Introduced resource dynatrace_policy_boundary (#645)

* Implemented `dynatrace_iam_policy_boundary` and added it to `dynatrace_iam_policy_bindings_v2` as attribute

* added documentation

* removed unnecessary code

* Added dependency for `iam_policy_bindings_v2` to `iam_policy_boundary`

* Excluded resource from default export

Author: Reinhard-Pilz-Dynatrace

dynatrace/api/iam/boundaries/service.go

@@ -0,0 +1,183 @@
+package boundaries
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api"
+	"github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/iam"
+	boundaries "github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/iam/boundaries/settings"
+	"github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/settings"
+)
+
+func Service(credentials *settings.Credentials) settings.CRUDService[*boundaries.PolicyBoundary] {
+	return &BoundaryServiceClient{
+		clientID:     credentials.IAM.ClientID,
+		accountID:    credentials.IAM.AccountID,
+		clientSecret: credentials.IAM.ClientSecret,
+		tokenURL:     credentials.IAM.TokenURL,
+		endpointURL:  credentials.IAM.EndpointURL,
+	}
+}
+
+type BoundaryServiceClient struct {
+	clientID     string
+	accountID    string
+	clientSecret string
+	tokenURL     string
+	endpointURL  string
+}
+
+func (me *BoundaryServiceClient) ClientID() string {
+	return me.clientID
+}
+
+func (me *BoundaryServiceClient) AccountID() string {
+	return me.accountID
+}
+
+func (me *BoundaryServiceClient) ClientSecret() string {
+	return me.clientSecret
+}
+
+func (me *BoundaryServiceClient) TokenURL() string {
+	return me.tokenURL
+}
+
+func (me *BoundaryServiceClient) EndpointURL() string {
+	return me.endpointURL
+}
+
+func (me *BoundaryServiceClient) List(ctx context.Context) (api.Stubs, error) {
+	var err error
+	var responseBytes []byte
+
+	client := iam.NewIAMClient(me)
+
+	if responseBytes, err = client.GET(ctx, fmt.Sprintf("%s/iam/v1/repo/account/%s/boundaries", me.endpointURL, strings.TrimPrefix(me.AccountID(), "urn:dtaccount:")), 200, false); err != nil {
+		return nil, err
+	}
+
+	var response ListPolicyBoundariesResponse
+	if err = json.Unmarshal(responseBytes, &response); err != nil {
+		return nil, err
+	}
+	if len(response.PolicyBoundaries) == 0 {
+		return api.Stubs{}, nil
+	}
+	stubs := api.Stubs{}
+	for _, boundary := range response.PolicyBoundaries {
+		stubs = append(stubs, &api.Stub{ID: boundary.UUID, Name: boundary.Name})
+	}
+	return stubs, nil
+}
+
+func (me *BoundaryServiceClient) Get(ctx context.Context, id string, v *boundaries.PolicyBoundary) error {
+	var err error
+	var responseBytes []byte
+
+	client := iam.NewIAMClient(me)
+
+	if responseBytes, err = client.GET(ctx, fmt.Sprintf("%s/iam/v1/repo/account/%s/boundaries/%s", me.endpointURL, strings.TrimPrefix(me.AccountID(), "urn:dtaccount:"), id), 200, false); err != nil {
+		return err
+	}
+
+	if err = json.Unmarshal(responseBytes, v); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (me *BoundaryServiceClient) SchemaID() string {
+	return "accounts:iam:boundaries"
+}
+
+func (me *BoundaryServiceClient) Create(ctx context.Context, v *boundaries.PolicyBoundary) (*api.Stub, error) {
+	var err error
+	var responseBytes []byte
+
+	client := iam.NewIAMClient(me)
+
+	if responseBytes, err = client.POST(
+		ctx,
+		fmt.Sprintf("%s/iam/v1/repo/account/%s/boundaries", me.endpointURL, strings.TrimPrefix(me.AccountID(), "urn:dtaccount:")),
+		v,
+		201,
+		false,
+	); err != nil {
+		return nil, err
+	}
+
+	response := struct {
+		UUID string `json:"uuid"`
+		Name string `json:"name"`
+	}{}
+
+	if err = json.Unmarshal(responseBytes, &response); err != nil {
+		return nil, err
+	}
+
+	return &api.Stub{ID: response.UUID, Name: response.Name}, nil
+}
+
+func (me *BoundaryServiceClient) Update(ctx context.Context, id string, v *boundaries.PolicyBoundary) error {
+	var err error
+	var responseBytes []byte
+
+	client := iam.NewIAMClient(me)
+
+	if responseBytes, err = client.PUT(
+		ctx,
+		fmt.Sprintf("%s/iam/v1/repo/account/%s/boundaries/%s", me.endpointURL, strings.TrimPrefix(me.AccountID(), "urn:dtaccount:"), id),
+		v,
+		201,
+		false,
+	); err != nil {
+		return err
+	}
+
+	response := struct {
+		UUID string `json:"uuid"`
+		Name string `json:"name"`
+	}{}
+
+	if err = json.Unmarshal(responseBytes, &response); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (me *BoundaryServiceClient) Delete(ctx context.Context, id string) error {
+	var err error
+
+	client := iam.NewIAMClient(me)
+
+	if _, err = client.DELETE(
+		ctx,
+		fmt.Sprintf("%s/iam/v1/repo/account/%s/boundaries/%s", me.endpointURL, strings.TrimPrefix(me.AccountID(), "urn:dtaccount:"), id),
+		204,
+		false,
+	); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+type PolicyBoundary struct {
+	UUID      string `json:"uuid"`
+	LevelType string `json:"levelType"`
+	LevelID   string `json:"levelId"`
+	Name      string `json:"name"`
+	Query     string `json:"boundaryQuery"`
+}
+
+type ListPolicyBoundariesResponse struct {
+	PageSize         int              `json:"pageSize"`
+	PageNumber       int              `json:"pageNumber"`
+	TotalCount       int              `json:"totalCount"`
+	PolicyBoundaries []PolicyBoundary `json:"content"`
+}

