Merge pull request #40 from IvanOfThings/feat/roles-and-users

feat/roles and users

Author: givorra-ls

.github/workflows/test.yml

@@ -66,7 +66,9 @@ jobs:
     services:
       clickhouse:
         image: clickhouse/clickhouse-server
-                      
+
+        env:
+          CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: 1
         ports:
           - 8123:8123
           - 9090:9000

docs/resources/role.md

@@ -0,0 +1,31 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "clickhouse_role Resource - terraform-provider-clickhouse"
+subcategory: ""
+description: |-
+  Resource to manage Clickhouse roles
+---
+
+# clickhouse_role (Resource)
+
+Resource to manage Clickhouse roles
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `database` (String) Database where to grant permissions to the user
+- `name` (String) Role name
+
+### Optional
+
+- `privileges` (Set of String) Granted privileges to the role. Privileges will be granted at DB level
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/user.md

@@ -0,0 +1,31 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "clickhouse_user Resource - terraform-provider-clickhouse"
+subcategory: ""
+description: |-
+  Resource to manage Clickhouse users
+---
+
+# clickhouse_user (Resource)
+
+Resource to manage Clickhouse users
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) User name
+- `password` (String) User password
+
+### Optional
+
+- `roles` (Set of String) User role
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

examples/resources/clickhouse_db/main.tf

@@ -23,7 +23,7 @@ resource "clickhouse_db" "test_db" {
 // see: https://github.com/Altinity/clickhouse-operator/blob/master/docs/replication_setup.md
 resource "clickhouse_db" "test_db_clusterd" {
   name    = "clustered_test_database"
-  comment = "This is a culstered test database"
+  comment = "This is a clustered test database"
   cluster = "'{cluster}'"
 }
 

examples/resources/clickhouse_role/main.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    clickhouse = {
+      version = "2.0.0"
+      source  = "hashicorp.com/ivanofthings/clickhouse"
+    }
+  }
+}
+
+provider "clickhouse" {
+  port = 8123
+}
+
+resource "clickhouse_db" "awesome_database" {
+  name    = "awesome_database"
+  comment = "This is an awesome database"
+}
+
+resource "clickhouse_role" "awesome_role" {
+  name       = "awesome_role"
+  database   = clickhouse_db.awesome_database.name
+  privileges = ["INSERT"]
+}
+
+

examples/resources/clickhouse_user/main.tf

@@ -0,0 +1,37 @@
+terraform {
+  required_providers {
+    clickhouse = {
+      version = "2.0.0"
+      source  = "hashicorp.com/ivanofthings/clickhouse"
+    }
+  }
+}
+
+provider "clickhouse" {
+  port = 8123
+}
+
+resource "clickhouse_db" "awesome_database" {
+  name    = "awesome_database"
+  comment = "This is an awesome database"
+}
+
+resource "clickhouse_role" "awesome_role_1" {
+  name       = "awesome_role_1"
+  database   = clickhouse_db.awesome_database.name
+  privileges = ["SELECT"]
+}
+
+resource "clickhouse_role" "awesome_role_2" {
+  name       = "awesome_role_2"
+  database   = clickhouse_db.awesome_database.name
+  privileges = ["INSERT"]
+}
+
+resource "clickhouse_user" "awesome_user" {
+  name     = "awesome_user"
+  password = "awesome_user_password"
+  roles    = [clickhouse_role.awesome_role_1.name, clickhouse_role.awesome_role_2.name]
+}
+
+

pkg/common/utils.go

@@ -3,6 +3,7 @@ package common
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"strconv"
 	"strings"
 
