } + // Fallthrough + + data := dataArr[foundIndex] + + d.Set("groupname", data["groupname"]) + d.Set("policyname", data["policyname"]) + setToInt("priority", d, data["priority"]) + + return nil + +} + +func deleteSystemgroup_systemcmdpolicy_bindingFunc(d *schema.ResourceData, meta interface{}) error { + log.Printf("[DEBUG] citrixadc-provider: In deleteSystemgroup_systemcmdpolicy_bindingFunc") + client := meta.(*NetScalerNitroClient).client + + bindingId := d.Id() + idSlice := strings.SplitN(bindingId, ",", 2) + + name := idSlice[0] + policyname := idSlice[1] + + args := make([]string, 0) + args = append(args, fmt.Sprintf("policyname:%s", url.QueryEscape(policyname))) + + err := client.DeleteResourceWithArgs(service.Systemgroup_systemcmdpolicy_binding.Type(), name, args) + if err != nil { + return err + } + + d.SetId("") + + return nil +} diff --git a/citrixadc/resource_citrixadc_systemgroup_systemcmdpolicy_binding_test.go b/citrixadc/resource_citrixadc_systemgroup_systemcmdpolicy_binding_test.go new file mode 100644 index 00000000..89d46b45 --- /dev/null +++ b/citrixadc/resource_citrixadc_systemgroup_systemcmdpolicy_binding_test.go @@ -0,0 +1,203 @@ +/* +Copyright 2016 Citrix Systems, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package citrixadc + +import ( + "fmt" + "github.com/citrix/adc-nitro-go/service" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "strings" + "testing" +) + +const testAccSystemgroup_systemcmdpolicy_binding_basic = ` + + resource "citrixadc_systemgroup" "tf_systemgroup" { + groupname = "tf_systemgroup" + timeout = 999 + promptstring = "bye>" + } + + resource "citrixadc_systemcmdpolicy" "tf_policy" { + policyname = "tf_policy" + action = "DENY" + cmdspec = "add.*" + } + + resource "citrixadc_systemgroup_systemcmdpolicy_binding" "tf_bind" { + groupname = citrixadc_systemgroup.tf_systemgroup.groupname + policyname = citrixadc_systemcmdpolicy.tf_policy.policyname + priority = 100 + } +` + +const testAccSystemgroup_systemcmdpolicy_binding_basic_step2 = ` + # Keep the above bound resources without the actual binding to check proper deletion + resource "citrixadc_systemgroup" "tf_systemgroup" { + groupname = "tf_systemgroup" + timeout = 999 + promptstring = "bye>" + } + + resource "citrixadc_systemcmdpolicy" "tf_policy" { + policyname = "tf_policy" + action = "DENY" + cmdspec = "add.*" + } +` + +func TestAccSystemgroup_systemcmdpolicy_binding_basic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckSystemgroup_systemcmdpolicy_bindingDestroy, + Steps: []resource.TestStep{ + { + Config: testAccSystemgroup_systemcmdpolicy_binding_basic, + Check: resource.ComposeTestCheckFunc( + testAccCheckSystemgroup_systemcmdpolicy_bindingExist("citrixadc_systemgroup_systemcmdpolicy_binding.tf_bind", nil), + ), + }, + { + Config: testAccSystemgroup_systemcmdpolicy_binding_basic_step2, + Check: resource.ComposeTestCheckFunc( + testAccCheckSystemgroup_systemcmdpolicy_bindingNotExist("citrixadc_systemgroup_systemcmdpolicy_binding.tf_bind", "tf_systemgroup,tf_policy"), + ), + }, + }, + }) +} + +func testAccCheckSystemgroup_systemcmdpolicy_bindingExist(n string, id *string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No systemgroup_systemcmdpolicy_binding id is set") + } + + if id != nil { + if *id != "" && *id != rs.Primary.ID { + return fmt.Errorf("Resource ID has changed!") + } + + *id = rs.Primary.ID + } + + client := testAccProvider.Meta().(*NetScalerNitroClient).client + + bindingId := rs.Primary.ID + + idSlice := strings.SplitN(bindingId, ",", 2) + + groupname := idSlice[0] + policyname := idSlice[1] + + findParams := service.FindParams{ + ResourceType: "systemgroup_systemcmdpolicy_binding", + ResourceName: groupname, + ResourceMissingErrorCode: 258, + } + dataArr, err := client.FindResourceArrayWithParams(findParams) + + // Unexpected error + if err != nil { + return err + } + + // Iterate through results to find the one with the matching secondIdComponent + found := false + for _, v := range dataArr { + if v["policyname"].