add missing route fields to data source (#23)

wasaga · web-flow · commit 0c07f47ac212 · 2025-01-09T16:29:27.000-05:00
Fixes https://linear.app/pomerium/issue/ENG-1836/terraform-provider-route-value-conversion-error also marks some properties that receive defaults on create `computed` so that the TF won't complain.
diff --git a/example/main.tf b/example/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     pomerium = {
       source  = "pomerium/pomerium"
-      version = "0.0.1"
+      version = "0.0.2"
     }
   }
 }
@@ -68,6 +68,92 @@ resource "pomerium_key_pair" "test_key_pair" {
   key          = file("test.host-key.pem")
 }
 
+# Example route with prefix matching
+resource "pomerium_route" "prefix_route" {
+  name           = "prefix-route"
+  namespace_id   = pomerium_namespace.test_namespace.id
+  from           = "https://prefix.localhost.pomerium.io"
+  to             = ["https://target-service.internal"]
+  prefix         = "/api/"
+  prefix_rewrite = "/v1/"
+  policies       = [pomerium_policy.test_policy.id]
+
+  timeout      = "30s"
+  idle_timeout = "5m"
+
+  set_request_headers = {
+    "X-Custom-Header" = "custom-value"
+  }
+  remove_request_headers = ["Referer"]
+  set_response_headers = {
+    "Strict-Transport-Security" = "max-age=31536000"
+  }
+
+  allow_websockets      = true
+  preserve_host_header  = true
+  pass_identity_headers = true
+}
+
+# Example route with path matching
+resource "pomerium_route" "path_route" {
+  name         = "path-route"
+  namespace_id = pomerium_namespace.test_namespace.id
+  from         = "https://path.localhost.pomerium.io"
+  to           = ["https://path-service.internal"]
+  path         = "/exact/path/match"
+
+  tls_skip_verify            = true
+  tls_upstream_server_name   = "internal-name"
+  tls_downstream_server_name = "external-name"
+}
+
+# Example route with regex matching and rewriting
+resource "pomerium_route" "regex_route" {
+  name                       = "regex-route"
+  namespace_id               = pomerium_namespace.test_namespace.id
+  from                       = "https://regex.localhost.pomerium.io"
+  to                         = ["https://regex-service.internal"]
+  regex                      = "^/users/([0-9]+)/profile$"
+  regex_rewrite_pattern      = "^/users/([0-9]+)/profile$"
+  regex_rewrite_substitution = "/api/v1/profiles/$1"
+  regex_priority_order       = 100
+}
+
+# Example route with host rewriting
+resource "pomerium_route" "host_route" {
+  name                                 = "host-route"
+  namespace_id                         = pomerium_namespace.test_namespace.id
+  from                                 = "https://host.localhost.pomerium.io"
+  to                                   = ["https://host-service.internal"]
+  host_rewrite                         = "internal-host"
+  host_path_regex_rewrite_pattern      = "^/service/([^/]+)(/.*)$"
+  host_path_regex_rewrite_substitution = "$1.internal$2"
+}
+
+# Example route with OAuth/OIDC configuration
+resource "pomerium_route" "oauth_route" {
+  name         = "oauth-route"
+  namespace_id = pomerium_namespace.test_namespace.id
+  from         = "https://oauth.localhost.pomerium.io"
+  to           = ["https://protected-service.internal"]
+
+  idp_client_id      = "custom-client-id"
+  idp_client_secret  = "custom-client-secret"
+  show_error_details = true
+}
+
+# Example route with Kubernetes integration
+resource "pomerium_route" "kubernetes_route" {
+  name         = "kubernetes-route"
+  namespace_id = pomerium_namespace.test_namespace.id
+  from         = "https://k8s.localhost.pomerium.io"
+  to           = ["https://kubernetes-service.internal"]
+
+  kubernetes_service_account_token = "eyJhbGciOiJS..."
+  allow_spdy                       = true
+  tls_upstream_allow_renegotiation = true
+}
+
 # Data source examples
 data "pomerium_namespaces" "all_namespaces" {}
 
