Add http source resource (#33)

* chore: format updates

* chore: update dependencies

* chore: add http source full example

* feat: add generated code and http resource

* feat: add http model and refactor client code

* chore: use correct model in client and remove id

* chore: remove json tags

* fix: use id from state to call update and restore id

* chore: fix update, use integration id only

* chore: use id instead of integration_id

* chore: use authorized client and consolidate model, generic url and backwards compatibility

* chore: update README, docs and add acc test for httpsource resource

* fix: use state from unknown, default values, update state on read, acceptance test

* chore: override schema with defaults instead of setting defaults before call

* feat: add import state functionality

* chore: update go.mod and readme

* chore: update go version in gh actions

* lint

* remove redundant examples and add to examples README

* fix links in readme

* chore: put back example files to generate docs

* update readme

* cleanup and change provider address

* chore: fixes from PR comments

* fix: add terraform install action

* fix: restore s3 minor changes

* chore: update id field name and remove redundant json tag

* chore: fix readme, return value instead of pointer and error message

* feat: use new openapi spec to update provider spec and model

* update model, resource and test

* update docs

* update examples and fix bearer issue with Read

* minor update to README

* remove url util func

* remove redundant install terraform step

.github/workflows/go.yml

@@ -17,7 +17,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a
       with:
-        go-version: 1.19
+        go-version: 1.23
 
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v3.1.2

README.md

@@ -9,7 +9,7 @@ _This template repository is built on the [Terraform Plugin Framework](https://g
 ## Requirements
 
 - [Terraform](https://www.terraform.io/downloads.html) >= 1.0
-- [Go](https://golang.org/doc/install) >= 1.19
+- [Go](https://golang.org/doc/install) >= 1.23
 
 ## Building The Provider
 
@@ -35,7 +35,8 @@ go mod tidy
 
 ## Usage
 
-Use the examples directory as a guide for setting up the provider.
+Use the examples directory and the corresponding [README.md](./examples/README.md) as a guide on setting up the provider
+and trying out terraform command to create/update/delete resources.
 
 ## Developing the Provider
 
@@ -45,38 +46,78 @@ To compile the provider, run `go install`. This will build the provider and put
 
 To generate or update documentation, run `go generate`.
 
+### Code generation
+
+Starting with the `httpsource` resource, the resource scaffolding and schema are generated using the terraform
+[framework code generator](https://developer.hashicorp.com/terraform/plugin/code-generation/framework-generator)
+and the [openapi generator](https://developer.hashicorp.com/terraform/plugin/code-generation/openapi-generator)
+plugins. In order to update or create new resources, you need to install both these plugins as described in the links.
+
+### Creating a new resource
+
+In order to create a new resource in the Panther provider, it must already exist in the Panther REST API and provide
+CRUD REST methods. The following steps are required to create a new resource:
+
+1. Scaffold a new resource by running the following command:
+```
+   tfplugingen-framework scaffold resource \
+   --name {resource_name}} \
+   --output-dir ./internal/provider
+```
+2. Update the `generator_config.yml` file with the paths of the REST methods for the new resource.
+3. Get the latest Panther OpenAPI schema locally and run the following command to update the `provider-code-specs.json`
+specification file:
+```
+tfplugingen-openapi generate \
+  --config ./generator_config.yml \
+  --output ./provider-code-spec.json \
+    {path_to_openapi_yml}
+```
+4. Run the following command to populate the resource model/schema:
+```
+tfplugingen-framework generate resources \
+  --input ./provider-code-spec.json \
+  --output ./internal/provider
+```
+5. Implement the CRUD methods in the resource file under `internal/provider/{resource_name}_resource.go` as is done for
+the `httpsource` resource. If creating a new resource that requires `Resource Import` functionality, you have to implement
+the `ImportState` method in the resource file, as is done for the `httpsource` resource.
+
+### Updating an existing resource
+
+In order to update an existing resource, e.g. because of a schema change or to add new attributes, perform the following
+steps:
+
+1. Make sure the `generator_config.yml` file is up to date. This has to be changed only for updates to existing 
+REST endpoints/resources.
+2. Follow steps `3` and `4` from the `Creating a new resource` section.
+
+### Code generation limitations
+
+The code generation tools currently do not cover all the functionality we need. For this reason, setting the defaults for
+optional values and setting the `UseStateForUnknownn` value for the `id` in the schema is done manually in the resource
+`Schema` method. Additionally, as mentioned above, there is no support for importing the state of a resource, so the
+`ImportState` method has to be implemented manually.
+
+### Testing
+
+```shell
 In order to run the full suite of Acceptance tests, run `make testacc`.
 