(string) == policyname { + found = true + break + } + } + + if !found { + return fmt.Errorf("systemgroup_systemcmdpolicy_binding %s not found", n) + } + + return nil + } +} + +func testAccCheckSystemgroup_systemcmdpolicy_bindingNotExist(n string, id string) resource.TestCheckFunc { + return func(s *terraform.State) error { + client := testAccProvider.Meta().(*NetScalerNitroClient).client + + if !strings.Contains(id, ",") { + return fmt.Errorf("Invalid id string %v. The id string must contain a comma.", id) + } + idSlice := strings.SplitN(id, ",", 2) + + groupname := idSlice[0] + policyname := idSlice[1] + + findParams := service.FindParams{ + ResourceType: "systemgroup_systemcmdpolicy_binding", + ResourceName: groupname, + ResourceMissingErrorCode: 258, + } + dataArr, err := client.FindResourceArrayWithParams(findParams) + + // Unexpected error + if err != nil { + return err + } + + // Iterate through results to hopefully not find the one with the matching secondIdComponent + found := false + for _, v := range dataArr { + if v["policyname"].(string) == policyname { + found = true + break + } + } + + if found { + return fmt.Errorf("systemgroup_systemcmdpolicy_binding %s was found, but it should have been destroyed", n) + } + + return nil + } +} + +func testAccCheckSystemgroup_systemcmdpolicy_bindingDestroy(s *terraform.State) error { + nsClient := testAccProvider.Meta().(*NetScalerNitroClient).client + + for _, rs := range s.RootModule().Resources { + if rs.Type != "citrixadc_systemgroup_systemcmdpolicy_binding" { + continue + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No name is set") + } + + _, err := nsClient.FindResource(service.Systemgroup_systemcmdpolicy_binding.Type(), rs.Primary.ID) + if err == nil { + return fmt.Errorf("systemgroup_systemcmdpolicy_binding %s still exists", rs.Primary.ID) + } + + } + + return nil +} diff --git a/citrixadc/resource_citrixadc_systemgroup_systemuser_binding.go b/citrixadc/resource_citrixadc_systemgroup_systemuser_binding.go new file mode 100644 index 00000000..8f913b62 --- /dev/null +++ b/citrixadc/resource_citrixadc_systemgroup_systemuser_binding.go @@ -0,0 +1,145 @@ +package citrixadc + +import ( + "net/url" + + "github.com/citrix/adc-nitro-go/resource/config/system" + "github.com/citrix/adc-nitro-go/service" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + + "fmt" + "log" + "strings" +) + +func resourceCitrixAdcSystemgroup_systemuser_binding() *schema.Resource { + return &schema.Resource{ + SchemaVersion: 1, + Create: createSystemgroup_systemuser_bindingFunc, + Read: readSystemgroup_systemuser_bindingFunc, + Delete: deleteSystemgroup_systemuser_bindingFunc, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "groupname": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "username": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func createSystemgroup_systemuser_bindingFunc(d *schema.ResourceData, meta interface{}) error { + log.Printf("[DEBUG] citrixadc-provider: In createSystemgroup_systemuser_bindingFunc") + client := meta.(*NetScalerNitroClient).client + groupname := d.Get("groupname") + username := d.Get("username") + bindingId := fmt.Sprintf("%s,%s", groupname, username) + systemgroup_systemuser_binding := system.Systemgroupsystemuserbinding{ + Groupname: d.Get("groupname").(string), + Username: d.Get("username").(string), + } + + _, err := client.AddResource(service.Systemgroup_systemuser_binding.Type(), bindingId, &systemgroup_systemuser_binding) + if err != nil { + return err + } + + d.SetId(bindingId) + + err = readSystemgroup_systemuser_bindingFunc(d, meta) + if err != nil { + log.Printf("[ERROR] netscaler-provider: ?? we just created this systemgroup_systemuser_binding but we can't read it ?? %s", bindingId) + return nil + } + return nil +} + +func readSystemgroup_systemuser_bindingFunc(d *schema.ResourceData, meta interface{}) error { + log.Printf("[DEBUG] citrixadc-provider: In readSystemgroup_systemuser_bindingFunc") + client := meta.