feat: datasource castai_impersonation_service_account (#623)

* feat: castai_impersonation_service_account to use for secretless onboarding (currently only AKS)

* re generate sdk

---------

Co-authored-by: Furkhat Kasymov Genii Uulu <furkhat@cast.ai>
Co-authored-by: Daniel Voros <daniel.voros@cast.ai>

Author: 3 people

castai/data_source_impersonation_service_account.go

@@ -0,0 +1,55 @@
+package castai
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/castai/terraform-provider-castai/castai/sdk"
+)
+
+const (
+	FieldImpersonationServiceAccountId = "id"
+)
+
+func dataSourceImpersonationServiceAccount() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceImpersonationServiceAccountRead,
+		Description: "Retrieve impersonation service account ID for AKS clusters",
+		Schema: map[string]*schema.Schema{
+			FieldImpersonationServiceAccountId: {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "ID of the impersonation service account",
+			},
+		},
+	}
+}
+
+func dataSourceImpersonationServiceAccountRead(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*ProviderConfig).api
+
+	provider := "aks"
+	resp, err := client.ExternalClusterAPIImpersonationServiceAccountWithResponse(ctx,
+		sdk.ExternalclusterV1ImpersonationServiceAccountRequest{
+			Provider: &provider,
+		})
+	if err := sdk.CheckOKResponse(resp, err); err != nil {
+		return diag.FromErr(fmt.Errorf("retrieving impersonation service account: %w", err))
+	}
+
+	if resp.JSON200 == nil {
+		return diag.FromErr(fmt.Errorf("empty response received from impersonation service account API"))
+	}
+
+	if resp.JSON200.Id != nil {
+		data.SetId(*resp.JSON200.Id)
+		if err := data.Set(FieldImpersonationServiceAccountId, *resp.JSON200.Id); err != nil {
+			return diag.FromErr(fmt.Errorf("setting id: %w", err))
+		}
+	}
+
+	return nil
+}

castai/data_source_impersonation_service_account_test.go

@@ -0,0 +1,107 @@
+package castai
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"testing"
+
+	"github.com/golang/mock/gomock"
+	"github.com/hashicorp/go-cty/cty"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/stretchr/testify/require"
+
+	"github.com/castai/terraform-provider-castai/castai/sdk"
+	mock_sdk "github.com/castai/terraform-provider-castai/castai/sdk/mock"
+)
+
+func TestImpersonationServiceAccountDataSourceRead(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name           string
+		responseBody   string
+		statusCode     int
+		expectedID     string
+		expectedError  bool
+		errorContains  string
+	}{
+		{
+			name: "successful response with id and email",
+			responseBody: `{
+  "id": "test-service-account-id",
+  "email": "test@example.com"
+}`,
+			statusCode:    200,
+			expectedID:    "test-service-account-id",
+			expectedError: false,
+		},
+		{
+			name: "successful response with id only",
+			responseBody: `{
+  "id": "another-service-account-id"
+}`,
+			statusCode:    200,
+			expectedID:    "another-service-account-id",
+			expectedError: false,
+		},
+		{
+			name:          "api error response",
+			responseBody:  `{"message": "Internal server error"}`,
+			statusCode:    500,
+			expectedError: true,
+			errorContains: "retrieving impersonation service account",
+		},
+		{
+			name:          "unauthorized response",
+			responseBody:  `{"message": "Unauthorized"}`,
+			statusCode:    401,
+			expectedError: true,
+			errorContains: "retrieving impersonation service account",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := require.New(t)
+			mockClient := mock_sdk.NewMockClientInterface(gomock.NewController(t))
+
+			ctx := context.Background()
+			provider := &ProviderConfig{
+				api: &sdk.ClientWithResponses{
+					ClientInterface: mockClient,
+				},
+			}
+
+			body := io.NopCloser(bytes.NewReader([]byte(tt.responseBody)))
+
+			mockClient.EXPECT().
+				ExternalClusterAPIImpersonationServiceAccount(gomock.Any(), gomock.Any(), gomock.Any()).
+				Return(&http.Response{
+					StatusCode: tt.statusCode,
+					Body:       body,
+					Header:     map[string][]string{"Content-Type": {"json"}},
+				}, nil)
+
+			state := terraform.NewInstanceStateShimmedFromValue(cty.ObjectVal(map[string]cty.Value{}), 0)
+
+			resource := dataSourceImpersonationServiceAccount()
+			data := resource.Data(state)
+
+			result := resource.ReadContext(ctx, data, provider)
+
+			if tt.expectedError {
+				r.True(result.HasError())
+				if tt.errorContains != "" {
+					r.Contains(result[0].Summary, tt.errorContains)
+				}
+			} else {
+				r.Nil(result)
+				r.False(result.HasError())
+				r.Equal(tt.expectedID, data.Id())
+				r.Equal(tt.expectedID, data.Get(FieldImpersonationServiceAccountId))
+			}
+		})
+	}
+}

castai/provider.go

@@ -77,13 +77,14 @@ func Provider(version string) *schema.Provider {
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
-			"castai_eks_settings":                  dataSourceEKSSettings(),
-			"castai_gke_user_policies":             dataSourceGKEPolicies(),
-			"castai_organization":                  dataSourceOrganization(),
-			"castai_rebalancing_schedule":          dataSourceRebalancingSchedule(),
-			"castai_hibernation_schedule":          dataSourceHibernationSchedule(),
-			"castai_workload_scaling_policy_order": dataSourceWorkloadScalingPolicyOrder(),
-			"castai_cache_group":                   dataSourceCacheGroup(),
+			"castai_eks_settings":                   dataSourceEKSSettings(),
+			"castai_gke_user_policies":              dataSourceGKEPolicies(),
+			"castai_organization":                   dataSourceOrganization(),
+			"castai_rebalancing_schedule":           dataSourceRebalancingSchedule(),
+			"castai_hibernation_schedule":           dataSourceHibernationSchedule(),
+			"castai_workload_scaling_policy_order":  dataSourceWorkloadScalingPolicyOrder(),
+			"castai_cache_group":                    dataSourceCacheGroup(),
+			"castai_impersonation_service_account":  dataSourceImpersonationServiceAccount(),
 		},
 
 		ConfigureContextFunc: providerConfigure(version),