Add user role data source and resource

docs/data-sources/role.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Data Source: konnect_role
 Represents a role
 ## Example usage

docs/data-sources/runtime_group.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Runtime Groups"
+---
 # Data Source: konnect_runtime_group
 Represents a runtime group
 ## Example usage

docs/data-sources/team.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Data Source: konnect_team
 Represents a team
 ## Example usage

docs/data-sources/team_role.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Data Source: konnect_team_role
 Represents a role assigned to a team
 ## Example usage

docs/data-sources/user.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Data Source: konnect_user
 Represents a user
 ## Example usage

docs/data-sources/user_role.md

@@ -0,0 +1,25 @@
+---
+subcategory: "Identity Management"
+---
+# Data Source: konnect_user_role
+Represents a role assigned to a user
+## Example usage
+```hcl
+data "konnect_user" "User" {
+  search_full_name = "Joe"
+}
+data "konnect_user_role" "example" {
+  user_id = data.konnect_user.User.id
+  entity_type_display_name = "Runtime Groups"
+}
+```
+## Argument Reference
+* `user_id` - **(Required, String)** The id of the user assigned the role
+* `search_role_display_name` - **(Optional, String)** The search string to apply to the display name of the role. Uses contains.
+* `role_display_name` - **(Optional, String)** The filter string to apply to the display name of the role. Uses equality.
+* `search_entity_type_display_name` - **(Optional, String)** The search string to apply to the display name of the entity type, like `Runtime Groups` or `Services`. Uses contains.
+* `entity_type_display_name` - **(Optional, String)** The filter string to apply to the display name of the entity type, like `Runtime Groups` or `Services`. Uses equality.
+## Attribute Reference
+* `id` - **(String)** Same as `user_id`:`Guid of role assignment`
+* `entity_id` - **(String)** The id of the entity for which the role applies.
+* `entity_region` - **(String)** The region of the entity for which the role applies.

docs/resources/authentication_settings.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Resource: konnect_authentication_settings
 Represents authentication settings
 ## Example usage

docs/resources/identity_provider.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Resource: konnect_identity_provider
 Represents identity provider settings
 ## Example usage

docs/resources/runtime_group.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Runtime Groups"
+---
 # Resource: konnect_runtime_group
 Represents a runtime group
 ## Example usage

docs/resources/team.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Resource: konnect_team
 Represents a team
 ## Example usage

docs/resources/team_role.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Resource: konnect_team_role
 Represents a role assigned to a team to access a given entity
 ## Example usage

docs/resources/team_user.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Resource: konnect_team_user
 Represents a member of a team
 ## Example usage

docs/resources/user.md

@@ -1,3 +1,6 @@
+---
+subcategory: "Identity Management"
+---
 # Resource: konnect_user
 Represents a user
 ## Example usage

docs/resources/user_role.md

@@ -0,0 +1,38 @@
+---
+subcategory: "Identity Management"
+---
+# Resource: konnect_user_role
+Represents a role assigned to a user to access a given entity
+## Example usage
+```hcl
+resource "konnect_user" "User" {
+  email = "Joe.Burrow@example.com"
+  full_name = "Joe Burrow"
+  preferred_name = "Joe"
+}
+data "konnect_role" "Role" {
+  group_display_name = "Runtime Groups"
+  display_name = "Admin"
+}
+resource "konnect_runtime_group" "RuntimeGroup" {
+  name = "TestRG"
+  description = "testing"
+}
+resource "konnect_user_role" "example" {
+  user_id = konnect_user.User.id
+  entity_id = konnect_runtime_group.RuntimeGroup.id
+  entity_type_display_name = "Runtime Groups"
+  entity_region = "us"
+  role_display_name = data.konnect_role.Role.display_name
+}
+```
+## Argument Reference
+* `user_id` - **(Required, ForceNew, String)** The id of the user assigned the role
+* `role_display_name` - **(Required, ForceNew, String)** The display name of the role.
+* `entity_type_display_name` - **(Required, ForceNew, String)** The display name of the entity type, like `Runtime Groups` or `Services`.
+* `entity_id` - **(Required, ForceNew, String)** The id of the entity for which the role applies.
+* `entity_region` - **(Required, ForceNew, String)** The region of the entity for which the role applies.
+## Attribute Reference
+* `id` - **(String)** Same as `user_id`:`Guid of role assignment`
+## Import
+User roles can be imported using a proper value of `id` as described above