(*NetScalerNitroClient).client + bindingId := d.Id() + idSlice := strings.SplitN(bindingId, ",", 2) + + groupname := idSlice[0] + username := idSlice[1] + + log.Printf("[DEBUG] citrixadc-provider: Reading systemgroup_systemuser_binding state %s", bindingId) + + findParams := service.FindParams{ + ResourceType: "systemgroup_systemuser_binding", + ResourceName: groupname, + ResourceMissingErrorCode: 258, + } + dataArr, err := client.FindResourceArrayWithParams(findParams) + + // Unexpected error + if err != nil { + log.Printf("[DEBUG] citrixadc-provider: Error during FindResourceArrayWithParams %s", err.Error()) + return err + } + + // Resource is missing + if len(dataArr) == 0 { + log.Printf("[DEBUG] citrixadc-provider: FindResourceArrayWithParams returned empty array") + log.Printf("[WARN] citrixadc-provider: Clearing systemgroup_systemuser_binding state %s", bindingId) + d.SetId("") + return nil + } + + // Iterate through results to find the one with the right id + foundIndex := -1 + for i, v := range dataArr { + if v["username"].(string) == username { + foundIndex = i + break + } + } + + // Resource is missing + if foundIndex == -1 { + log.Printf("[DEBUG] citrixadc-provider: FindResourceArrayWithParams secondIdComponent not found in array") + log.Printf("[WARN] citrixadc-provider: Clearing systemgroup_systemuser_binding state %s", bindingId) + d.SetId("") + return nil + } + // Fallthrough + + data := dataArr[foundIndex] + + d.Set("groupname", data["groupname"]) + d.Set("username", data["username"]) + + return nil + +} + +func deleteSystemgroup_systemuser_bindingFunc(d *schema.ResourceData, meta interface{}) error { + log.Printf("[DEBUG] citrixadc-provider: In deleteSystemgroup_systemuser_bindingFunc") + client := meta.(*NetScalerNitroClient).client + + bindingId := d.Id() + idSlice := strings.SplitN(bindingId, ",", 2) + + name := idSlice[0] + username := idSlice[1] + + args := make([]string, 0) + args = append(args, fmt.Sprintf("username:%s", url.QueryEscape(username))) + + err := client.DeleteResourceWithArgs(service.Systemgroup_systemuser_binding.Type(), name, args) + if err != nil { + return err + } + + d.SetId("") + + return nil +} diff --git a/citrixadc/resource_citrixadc_systemgroup_systemuser_binding_test.go b/citrixadc/resource_citrixadc_systemgroup_systemuser_binding_test.go new file mode 100644 index 00000000..6c0b2789 --- /dev/null +++ b/citrixadc/resource_citrixadc_systemgroup_systemuser_binding_test.go @@ -0,0 +1,204 @@ +/* +Copyright 2016 Citrix Systems, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package citrixadc + +import ( + "fmt" + "github.com/citrix/adc-nitro-go/service" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "strings" + "testing" +) + +const testAccSystemgroup_systemuser_binding_basic = ` + + resource "citrixadc_systemgroup" "tf_systemgroup" { + groupname = "tf_systemgroup" + timeout = 999 + promptstring = "bye>" + } + + resource "citrixadc_systemuser" "tf_user" { + username = "tf_user" + password = "tf_password" + timeout = 200 + } + + resource "citrixadc_systemgroup_systemuser_binding" "tf_bind" { + groupname = citrixadc_systemgroup.tf_systemgroup.groupname + username = citrixadc_systemuser.tf_user.username + } +` + +const testAccSystemgroup_systemuser_binding_basic_step2 = ` + # Keep the above bound resources without the actual binding to check proper deletion + + resource "citrixadc_systemgroup" "tf_systemgroup" { + groupname = "tf_systemgroup" + timeout = 999 + promptstring = "bye>" + } + + resource "citrixadc_systemuser" "tf_user" { + username = "tf_user" + password = "tf_password" + timeout = 200 + } + +` + +func TestAccSystemgroup_systemuser_binding_basic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckSystemgroup_systemuser_bindingDestroy, + Steps: []resource.TestStep{ + { + Config: testAccSystemgroup_systemuser_binding_basic, + Check: resource.ComposeTestCheckFunc( + testAccCheckSystemgroup_systemuser_bindingExist("citrixadc_systemgroup_systemuser_binding.tf_bind", nil), + ), + }, + { + Config: testAccSystemgroup_systemuser_binding_basic_step2, + Check: resource.ComposeTestCheckFunc( + testAccCheckSystemgroup_systemuser_bindingNotExist("citrixadc_systemgroup_systemuser_binding.tf_bind", "tf_systemgroup,tf_user"), + ), + }, + }, + }) +} + +func testAccCheckSystemgroup_systemuser_bindingExist(n string, id *string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No systemgroup_systemuser_binding id is set") + } + + if id != nil { + if *id != "" && *id != rs.Primary.ID { + return fmt.Errorf("Resource ID has changed!") + } + + *id = rs.Primary.ID + } + + client := testAccProvider.Meta().