d

Author: Shani Erman

aquasec/resource_permission_set.go

@@ -2,19 +2,20 @@ package aquasec
 
 import (
 	"fmt"
-	"log"
 	"github.com/aquasecurity/terraform-provider-aquasec/client"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"strings"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"context"
 )
 
 func resourcePermissionSet() *schema.Resource {
 	return &schema.Resource{
 		Description: "The `aquasec_permissions_sets` resource manages your Permission Set within Aqua.",
-		Create:      resourcePermissionSetCreate,
-		Read:        resourcePermissionSetRead,
-		Update:      resourcePermissionSetUpdate,
-		Delete:      resourcePermissionSetDelete,
+		CreateContext: resourcePermissionSetCreate,
+		ReadContext:   resourcePermissionSetRead,
+		UpdateContext: resourcePermissionSetUpdate,
+		DeleteContext: resourcePermissionSetDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},
@@ -67,87 +68,93 @@ func resourcePermissionSet() *schema.Resource {
 	}
 }
 
-func logPermissionSetWarning() {
+func addSaasPermissionSetWarning(diags diag.Diagnostics) diag.Diagnostics {
     if isSaasEnv() {
-        log.Printf("[WARN] You are using aquasec_permissions_sets with an Aqua SaaS instance. " +
-            "Please migrate to aquasec_permissions_sets_saas, designed specifically for Aqua SaaS customers " +
-            "and supporting the entire SaaS platform beyond workload protection.")
+        return append(diags, diag.Diagnostic{
+            Severity: diag.Warning,
+            Summary:  "Legacy Resource Usage",
+            Detail:   "You are using aquasec_permissions_sets with an Aqua SaaS instance. Please migrate to aquasec_permissions_sets_saas, designed specifically for Aqua SaaS customers and supporting the entire SaaS platform beyond workload protection.",
+        })
     }
+    return diags
 }
 
-func resourcePermissionSetCreate(d *schema.ResourceData, m interface{}) error {
-	logPermissionSetWarning()
+func resourcePermissionSetCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+    var diags diag.Diagnostics
+    diags = addSaasPermissionSetWarning(diags)
 
-	ac := m.(*client.Client)
-	name := d.Get("name").(string)
+    ac := m.(*client.Client)
+    name := d.Get("name").(string)
 
-	iap := expandPermissionSet(d)
-	err := ac.CreatePermissionsSet(iap)
-
-	if err != nil {
-		return err
-	}
-	d.SetId(name)
-	return resourcePermissionSetRead(d, m)
+    iap := expandPermissionSet(d)
+    if err := ac.CreatePermissionsSet(iap); err != nil {
+        return diag.FromErr(err)
+    }
+    
+    d.SetId(name)
+    readDiags := resourcePermissionSetRead(ctx, d, m)
+    if readDiags.HasError() {
+        return readDiags
+    }
+    
+    return diags
 }
 
-func resourcePermissionSetUpdate(d *schema.ResourceData, m interface{}) error {
-	logPermissionSetWarning()
-	
-	ac := m.(*client.Client)
-	name := d.Get("name").(string)
-
-	if d.HasChanges("description", "ui_access", "is_super", "actions") {
-		iap := expandPermissionSet(d)
-		err := ac.UpdatePermissionsSet(iap)
-		if err == nil {
-			err1 := resourcePermissionSetRead(d, m)
-			if err1 == nil {
-				d.SetId(name)
-			} else {
-				return err1
-			}
-		} else {
-			return err
-		}
-	}
-	return nil
+func resourcePermissionSetUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+    var diags diag.Diagnostics
+    diags = addSaasPermissionSetWarning(diags)
+    
+    ac := m.(*client.Client)
+    name := d.Get("name").(string)
+
+    if d.HasChanges("description", "ui_access", "is_super", "actions") {
+        iap := expandPermissionSet(d)
+        if err := ac.UpdatePermissionsSet(iap); err != nil {
+            return diag.FromErr(err)
+        }
+        
+        readDiags := resourcePermissionSetRead(ctx, d, m)
+        if readDiags.HasError() {
+            return readDiags
+        }
+        
+        d.SetId(name)
+    }
+    return diags
 }
 
-func resourcePermissionSetRead(d *schema.ResourceData, m interface{}) error {
-	ac := m.(*client.Client)
+func resourcePermissionSetRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+    ac := m.(*client.Client)
+    iap, err := ac.GetPermissionsSet(d.Id())
 
-	iap, err := ac.GetPermissionsSet(d.Id())
-
-	if err != nil {
-		if strings.Contains(fmt.Sprintf("%s", err), "404") {
-			d.SetId("")
-			return nil
-		}
-		return err
-	}
+    if err != nil {
+        if strings.Contains(fmt.Sprintf("%s", err), "404") {
+            d.SetId("")
+            return nil
+        }
+        return diag.FromErr(err)
+    }
 
-	d.Set("name", iap.Name)
-	d.Set("description", iap.Description)
-	d.Set("author", iap.Author)
-	d.Set("ui_access", iap.UiAccess)
-	d.Set("is_super", iap.IsSuper)
-	d.Set("actions", iap.Actions)
+    d.Set("name", iap.Name)
+    d.Set("description", iap.Description)
+    d.Set("author", iap.Author)
+    d.Set("ui_access", iap.UiAccess)
+    d.Set("is_super", iap.IsSuper)
+    d.Set("actions", iap.Actions)
 
-	return nil
+    return nil
 }
 
-func resourcePermissionSetDelete(d *schema.ResourceData, m interface{}) error {
-	ac := m.(*client.Client)
-	name := d.Get("name").(string)
-	err := ac.DeletePermissionsSet(name)
-
-	if err == nil {
-		d.SetId("")
-	} else {
-		return err
-	}
-	return nil
+func resourcePermissionSetDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+    ac := m.(*client.Client)
+    name := d.Get("name").(string)
+    
+    if err := ac.DeletePermissionsSet(name); err != nil {
+        return diag.FromErr(err)
+    }
+    
+    d.SetId("")
+    return nil
 }
 
 func expandPermissionSet(d *schema.ResourceData) *client.PermissionsSet {