func resourceSecurityRolePut()

in internal/elasticsearch/security/role.go [251:466]


func resourceSecurityRolePut(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
	client, diags := clients.NewApiClientFromSDKResource(d, meta)
	if diags.HasError() {
		return diags
	}
	serverVersion, diags := client.ServerVersion(ctx)
	if diags.HasError() {
		return diags
	}
	roleId := d.Get("name").(string)
	id, diags := client.ID(ctx, roleId)
	if diags.HasError() {
		return diags
	}
	var role models.Role
	role.Name = roleId

	// Add description to the role
	if v, ok := d.GetOk("description"); ok {
		// Return an error if the server version is less than the minimum supported version
		if serverVersion.LessThan(minSupportedDescriptionVersion) {
			return diag.FromErr(fmt.Errorf("'description' is supported only for Elasticsearch v%s and above", minSupportedDescriptionVersion.String()))
		}

		description := v.(string)
		role.Description = &description
	}

	if v, ok := d.GetOk("applications"); ok {
		definedApps := v.(*schema.Set)
		applications := make([]models.Application, definedApps.Len())
		for i, app := range definedApps.List() {
			a := app.(map[string]interface{})

			definedPrivs := a["privileges"].(*schema.Set)
			privs := make([]string, definedPrivs.Len())
			for i, pr := range definedPrivs.List() {
				privs[i] = pr.(string)
			}
			definedRess := a["resources"].(*schema.Set)
			ress := make([]string, definedRess.Len())
			for i, res := range definedRess.List() {
				ress[i] = res.(string)
			}

			newApp := models.Application{
				Name:       a["application"].(string),
				Privileges: privs,
				Resources:  ress,
			}
			applications[i] = newApp
		}
		role.Applications = applications
	}

	if v, ok := d.GetOk("global"); ok {
		global := make(map[string]interface{})
		if err := json.NewDecoder(strings.NewReader(v.(string))).Decode(&global); err != nil {
			return diag.FromErr(err)
		}
		role.Global = global
	}

	if v, ok := d.GetOk("cluster"); ok {
		definedCluster := v.(*schema.Set)
		cls := make([]string, definedCluster.Len())
		for i, cl := range definedCluster.List() {
			cls[i] = cl.(string)
		}
		role.Cluster = cls
	}

	if v, ok := d.GetOk("indices"); ok {
		definedIndices := v.(*schema.Set)
		indices := make([]models.IndexPerms, definedIndices.Len())
		for i, idx := range definedIndices.List() {
			index := idx.(map[string]interface{})

			definedNames := index["names"].(*schema.Set)
			names := make([]string, definedNames.Len())
			for i, name := range definedNames.List() {
				names[i] = name.(string)
			}
			definedPrivs := index["privileges"].(*schema.Set)
			privs := make([]string, definedPrivs.Len())
			for i, pr := range definedPrivs.List() {
				privs[i] = pr.(string)
			}

			newIndex := models.IndexPerms{
				Names:      names,
				Privileges: privs,
			}

			if query := index["query"].(string); query != "" {
				newIndex.Query = &query
			}
			if fieldSec := index["field_security"].([]interface{}); len(fieldSec) > 0 {
				fieldSecurity := models.FieldSecurity{}
				// there must be only 1 entry
				definedFieldSec := fieldSec[0].(map[string]interface{})

				// grants
				if gr := definedFieldSec["grant"].(*schema.Set); gr != nil {
					grants := make([]string, gr.Len())
					for i, grant := range gr.List() {
						grants[i] = grant.(string)
					}
					fieldSecurity.Grant = grants
				}
				// except
				if exp := definedFieldSec["except"].(*schema.Set); exp != nil {
					excepts := make([]string, exp.Len())
					for i, except := range exp.List() {
						excepts[i] = except.(string)
					}
					fieldSecurity.Except = excepts
				}
				newIndex.FieldSecurity = &fieldSecurity
			}

			allowRestrictedIndices := index["allow_restricted_indices"].(bool)
			newIndex.AllowRestrictedIndices = &allowRestrictedIndices

			indices[i] = newIndex
		}
		role.Indices = indices
	}

	if v, ok := d.GetOk("remote_indices"); ok {
		definedRemoteIndices := v.(*schema.Set)
		if definedRemoteIndices.Len() > 0 && serverVersion.LessThan(minSupportedRemoteIndicesVersion) {
			return diag.FromErr(fmt.Errorf("'remote_indices' is supported only for Elasticsearch v%s and above", minSupportedRemoteIndicesVersion.String()))
		}
		remoteIndices := make([]models.RemoteIndexPerms, definedRemoteIndices.Len())
		for i, idx := range definedRemoteIndices.List() {
			remoteIndex := idx.(map[string]interface{})

			definedRemoteNames := remoteIndex["names"].(*schema.Set)
			remoteNames := make([]string, definedRemoteNames.Len())
			for i, name := range definedRemoteNames.List() {
				remoteNames[i] = name.(string)
			}
			definedRemoteClusters := remoteIndex["clusters"].(*schema.Set)
			remoteClusters := make([]string, definedRemoteClusters.Len())
			for i, cluster := range definedRemoteClusters.List() {
				remoteClusters[i] = cluster.(string)
			}
			definedRemotePrivs := remoteIndex["privileges"].(*schema.Set)
			remotePrivs := make([]string, definedRemotePrivs.Len())
			for i, pr := range definedRemotePrivs.List() {
				remotePrivs[i] = pr.(string)
			}

			newRemoteIndex := models.RemoteIndexPerms{
				Names:      remoteNames,
				Clusters:   remoteClusters,
				Privileges: remotePrivs,
			}

			if query := remoteIndex["query"].(string); query != "" {
				newRemoteIndex.Query = &query
			}
			if fieldSec := remoteIndex["field_security"].([]interface{}); len(fieldSec) > 0 {
				remoteFieldSecurity := models.FieldSecurity{}
				// there must be only 1 entry
				definedRemoteFieldSec := fieldSec[0].(map[string]interface{})

				// grants
				if gr := definedRemoteFieldSec["grant"].(*schema.Set); gr != nil {
					grants := make([]string, gr.Len())
					for i, grant := range gr.List() {
						grants[i] = grant.(string)
					}
					remoteFieldSecurity.Grant = grants
				}
				// except
				if exp := definedRemoteFieldSec["except"].(*schema.Set); exp != nil {
					excepts := make([]string, exp.Len())
					for i, except := range exp.List() {
						excepts[i] = except.(string)
					}
					remoteFieldSecurity.Except = excepts
				}
				newRemoteIndex.FieldSecurity = &remoteFieldSecurity
			}

			remoteIndices[i] = newRemoteIndex
		}
		role.RemoteIndices = remoteIndices
	}

	if v, ok := d.GetOk("metadata"); ok {
		metadata := make(map[string]interface{})
		if err := json.NewDecoder(strings.NewReader(v.(string))).Decode(&metadata); err != nil {
			return diag.FromErr(err)
		}
		role.Metadata = metadata
	}

	if v, ok := d.GetOk("run_as"); ok {
		definedRuns := v.(*schema.Set)
		runs := make([]string, definedRuns.Len())
		for i, run := range definedRuns.List() {
			runs[i] = run.(string)
		}
		role.RusAs = runs
	}

	if diags := elasticsearch.PutRole(ctx, client, &role); diags.HasError() {
		return diags
	}

	d.SetId(id.String())
	return resourceSecurityRoleRead(ctx, d, meta)
}