dynatrace/api/iam/boundaries/settings/policy_boundary.go

@@ -0,0 +1,41 @@
+package boundaries
+
+import (
+	"github.com/dynatrace-oss/terraform-provider-dynatrace/terraform/hcl"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+type PolicyBoundary struct {
+	Name  string `json:"name"`
+	Query string `json:"boundaryQuery"`
+}
+
+func (me *PolicyBoundary) Schema() map[string]*schema.Schema {
+	return map[string]*schema.Schema{
+		"name": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The name of the policy",
+		},
+		"query": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The boundary query",
+		},
+	}
+}
+
+func (me *PolicyBoundary) MarshalHCL(properties hcl.Properties) error {
+	return properties.EncodeAll(map[string]any{
+		"name":  me.Name,
+		"query": me.Query,
+	})
+}
+
+func (me *PolicyBoundary) UnmarshalHCL(decoder hcl.Decoder) error {
+	return decoder.DecodeAll(map[string]any{
+		"name":  &me.Name,
+		"query": &me.Query,
+	})
+}

dynatrace/api/iam/v2bindings/service.go

@@ -98,6 +98,7 @@ type BindingsResponse struct {
 		GroupUUIDs []string          `json:"groups"`
 		Parameters map[string]string `json:"parameters"`
 		Metadata   map[string]string `json:"metadata"`
+		Boundaries []string          `json:"boundaries"`
 	} `json:"policyBindings"`
 }
 
@@ -166,6 +167,9 @@ func (me *BindingServiceClient) resolvePolicies(ctx context.Context, uuid string
 				policy.Metadata[key] = value
 			}
 		}
+		if len(policyBinding.Boundaries) > 0 {
+			policy.Boundaries = append([]string{}, policyBinding.Boundaries...)
+		}
 		results = append(results, policy)
 	}
 	return results, nil
@@ -192,9 +196,11 @@ func (me *BindingServiceClient) Update(ctx context.Context, id string, v *bindin
 		payload := struct {
 			Parameters map[string]string `json:"parameters"`
 			Metadata   map[string]string `json:"metadata"`
+			Boundaries []string          `json:"boundaries"`
 		}{
 			Parameters: policy.Parameters,
 			Metadata:   policy.Metadata,
+			Boundaries: policy.Boundaries,
 		}
 		retries := 0
 		for retries < 10 {

dynatrace/api/iam/v2bindings/settings/policy.go

@@ -11,6 +11,7 @@ type Policy struct {
 	ID         string
 	Parameters map[string]string
 	Metadata   map[string]string
+	Boundaries []string
 }
 
 func (me *Policy) Schema() map[string]*schema.Schema {
@@ -30,6 +31,11 @@ func (me *Policy) Schema() map[string]*schema.Schema {
 			Optional: true,
 			Elem:     &schema.Schema{Type: schema.TypeString},
 		},
+		"boundaries": {
+			Type:     schema.TypeSet,
+			Optional: true,
+			Elem:     &schema.Schema{Type: schema.TypeString},
+		},
 	}
 }
 