konnect/client/user_role.go

@@ -0,0 +1,30 @@
+package client
+
+import "strings"
+
+const (
+	UserRolePath       = "users/%s/assigned-roles"
+	UserRolePathCreate = UserRolePath
+	UserRolePathDelete = UserRolePath + "/%s"
+)
+
+type UserRole struct {
+	Id                    string `json:"id,omitempty"`
+	UserId                string `json:"-"`
+	RoleDisplayName       string `json:"role_name,omitempty"`
+	EntityId              string `json:"entity_id,omitempty"`
+	EntityTypeDisplayName string `json:"entity_type_name,omitempty"`
+	EntityRegion          string `json:"entity_region,omitempty"`
+}
+type UserRoleCollection struct {
+	UserRoles []UserRole `json:"data"`
+}
+
+func (ur *UserRole) UserRoleEncodeId() string {
+	return ur.UserId + IdSeparator + ur.Id
+}
+
+func UserRoleDecodeId(s string) (string, string) {
+	tokens := strings.Split(s, IdSeparator)
+	return tokens[0], tokens[1]
+}

konnect/data_source_user_role.go

@@ -0,0 +1,100 @@
+package konnect
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/scastria/terraform-provider-konnect/konnect/client"
+	"net/http"
+	"net/url"
+)
+
+func dataSourceUserRole() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceUserRoleRead,
+		Schema: map[string]*schema.Schema{
+			"user_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"search_role_display_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"role_display_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"search_entity_type_display_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"entity_type_display_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"entity_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"entity_region": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceUserRoleRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	c := m.(*client.Client)
+	userId := d.Get("user_id").(string)
+	requestQuery := url.Values{}
+	searchRoleDisplayName, ok := d.GetOk("search_role_display_name")
+	if ok {
+		requestQuery[client.FilterRoleNameContains] = []string{searchRoleDisplayName.(string)}
+	}
+	roleDisplayName, ok := d.GetOk("role_display_name")
+	if ok {
+		requestQuery[client.FilterRoleName] = []string{roleDisplayName.(string)}
+	}
+	searchEntityTypeDisplayName, ok := d.GetOk("search_entity_type_display_name")
+	if ok {
+		requestQuery[client.FilterEntityTypeNameContains] = []string{searchEntityTypeDisplayName.(string)}
+	}
+	entityTypeDisplayName, ok := d.GetOk("entity_type_display_name")
+	if ok {
+		requestQuery[client.FilterEntityTypeName] = []string{entityTypeDisplayName.(string)}
+	}
+	requestPath := fmt.Sprintf(client.UserRolePath, userId)
+	body, err := c.HttpRequest(ctx, false, http.MethodGet, requestPath, requestQuery, nil, &bytes.Buffer{})
+	if err != nil {
+		d.SetId("")
+		return diag.FromErr(err)
+	}
+	retVals := &client.UserRoleCollection{}
+	err = json.NewDecoder(body).Decode(retVals)
+	if err != nil {
+		d.SetId("")
+		return diag.FromErr(err)
+	}
+	numUserRoles := len(retVals.UserRoles)
+	if numUserRoles > 1 {
+		d.SetId("")
+		return diag.FromErr(fmt.Errorf("Filter criteria does not result in a single user role"))
+	} else if numUserRoles != 1 {
+		d.SetId("")
+		return diag.FromErr(fmt.Errorf("No user role exists with that filter criteria"))
+	}
+	retVal := retVals.UserRoles[0]
+	retVal.UserId = userId
+	d.Set("role_display_name", retVal.RoleDisplayName)
+	d.Set("entity_type_display_name", retVal.EntityTypeDisplayName)
+	d.Set("entity_id", retVal.EntityId)
+	d.Set("entity_region", retVal.EntityRegion)
+	d.SetId(retVal.UserRoleEncodeId())
+	return diags
+}

konnect/provider.go

@@ -29,13 +29,15 @@ func Provider() *schema.Provider {
 			"konnect_team":                   resourceTeam(),
 			"konnect_team_user":              resourceTeamUser(),
 			"konnect_team_role":              resourceTeamRole(),
+			"konnect_user_role":              resourceUserRole(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"konnect_runtime_group": dataSourceRuntimeGroup(),
 			"konnect_user":          dataSourceUser(),
 			"konnect_team":          dataSourceTeam(),
 			"konnect_role":          dataSourceRole(),
 			"konnect_team_role":     dataSourceTeamRole(),
+			"konnect_user_role":     dataSourceUserRole(),
 		},
 		ConfigureContextFunc: providerConfigure,
 	}