(*NetScalerNitroClient).client + + bindingId := rs.Primary.ID + + idSlice := strings.SplitN(bindingId, ",", 2) + + groupname := idSlice[0] + username := idSlice[1] + + findParams := service.FindParams{ + ResourceType: "systemgroup_systemuser_binding", + ResourceName: groupname, + ResourceMissingErrorCode: 258, + } + dataArr, err := client.FindResourceArrayWithParams(findParams) + + // Unexpected error + if err != nil { + return err + } + + // Iterate through results to find the one with the matching secondIdComponent + found := false + for _, v := range dataArr { + if v["username"].(string) == username { + found = true + break + } + } + + if !found { + return fmt.Errorf("systemgroup_systemuser_binding %s not found", n) + } + + return nil + } +} + +func testAccCheckSystemgroup_systemuser_bindingNotExist(n string, id string) resource.TestCheckFunc { + return func(s *terraform.State) error { + client := testAccProvider.Meta().(*NetScalerNitroClient).client + + if !strings.Contains(id, ",") { + return fmt.Errorf("Invalid id string %v. The id string must contain a comma.", id) + } + idSlice := strings.SplitN(id, ",", 2) + + groupname := idSlice[0] + username := idSlice[1] + + findParams := service.FindParams{ + ResourceType: "systemgroup_systemuser_binding", + ResourceName: groupname, + ResourceMissingErrorCode: 258, + } + dataArr, err := client.FindResourceArrayWithParams(findParams) + + // Unexpected error + if err != nil { + return err + } + + // Iterate through results to hopefully not find the one with the matching secondIdComponent + found := false + for _, v := range dataArr { + if v["username"].(string) == username { + found = true + break + } + } + + if found { + return fmt.Errorf("systemgroup_systemuser_binding %s was found, but it should have been destroyed", n) + } + + return nil + } +} + +func testAccCheckSystemgroup_systemuser_bindingDestroy(s *terraform.State) error { + nsClient := testAccProvider.Meta().(*NetScalerNitroClient).client + + for _, rs := range s.RootModule().Resources { + if rs.Type != "citrixadc_systemgroup_systemuser_binding" { + continue + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No name is set") + } + + _, err := nsClient.FindResource(service.Systemgroup_systemuser_binding.Type(), rs.Primary.ID) + if err == nil { + return fmt.Errorf("systemgroup_systemuser_binding %s still exists", rs.Primary.ID) + } + + } + + return nil +} diff --git a/docs/resources/systemgroup.md b/docs/resources/systemgroup.md index 693c034c..65c3016c 100644 --- a/docs/resources/systemgroup.md +++ b/docs/resources/systemgroup.md @@ -11,24 +11,9 @@ The systemgroup resource is used to create user groups. ```hcl resource "citrixadc_systemgroup" "tf_systemgroup" { - groupname = "tf_systemgroup" - timeout = 999 - promptstring = "bye>" - - cmdpolicybinding { - policyname = "superuser" - priority = 100 - } - - cmdpolicybinding { - policyname = "network" - priority = 200 - } - - systemusers = [ - "user1", - "user2", - ] + groupname = "tf_systemgroup" + timeout = 999 + promptstring = "bye>" } ``` @@ -41,8 +26,16 @@ resource "citrixadc_systemgroup" "tf_systemgroup" { * `allowedmanagementinterface` - (Optional) Allowed Management interfaces of the system users in the group. By default allowed from both API and CLI interfaces. If management interface for a group is set to API, then all users under this group will not allowed to access NS through CLI. GUI interface will come under API interface. Default value: NS_INTERFACE_ALL Possible values = CLI, API -* `systemusers` - (Optional) A set of user names to bind to this group. -* `cmdpolicybinding` - (Optional) A set of command policies to bing to this group. Attributes are detailed below +* `systemusers` - (Optional) A set of user names to bind to this group. (deprecates soon) + +!