diff --git a/internal/provider/route.go b/internal/provider/route.go
@@ -76,6 +76,7 @@ func (r *RouteResource) Schema(_ context.Context, _ resource.SchemaRequest, resp
 			"stat_name": schema.StringAttribute{
 				Description: "Name of the stat.",
 				Optional:    true,
+				Computed:    true,
 			},
 			"prefix": schema.StringAttribute{
 				Description: "Prefix.",
@@ -125,11 +126,13 @@ func (r *RouteResource) Schema(_ context.Context, _ resource.SchemaRequest, resp
 				Description: "Timeout.",
 				Optional:    true,
 				CustomType:  timetypes.GoDurationType{},
+				Computed:    true,
 			},
 			"idle_timeout": schema.StringAttribute{
 				Description: "Idle timeout.",
 				Optional:    true,
 				CustomType:  timetypes.GoDurationType{},
+				Computed:    true,
 			},
 			"allow_websockets": schema.BoolAttribute{
 				Description: "Allow websockets.",
@@ -193,6 +196,7 @@ func (r *RouteResource) Schema(_ context.Context, _ resource.SchemaRequest, resp
 			"show_error_details": schema.BoolAttribute{
 				Description: "Show error details.",
 				Optional:    true,
+				Computed:    true,
 			},
 		},
 	}
@@ -239,7 +243,11 @@ func (r *RouteResource) Create(ctx context.Context, req resource.CreateRequest,
 		return
 	}
 
-	plan.ID = types.StringValue(respRoute.Route.Id)
+	diags = ConvertRouteFromPB(&plan, respRoute.Route)
+	resp.Diagnostics.Append(diags...)
+	if diags.HasError() {
+		return
+	}
 
 	tflog.Trace(ctx, "Created a route", map[string]interface{}{
 		"id":   plan.ID.ValueString(),
@@ -292,14 +300,20 @@ func (r *RouteResource) Update(ctx context.Context, req resource.UpdateRequest,
 		return
 	}
 
-	_, err := r.client.RouteService.SetRoute(ctx, &pb.SetRouteRequest{
+	respRoute, err := r.client.RouteService.SetRoute(ctx, &pb.SetRouteRequest{
 		Route: pbRoute,
 	})
 	if err != nil {
 		resp.Diagnostics.AddError("set route", err.Error())
 		return
 	}
 
+	diags = ConvertRouteFromPB(&plan, respRoute.Route)
+	resp.Diagnostics.Append(diags...)
+	if diags.HasError() {
+		return
+	}
+
 	resp.Diagnostics.Append(resp.State.Set(ctx, &plan)...)
 }
 