 *Note:* Acceptance tests create real resources and may cost money to run.
 
 ```shell
-PANTHER_API_URL=<Panther GraphQL URL> \
-PANTHER_API_TOKEN=<Panther GraphQL API Token> \
+PANTHER_API_URL=<Panther environment URL> \
+PANTHER_API_TOKEN=<Panther API Token> \
 make testacc
 ```
 
-There are also complete examples under the `examples` directory. If you want to try out the provider as you are building
-it, you can add a `.terraformrc` file in your home dir which contains the following:
-```hcl
-provider_installation {
-  dev_overrides {
-    "panther-labs/panther" = "{PATH}"
-  }
-  direct {}
-}
-```
-where `PATH` is the path that your go binaries are. This will either be your `GOBIN` var if it's set, or `{GOPATH}/bin`.
+In order to manually test the provider refer to the [Usage](#usage) section above.
 
-Then you can normally run terraform commands to create the resources, like
-```shell
-terraform plan -var="var1=value1" -var="var2=value2" ...
-```
-or by adding variables to a temporary `.tfvars` file and running:
-```shell
-terraform plan -var-file="your-file.tfvars"
-```
-As this will create actual resources in your dev environment, make sure to run 
-```shell
-terraform destroy ...
-```
-when you are done with testing, so no lingering resources are left.
+### Import limitations
+
+The http source resource contains sensitive values for `auth_password`, `auth_secret_value`, and `auth_bearer_token` which cannot be read after
+being created. For this reason, make sure to avoid updating these in the console as they cannot be reflected to the state of the resource
+in Terraform. This applies to importing the state of the resource as well from an existing resource. If updating these values
+from the console or importing an existing resource, you will need to run `terraform apply` with the appropriate values to reflect
+the changes in the state of the resource.

docs/resources/httpsource.md

@@ -0,0 +1,33 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "panther_httpsource Resource - terraform-provider-panther"
+subcategory: ""
+description: |-
+  
+---
+
+# panther_httpsource (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `auth_method` (String) The authentication method of the http source
+- `integration_label` (String) The integration label (name)
+- `log_stream_type` (String) The log stream type
+- `log_types` (List of String) The log types of the integration
+
+### Optional
+
+- `auth_bearer_token` (String) The authentication bearer token value of the http source. Used for Bearer auth method
+- `auth_header_key` (String) The authentication header key of the http source. Used for HMAC and SharedSecret auth methods
+- `auth_hmac_alg` (String) The authentication algorithm of the http source. Used for HMAC auth method
+- `auth_password` (String) The authentication header password of the http source. Used for Basic auth method
+- `auth_secret_value` (String) The authentication header secret value of the http source. Used for HMAC and SharedSecret auth methods
+- `auth_username` (String) The authentication header username of the http source. Used for Basic auth method
+- `id` (String) ID of the http source to fetch

examples/README.md

@@ -1,8 +1,64 @@
 # Examples
 
-This directory contains examples that are mostly used for documentation, but can also be run/tested manually via the Terraform CLI.
+This directory contains examples that can be used to practically try out or test the provider and the resources it contains.
+These are included under `full-examples`.
+Additionally, it contains some basic example files which are also used for generating some basic documentation for the 
+provider and its resources using `go generate`, which can be found in the `provider` and `resources` directories. 
 
