Merge pull request #59 from meshcloud/feature/CU-86c55h4xp_meshPlatforms-via-Terraform-Provider

feat: implement support for meshPlatforms

Author: j0g3sc

client/client.go

@@ -43,6 +43,7 @@ type endpoints struct {
 	Tenants                *url.URL `json:"meshtenants"`
 	TagDefinitions         *url.URL `json:"meshtagdefinitions"`
 	LandingZones           *url.URL `json:"meshlandingzones"`
+	Platforms              *url.URL `json:"meshplatforms"`
 }
 
 type loginResponse struct {
@@ -73,6 +74,7 @@ func NewClient(rootUrl *url.URL, apiKey string, apiSecret string) (*MeshStackPro
 		Tenants:                rootUrl.JoinPath(apiMeshObjectsRoot, "meshtenants"),
 		TagDefinitions:         rootUrl.JoinPath(apiMeshObjectsRoot, "meshtagdefinitions"),
 		LandingZones:           rootUrl.JoinPath(apiMeshObjectsRoot, "meshlandingzones"),
+		Platforms:              rootUrl.JoinPath(apiMeshObjectsRoot, "meshplatforms"),
 	}
 
 	return client, nil

client/platform.go

@@ -24,6 +24,7 @@ Read a single landing zone by identifier.
 - `api_version` (String) Landing Zone API version.
 - `kind` (String) meshObject type, always `meshLandingZone`.
 - `spec` (Attributes) (see [below for nested schema](#nestedatt--spec))
+- `status` (Attributes) Current Landing Zone status. (see [below for nested schema](#nestedatt--status))
 
 <a id="nestedatt--metadata"></a>
 ### Nested Schema for `metadata`
@@ -65,7 +66,7 @@ Optional:
 
 Read-Only:
 
-- `type` (String) Type of the platform. One of `aws`, `aks`, `azure`, `azurerg`, `gcp`, `kubernetes`, `openshift`.
+- `type` (String) Type of the platform. This field is automatically inferred from which platform configuration is provided and cannot be set manually.
 
 <a id="nestedatt--spec--platform_properties--aks"></a>
 ### Nested Schema for `spec.platform_properties.aks`
@@ -298,3 +299,13 @@ Read-Only:
 
 - `kind` (String) Must always be set to meshPlatform
 - `uuid` (String) UUID of the platform.
+
+
+
+<a id="nestedatt--status"></a>
+### Nested Schema for `status`
+
+Read-Only:
+
+- `disabled` (Boolean) True if the landing zone is disabled.
+- `restricted` (Boolean) If true, users will be unable to select this landing zone in meshPanel. Only Platform teams can create tenants using restricted landing zones with the meshObject API.

docs/data-sources/landingzone.md

@@ -0,0 +1,5 @@
+data "meshstack_platform" "example" {
+  metadata = {
+    uuid = "d32951fc-6589-412f-b8bd-50c78fe2cb79"
+  }
+}

docs/data-sources/platform.md

@@ -0,0 +1,2 @@
+# import via platform uuid (= meshStack Platform ID)
+terraform import meshstack_platform.example 09631015-0f06-4f6a-b459-03047fbd89d1