@@ -43,6 +49,9 @@ func (me *Policy) MarshalHCL(properties hcl.Properties) error {
 	if err := properties.Encode("metadata", me.Metadata); err != nil {
 		return err
 	}
+	if err := properties.Encode("boundaries", me.Boundaries); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -56,5 +65,8 @@ func (me *Policy) UnmarshalHCL(decoder hcl.Decoder) error {
 	if err := decoder.Decode("metadata", &me.Metadata); err != nil {
 		return err
 	}
+	if err := decoder.Decode("boundaries", &me.Boundaries); err != nil {
+		return err
+	}
 	return nil
 }

dynatrace/export/enums.go

@@ -235,6 +235,7 @@ var ResourceTypes = struct {
 	IAMPolicy                           ResourceType
 	IAMPolicyBindings                   ResourceType
 	IAMPolicyBindingsV2                 ResourceType
+	IAMPolicyBoundary                   ResourceType
 	ProcessGroupAnomalies               ResourceType
 	DDUPool                             ResourceType
 	ProcessGroupAlerting                ResourceType
@@ -571,6 +572,7 @@ var ResourceTypes = struct {
 	"dynatrace_iam_policy",
 	"dynatrace_iam_policy_bindings",
 	"dynatrace_iam_policy_bindings_v2",
+	"dynatrace_iam_policy_boundary",
 	"dynatrace_pg_anomalies",
 	"dynatrace_ddu_pool",
 	"dynatrace_pg_alerting",

dynatrace/export/resource_descriptor.go

@@ -291,6 +291,7 @@ import (
 	directshares "github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/documents/directshares"
 	documents "github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/documents/document"
 	"github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/iam/bindings"
+	"github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/iam/boundaries"
 	"github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/iam/groups"
 	"github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/iam/permissions"
 	"github.com/dynatrace-oss/terraform-provider-dynatrace/dynatrace/api/iam/policies"
@@ -776,9 +777,11 @@ var AllResources = map[ResourceType]ResourceDescriptor{
 		v2bindings.Service,
 		Dependencies.ID(ResourceTypes.IAMGroup),
 		Dependencies.ID(ResourceTypes.IAMPolicy),
+		Dependencies.ID(ResourceTypes.IAMPolicyBoundary),
 		Dependencies.GlobalPolicy,
 	),
-	ResourceTypes.DDUPool: NewResourceDescriptor(ddupool.Service),
+	ResourceTypes.IAMPolicyBoundary: NewResourceDescriptor(boundaries.Service),
+	ResourceTypes.DDUPool:           NewResourceDescriptor(ddupool.Service),
 	ResourceTypes.ProcessGroupAnomalies: NewResourceDescriptor(
 		pg_anomalies.Service,
 		Coalesce(Dependencies.ProcessGroup),
@@ -1488,6 +1491,7 @@ var excludeListedResourceGroups = []ResourceExclusionGroup{
 			{ResourceTypes.IAMPolicy, ""},
 			{ResourceTypes.IAMPolicyBindings, ""},
 			{ResourceTypes.IAMPolicyBindingsV2, ""},
+			{ResourceTypes.IAMPolicyBoundary, ""},
 		},
 	},
 	{

provider/provider.go

@@ -341,6 +341,7 @@ func Provider() *schema.Provider {
 			"dynatrace_iam_policy":                          resources.NewGeneric(export.ResourceTypes.IAMPolicy, resources.CredValIAM).Resource(),
 			"dynatrace_iam_policy_bindings":                 resources.NewGeneric(export.ResourceTypes.IAMPolicyBindings, resources.CredValIAM).Resource(),
 			"dynatrace_iam_policy_bindings_v2":              resources.NewGeneric(export.ResourceTypes.IAMPolicyBindingsV2, resources.CredValIAM).Resource(),
+			"dynatrace_iam_policy_boundary":                 resources.NewGeneric(export.ResourceTypes.IAMPolicyBoundary, resources.CredValIAM).Resource(),
 			"dynatrace_api_token":                           apitokens.Resource(),
 			"dynatrace_custom_tags":                         customtags.Resource(),
 			"dynatrace_pg_anomalies":                        resources.NewGeneric(export.ResourceTypes.ProcessGroupAnomalies).Resource(),