-The document generation tool looks for files in the following locations by default. All other *.tf files besides the ones mentioned below are ignored by the documentation tool. This is useful for creating examples that can run and/or ar testable even if some parts are not relevant for the documentation.
+### Full examples
+
+In order to run the full examples and try out the provider you have to:
+
+1. Build the provider as described in the main [README.md](../README.md)
+2. Add a `.terraformrc` file in your home dir which contains the following:
+```hcl
+provider_installation {
+  dev_overrides {
+    "panther-labs/panther" = "{PATH}"
+  }
+  direct {}
+}
+```
+where `PATH` is the path that your go binaries are located. This will either be your `GOBIN` var if it's set, or `{GOPATH}/bin`.
+3. Navigate to the example directory you want to try out under `full-examples/{resource_type}`. The examples are set up so that a `variables.tf` file is created which
+includes the provider level variables you need to run terraform commands (`token`, `url`). The easiest way to use these
+examples is to create a `*.tfvars` file to get the values for these variables, like in the example below:
+```terraform
+token             = "{your_token}"
+url               = "{your_url}"
+integration_label = "test-label"
+log_stream_type   = "Auto"
+log_types = ["AWS.CloudFrontAccess"]
+auth_method       = "SharedSecret"
+auth_header_key   = "x-api-key"
+auth_secret_value = "test-secret"
+```
+That way you can run terraform commands like
+```shell
+terraform plan -var-file="your-file.tfvars"
+```
+and
+```shell
+terraform apply -var-file="your-file.tfvars"
+```
+or alternatively you can provide the variables directly in the command line:
+```shell
+terraform plan -var="var1=value1" -var="var2=value2" ...
+```
+
+This will create actual resources in your dev environment, so make sure to run
+```shell
+terraform destroy -var-file="your-file.tfvars"
+```
+when you are done with testing, so no lingering resources are left.
+
+Don't forget to remove the `.terraformrc` file when you are done testing and if you plan to use the released provider version. 
+
+### Basic examples and docs generation
+
+The document generation tool looks for files in the following locations by default. All other *.tf files besides the ones mentioned
+below are ignored by the documentation tool. This is useful for creating examples that can run and/or ar testable even 
+if some parts are not relevant for the documentation.
 
 * **provider/provider.tf** example file for the provider index page
 * **data-sources/`full data source name`/data-source.tf** example file for the named data source page

examples/full-examples/http-log-source/http-log-source.tf

@@ -0,0 +1,8 @@
+resource "panther_httpsource" "example_http_source" {
+  integration_label = var.integration_label
+  log_stream_type   = var.log_stream_type
+  log_types         = var.log_types
+  auth_method       = var.auth_method
+  auth_header_key   = var.auth_header_key
+  auth_secret_value = var.auth_secret_value
+}

examples/full-examples/http-log-source/main.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    panther = {
+      source = "panther-labs/panther"
+    }
+  }
+}
+
+provider "panther" {
+  token = var.token
+  url   = var.url
+}

examples/full-examples/http-log-source/outputs.tf

@@ -0,0 +1,4 @@
+output "log-source-id" {
+  description = "http Log Source id"
+  value       = panther_httpsource.example_http_source.id
+}

examples/full-examples/http-log-source/variables.tf

@@ -0,0 +1,40 @@
+variable "token" {
+  description = "Panther API token"
+  type        = string
+}
+
+variable "url" {
+  description = "Panther API URL"
+  type        = string
+}
+
+variable "integration_label" {
+  description = "The name of the integration."
+  type        = string
+}
+
+variable "log_stream_type" {
+  description = "Type of log stream."
+  type        = string
+}
+
+variable "log_types" {
+  description = "List of log types for the HTTP source."
+  type        = list(string)
+}
+
+variable "auth_method" {
+  description = "Authentication method used."
+  type        = string
+}
+
+variable "auth_header_key" {
+  description = "Key for the authentication header."
+  type        = string
+}
+
+variable "auth_secret_value" {
+  description = "Authentication secret value."
+  type        = string
+  sensitive   = true
+}

examples/resources/panther_http_source/resource.tf

@@ -0,0 +1,13 @@
+# Manage Http Log Source integration
+resource "panther_http_source" "example_http_source" {
+  integration_label = ""
+  log_stream_type   = "JSON"
+  log_types         = ""
+  auth_method       = "SharedSecret"
+  auth_header_key   = ""
+  auth_secret_value = ""
+  auth_username     = ""
+  auth_password     = ""
+  auth_hmac_alg     = ""
+  auth_bearer_token = ""
+}

generator_config.yml

@@ -0,0 +1,19 @@
+provider:
+  name: panther
+resources:
+  httpsource:
+    create:
+      path: /log-sources/http
+      method: POST
+    read:
+      path: /log-sources/http/{id}
+      method: GET
+    update:
+      path: /log-sources/http/{id}
+      method: PUT
+    delete:
+      path: /log-sources/http/{id}
+      method: DELETE
+    schema:
+      ignores:
+        - integrationId