docs/resources/platform.md

@@ -0,0 +1,129 @@
+resource "meshstack_platform" "example" {
+  metadata = {
+    name               = "my-azure-platform"
+    owned_by_workspace = "my-workspace"
+  }
+
+  spec = {
+    display_name      = "Azure"
+    description       = "Azure is the Public Cloud Service provided by Microsoft."
+    endpoint          = "https://azure.microsoft.com"
+    documentation_url = "https://azure.microsoft.com"
+
+    location_ref = {
+      name = "meshcloud-azure-dev"
+    }
+
+    availability = {
+      restriction              = "PUBLIC"
+      publication_state        = "PUBLISHED"
+      restricted_to_workspaces = []
+    }
+
+    config = {
+      azure = {
+        entra_tenant = "dev-mycompany.onmicrosoft.com"
+
+        replication = {
+          service_principal = {
+            client_id                      = "58d6f907-7b0e-4fd8-b328-3e8342dddc8d"
+            auth_type                      = "CREDENTIALS"
+            credentials_auth_client_secret = "mesh/hidden-secret"
+            object_id                      = "3c305efe-625d-4eaf-9bfa-b981ddbcc99f"
+          }
+
+          provisioning = {
+            subscription_owner_object_ids = [
+              "2af5651f-bfa2-45b8-8780-f63dd51f515f"
+            ]
+
+            pre_provisioned = {
+              unused_subscription_name_prefix = "unused-"
+            }
+          }
+
+          b2b_user_invitation = {
+            redirect_url               = "https://portal.azure.com/#home"
+            send_azure_invitation_mail = false
+          }
+
+          subscription_name_pattern   = "#{workspaceIdentifier}.#{projectIdentifier}"
+          group_name_pattern          = "#{workspaceIdentifier}.#{projectIdentifier}-#{platformGroupAlias}"
+          blueprint_service_principal = "ce0c3688-3247-4083-b49f-33fdbac1ea65"
+          blueprint_location          = "westeurope"
+
+          azure_role_mappings = [
+            {
+              project_role_ref = {
+                name = "admin"
+              }
+              azure_role = {
+                alias = "admin"
+                id    = "b69d42fd-1e97-47d0-958d-3ce50d18af71"
+              }
+            },
+            {
+              project_role_ref = {
+                name = "reader"
+              }
+              azure_role = {
+                alias = "reader"
+                id    = "9c4cbbde-f2da-479e-9709-0f9ca8fa69df"
+              }
+            },
+            {
+              project_role_ref = {
+                name = "user"
+              }
+              azure_role = {
+                alias = "user"
+                id    = "7eeffa89-84ca-4106-9677-c9206b2fc14d"
+              }
+            }
+          ]
+
+          tenant_tags = {
+            namespace_prefix = "meshstack_"
+
+            tag_mappers = [
+              {
+                key           = "wident"
+                value_pattern = "$${workspaceIdentifier}"
+              },
+              {
+                key           = "pident"
+                value_pattern = "prefix-$${projectIdentifier}"
+              },
+              {
+                key           = "pname"
+                value_pattern = "$${projectName}"
+              },
+              {
+                key           = "wname"
+                value_pattern = "$${workspaceName}"
+              },
+              {
+                key           = "paymentIdentifier"
+                value_pattern = "$${paymentIdentifier}"
+              },
+              {
+                key           = "paymentName"
+                value_pattern = "$${paymentName}"
+              },
+              {
+                key           = "paymentExpirationDate"
+                value_pattern = "$${paymentExpirationDate}"
+              }
+            ]
+          }
+
+          user_look_up_strategy                          = "UserByMailLookupStrategy"
+          skip_user_group_permission_cleanup             = false
+          allow_hierarchical_management_group_assignment = false
+        }
+      }
+    }
+
+    contributing_workspaces = []
+  }
+}

examples/data-sources/meshstack_platform/data-source.tf

@@ -109,24 +109,37 @@ func (d *landingZoneDataSource) Schema(_ context.Context, _ datasource.SchemaReq
 						MarkdownDescription: "Platform-specific configuration options.",
 						Computed:            true,
 						Attributes: map[string]schema.Attribute{
-							"type": schema.StringAttribute{
-								MarkdownDescription: "Type of the platform. One of `aws`, `aks`, `azure`, `azurerg`, `gcp`, `kubernetes`, `openshift`.",
-								Computed:            true,
-								Validators: []validator.String{
-									stringvalidator.OneOf([]string{"aws", "aks", "azure", "azurerg", "gcp", "kubernetes", "openshift"}...),
-								},
-							},
 							"aws":        awsPlatformConfigSchema(),
 							"aks":        aksPlatformConfigSchema(),
 							"azure":      azurePlatformConfigSchema(),
 							"azurerg":    azureRgPlatformConfigSchema(),
 							"gcp":        gcpPlatformConfigSchema(),
 							"kubernetes": kubernetesPlatformConfigSchema(),
 							"openshift":  openShiftPlatformConfigSchema(),
+							"type": schema.StringAttribute{
+								MarkdownDescription: "Type of the platform. This field is automatically inferred from which platform configuration is provided and cannot be set manually.",
+								Computed:            true,
+							},
 						},
 					},
 				},
 			},
+
+			"status": schema.SingleNestedAttribute{
+				MarkdownDescription: "Current Landing Zone status.",
+				Computed:            true,
+				Attributes: map[string]schema.Attribute{
+					"disabled": schema.BoolAttribute{
+						MarkdownDescription: "True if the landing zone is disabled.",
+						Computed:            true,
+					},
+					"restricted": schema.BoolAttribute{
+						MarkdownDescription: "If true, users will be unable to select this landing zone in meshPanel. " +
+							"Only Platform teams can create tenants using restricted landing zones with the meshObject API.",
+						Computed: true,
+					},
+				},
+			},
 		},
 	}
 }

examples/resources/meshstack_platform/import.sh

@@ -438,28 +438,6 @@ func openShiftPlatformConfigSchema() schema.Attribute {
 	}
 }
 
-func meshProjectRoleAttribute() schema.SingleNestedAttribute {
-	return schema.SingleNestedAttribute{
-		MarkdownDescription: "the meshProject role",
-		Required:            true,
-		Attributes: map[string]schema.Attribute{
-			"name": schema.StringAttribute{
-				Required:            true,
-				MarkdownDescription: "The identifier of the meshProjectRole",
-			},
-			"kind": schema.StringAttribute{
-				MarkdownDescription: "meshObject type, always `meshProjectRole`.",
-				Computed:            true,
-				Default:             stringdefault.StaticString("meshProjectRole"),
-				Validators: []validator.String{
-					stringvalidator.OneOf([]string{"meshProjectRole"}...),
-				},
-				PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
-			},
-		},
-	}
-}
-
 func (r *landingZoneResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
 	landingZone := client.MeshLandingZoneCreate{
 		Metadata: client.MeshLandingZoneMetadata{},