diff --git a/internal/provider/route_data_source.go b/internal/provider/route_data_source.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/hashicorp/terraform-plugin-framework-timetypes/timetypes"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/types"
@@ -57,6 +58,127 @@ func (d *RouteDataSource) Schema(_ context.Context, _ datasource.SchemaRequest,
 				ElementType: types.StringType,
 				Description: "List of policy IDs associated with the route.",
 			},
+			"stat_name": schema.StringAttribute{
+				Computed:    true,
+				Description: "Name of the stat.",
+			},
+			"prefix": schema.StringAttribute{
+				Computed:    true,
+				Description: "Prefix.",
+			},
+			"path": schema.StringAttribute{
+				Computed:    true,
+				Description: "Path.",
+			},
+			"regex": schema.StringAttribute{
+				Computed:    true,
+				Description: "Regex.",
+			},
+			"prefix_rewrite": schema.StringAttribute{
+				Computed:    true,
+				Description: "Prefix rewrite.",
+			},
+			"regex_rewrite_pattern": schema.StringAttribute{
+				Computed:    true,
+				Description: "Regex rewrite pattern.",
+			},
+			"regex_rewrite_substitution": schema.StringAttribute{
+				Computed:    true,
+				Description: "Regex rewrite substitution.",
+			},
+			"host_rewrite": schema.StringAttribute{
+				Computed:    true,
+				Description: "Host rewrite.",
+			},
+			"host_rewrite_header": schema.StringAttribute{
+				Computed:    true,
+				Description: "Host rewrite header.",
+			},
+			"host_path_regex_rewrite_pattern": schema.StringAttribute{
+				Computed:    true,
+				Description: "Host path regex rewrite pattern.",
+			},
+			"host_path_regex_rewrite_substitution": schema.StringAttribute{
+				Computed:    true,
+				Description: "Host path regex rewrite substitution.",
+			},
+			"regex_priority_order": schema.Int64Attribute{
+				Computed:    true,
+				Description: "Regex priority order.",
+			},
+			"timeout": schema.StringAttribute{
+				Computed:    true,
+				Description: "Timeout.",
+				CustomType:  timetypes.GoDurationType{},
+			},
+			"idle_timeout": schema.StringAttribute{
+				Computed:    true,
+				Description: "Idle timeout.",
+				CustomType:  timetypes.GoDurationType{},
+			},
+			"allow_websockets": schema.BoolAttribute{
+				Computed:    true,
+				Description: "Allow websockets.",
+			},
+			"allow_spdy": schema.BoolAttribute{
+				Computed:    true,
+				Description: "Allow SPDY.",
+			},
+			"tls_skip_verify": schema.BoolAttribute{
+				Computed:    true,
+				Description: "TLS skip verify.",
+			},
+			"tls_upstream_server_name": schema.StringAttribute{
+				Computed:    true,
+				Description: "TLS upstream server name.",
+			},
+			"tls_downstream_server_name": schema.StringAttribute{
+				Computed:    true,
+				Description: "TLS downstream server name.",
+			},
+			"tls_upstream_allow_renegotiation": schema.BoolAttribute{
+				Computed:    true,
+				Description: "TLS upstream allow renegotiation.",
+			},
+			"set_request_headers": schema.MapAttribute{
+				Computed:    true,
+				ElementType: types.StringType,
+				Description: "Set request headers.",
+			},
+			"remove_request_headers": schema.ListAttribute{
+				Computed:    true,
+				ElementType: types.StringType,
+				Description: "Remove request headers.",
+			},
+			"set_response_headers": schema.MapAttribute{
+				Computed:    true,
+				ElementType: types.StringType,
+				Description: "Set response headers.",
+			},
+			"preserve_host_header": schema.BoolAttribute{
+				Computed:    true,
+				Description: "Preserve host header.",
+			},
+			"pass_identity_headers": schema.BoolAttribute{
+				Computed:    true,
+				Description: "Pass identity headers.",
+			},
+			"kubernetes_service_account_token": schema.StringAttribute{
+				Computed:    true,
+				Description: "Kubernetes service account token.",
+			},
+			"idp_client_id": schema.StringAttribute{
+				Computed:    true,
+				Description: "IDP client ID.",
+			},
+			"idp_client_secret": schema.StringAttribute{
+				Computed:    true,
+				Description: "IDP client secret.",
+			},
+			"show_error_details": schema.BoolAttribute{
+				Computed:    true,
+				Description: "Show error details.",
+			},
 		},
 	}
 }
diff --git a/internal/provider/route_model.go b/internal/provider/route_model.go
@@ -117,12 +117,7 @@ func ConvertRouteFromPB(
 	}
 	dst.To = types.ListValueMust(types.StringType, toList)
 
-	policiesList := make([]attr.Value, len(src.PolicyIds))
-	for i, v := range src.PolicyIds {
-		policiesList[i] = types.StringValue(v)
-	}
-	dst.Policies = types.ListValueMust(types.StringType, policiesList)
-
+	dst.Policies = FromStringSlice(src.PolicyIds)
 	dst.StatName = types.StringValue(src.StatName)
 	dst.Prefix = types.StringPointerValue(src.Prefix)
 	dst.Path = types.StringPointerValue(src.Path)