> +[**DEPRECATED**] Please use [`systemgroup_systemuser_binding`](https://registry.terraform.io/providers/citrix/citrixadc/latest/docs/resources/systemgroup_systemuser_binding) to bind `systemuser` to `systemgroup` insted of this resource. The support for binding `systemuser` to `systemgroup` in this resource will get deprecated soon. + + +* `cmdpolicybinding` - (Optional) A set of command policies to bing to this group. Attributes are detailed below (deprecates soon) + +!> +[**DEPRECATED**] Please use [`systemgroup_systemcmdpolicy_binding`](https://registry.terraform.io/providers/citrix/citrixadc/latest/docs/resources/systemgroup_systemcmdpolicy_binding) to bind `systemcmdpolicy` to `systemgroup` insted of this resource. The support for binding `systemcmdpolicy` to `systemgroup` in this resource will get deprecated soon. In a command policy block the following attributes are allowed: diff --git a/docs/resources/systemgroup_systemcmdpolicy_binding.md b/docs/resources/systemgroup_systemcmdpolicy_binding.md new file mode 100644 index 00000000..052a9dde --- /dev/null +++ b/docs/resources/systemgroup_systemcmdpolicy_binding.md @@ -0,0 +1,55 @@ +--- +subcategory: "System" +--- + +# Resource: systemgroup_systemcmdpolicy_binding + +The systemgroup_systemcmdpolicy_binding resource is used to bind systemcmdpolicy to systemgroup. + +~> If you are using this resource to bind `systemcmdpolicy` to a `systemgroup`, do not define the `cmdpolicybinding` attribute in the systemgroup resource. + + +## Example usage + +```hcl +resource "citrixadc_systemgroup" "tf_systemgroup" { + groupname = "tf_systemgroup" + timeout = 999 + promptstring = "bye>" +} + +resource "citrixadc_systemcmdpolicy" "tf_policy" { + policyname = "tf_policy" + action = "DENY" + cmdspec = "add.*" +} + +resource "citrixadc_systemgroup_systemcmdpolicy_binding" "tf_bind" { + groupname = citrixadc_systemgroup.tf_systemgroup.groupname + policyname = citrixadc_systemcmdpolicy.tf_policy.policyname + priority = 100 +} +``` + + +## Argument Reference + +* `policyname` - (Required) The name of command policy. +* `priority` - (Required) The priority of the command policy. +* `groupname` - (Required) Name of the system group. Minimum length = 1 + + +## Attribute Reference + +In addition to the arguments, the following attributes are available: + +* `id` - The id of the systemgroup_systemcmdpolicy_binding. It is the concatenation of the `groupname` and `policyname` attributes separated by a comma. + + +## Import + +A systemgroup_systemcmdpolicy_binding can be imported using its id, e.g. + +```shell +terraform import citrixadc_systemgroup_systemcmdpolicy_binding.tf_bind tf_systemgroup,tf_policy +``` diff --git a/docs/resources/systemgroup_systemuser_binding.md b/docs/resources/systemgroup_systemuser_binding.md new file mode 100644 index 00000000..c8500e39 --- /dev/null +++ b/docs/resources/systemgroup_systemuser_binding.md @@ -0,0 +1,54 @@ +--- +subcategory: "System" +--- + +# Resource: systemgroup_systemuser_binding + +The systemgroup_systemuser_binding resource is used to bind systemuser to systemgroup. + +~> If you are using this resource to bind `systemuser` to a `systemgroup`, do not define the `systemusers` attribute in the systemgroup resource. + + +## Example usage + +```hcl +resource "citrixadc_systemgroup" "tf_systemgroup" { + groupname = "tf_systemgroup" + timeout = 999 + promptstring = "bye>" +} + +resource "citrixadc_systemuser" "tf_user" { + username = "tf_user" + password = "tf_password" + timeout = 200 +} + +resource "citrixadc_systemgroup_systemuser_binding" "tf_bind" { + groupname = citrixadc_systemgroup.tf_systemgroup.groupname + username = citrixadc_systemuser.tf_user.username +} + +``` + + +## Argument Reference + +* `username` - (Required) The system user. +* `groupname` - (Required) Name of the system group. Minimum length = 1 + + +## Attribute Reference + +In addition to the arguments, the following attributes are available: + +* `id` - The id of the systemgroup_systemuser_binding. It is the concatenation of the `groupname` and `username` attributes separated by a comma. + + +## Import + +A systemgroup_systemuser_binding can be imported using its id, e.g. + +```shell +terraform import citrixadc_systemgroup_systemuser_binding.tf_bind tf_systemgroup,tf_user +```