@@ -78,3 +79,28 @@ func GetClusterStatement(cluster string, defaultCluster string) (clusterStatemen
 	}
 	return clusterStatement, clusterToUse
 }
+
+// Quote all strings on a string slice
+func Quote(elems []string) []string {
+	var quotedElems []string
+	for _, elem := range elems {
+		quotedElems = append(quotedElems, fmt.Sprintf("%q", elem))
+	}
+	return quotedElems
+}
+
+func StringSetToList(set *schema.Set) []string {
+	var list []string
+	for _, item := range set.List() {
+		list = append(list, item.(string))
+	}
+	return list
+}
+
+func StringListToSet(list []string) *schema.Set {
+	var set []interface{}
+	for _, item := range list {
+		set = append(set, item)
+	}
+	return schema.NewSet(schema.HashString, set)
+}

pkg/provider/provider.go

@@ -4,12 +4,15 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/IvanOfThings/terraform-provider-clickhouse/pkg/resources/db"
+	"github.com/IvanOfThings/terraform-provider-clickhouse/pkg/resources/role"
+	"github.com/IvanOfThings/terraform-provider-clickhouse/pkg/resources/table"
+	"github.com/IvanOfThings/terraform-provider-clickhouse/pkg/resources/user"
 	"net/url"
 	"os"
 
 	"github.com/IvanOfThings/terraform-provider-clickhouse/pkg/common"
 	"github.com/IvanOfThings/terraform-provider-clickhouse/pkg/datasources"
-	"github.com/IvanOfThings/terraform-provider-clickhouse/pkg/resources"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/joho/godotenv"
@@ -84,13 +87,14 @@ func New(version string) func() *schema.Provider {
 				"clickhouse_dbs": datasources.DataSourceDbs(),
 			},
 			ResourcesMap: map[string]*schema.Resource{
-				"clickhouse_db":    resources.ResourceDb(),
-				"clickhouse_table": resources.ResourceTable(),
+				"clickhouse_db":    resourcedb.ResourceDb(),
+				"clickhouse_table": resourcetable.ResourceTable(),
+				"clickhouse_role":  resourcerole.ResourceRole(),
+				"clickhouse_user":  resourceuser.ResourceUser(),
 			},
+			ConfigureContextFunc: configure(),
 		}
 
-		p.ConfigureContextFunc = configure(version, p)
-
 		return p
 	}
 }
@@ -105,7 +109,7 @@ func getEnvVar(envVarName string) (any, error) {
 
 }
 
-func configure(version string, p *schema.Provider) func(context.Context, *schema.ResourceData) (any, diag.Diagnostics) {
+func configure() func(context.Context, *schema.ResourceData) (any, diag.Diagnostics) {
 	return func(ctx context.Context, d *schema.ResourceData) (any, diag.Diagnostics) {
 
 		clickhouseUrl := d.Get("host").(string)

pkg/resources/resource_db.go renamed to pkg/resources/db/resource_db.go

@@ -1,4 +1,4 @@
-package resources
+package resourcedb
 
 import (
 	"context"

pkg/resources/resource_db_acceptance_test.go renamed to pkg/resources/db/resource_db_acceptance_test.go

@@ -1,4 +1,4 @@
-package resources_test
+package resourcedb_test
 
 import (
 	"fmt"

pkg/resources/role/model.go

@@ -0,0 +1,46 @@
+package resourcerole
+
+import (
+	"fmt"
+	"github.com/IvanOfThings/terraform-provider-clickhouse/pkg/common"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+type CHGrant struct {
+	RoleName   string
+	AccessType string
+	Database   string
+}
+
+type CHRole struct {
+	Name       string
+	Privileges []CHGrant
+}
+
+type RoleResource struct {
+	Name       string
+	Database   string
+	Privileges *schema.Set
+}
+
+func (r *CHRole) ToRoleResource() (*RoleResource, error) {
+	var database string
+	var privileges []string
+	for i := 0; i < len(r.Privileges); i++ {
+		if database != "" && r.Privileges[i].Database != "" && r.Privileges[i].Database != database {
+			return nil, fmt.Errorf("role %s has privileges on different databases", r.Name)
+		}
+		database = r.Privileges[i].Database
+		privileges = append(privileges, r.Privileges[i].AccessType)
+	}
+
+	return &RoleResource{Name: r.Name, Database: database, Privileges: common.StringListToSet(privileges)}, nil
+}
+
+func (r *CHRole) GetPrivilegesList() []string {
+	var privileges []string
+	for _, privilege := range r.Privileges {
+		privileges = append(privileges, privilege.AccessType)
+	}
+	return privileges
+}