[datadog_integration_gcp] Migrate to FW Provider, Add ResourceCollectionEnabled and IsSecurityCommandCenterEnabled fields #2230
Conversation
smuhit
requested review from
a team and
nina9753
and removed request for
a team
smuhit
changed the title
smuhit
force-pushed
the
sabbir.muhit/gcp-1258/add-resource-collection-flag-to-gcp-resources
branch
from
f51f638 to
f758230
Compare
docs/resources/integration_gcp.md
Outdated
| @@ -8,7 +8,7 @@ description: |- | |||
|
|
|||
| # datadog_integration_gcp (Resource) | |||
|
|
|||
| This resource is deprecated — use the `datadog_integration_gcp_sts resource` instead. Provides a Datadog - Google Cloud Platform integration resource. This can be used to create and manage Datadog - Google Cloud Platform integration. | |||
| This resource is deprecated — use the `datadog_integration_gcp_sts` resource instead. Provides a Datadog - Google Cloud Platform integration resource. This can be used to create and manage Datadog - Google Cloud Platform integration. | |||
There was a problem hiding this comment.
| This resource is deprecated — use the `datadog_integration_gcp_sts` resource instead. Provides a Datadog - Google Cloud Platform integration resource. This can be used to create and manage Datadog - Google Cloud Platform integration. | |
| This resource is deprecated—use the `datadog_integration_gcp_sts` resource instead. Provides a Datadog - Google Cloud Platform integration resource. This can be used to create and manage Datadog - Google Cloud Platform integration. |
There was a problem hiding this comment.
@brett0000FF per line 6 should we just update both to stay consistent?
There was a problem hiding this comment.
Yeah, we generally advise not to put spaces around hyphens, so that would be a good edit. I wasn't sure if the integration's name already contained the spacing, which is why I didn't edit it before.
| var ( | ||
| _ resource.ResourceWithConfigure = &integrationGcpResource{} | ||
| _ resource.ResourceWithImportState = &integrationGcpResource{} | ||
| ) |
There was a problem hiding this comment.
Two nits:
- I'd move this right above the definition of
integrationGcpResource, since these lines are just trying to prove that it implements certain interfaces. - This is typically written as
var (
_ resource.ResourceWithConfigure = (*integrationGcpResource)(nil)
_ resource.ResourceWithImportState = (*integrationGcpResource)(nil)
)
i.e. no point in actually building structs since they are assigned to _ and so are not accessible.
| _ resource.ResourceWithImportState = &integrationGcpResource{} | ||
| ) | ||
|
|
||
| var integrationGcpMutex = sync.Mutex{} |
There was a problem hiding this comment.
Nit: I'd move this to the top and write this as
var (
integrationGcpMutex sync.Mutex
)
i.e. the zero-value mutex is valid for use
|
|
||
| type integrationGcpResource struct { | ||
| Api *datadogV1.GCPIntegrationApi | ||
| Auth context.Context |
There was a problem hiding this comment.
Any reason these are exported fields? Feels weird to have exported fields on an unexported type. That's usually only useful for struct tags (i.e. `json:"blah"`)
There was a problem hiding this comment.
Switched to unexported
| Automute types.Bool `tfsdk:"automute"` | ||
| HostFilters types.String `tfsdk:"host_filters"` | ||
| ResourceCollectionEnabled types.Bool `tfsdk:"resource_collection_enabled"` | ||
| CspmResourceCollectionEnabled types.Bool `tfsdk:"cspm_resource_collection_enabled"` |
There was a problem hiding this comment.
Isn't this typically called is_cspm_enabled?
There was a problem hiding this comment.
Even if we have to leave the `tfsdk:"cspm_resource_collection_enabled"` , we could rename the field?
There was a problem hiding this comment.
We could, but keeping it named as is for backwards compatibility (and the fact that this is a public repo) with https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/integration_gcp#optional
| var state integrationGcpModel | ||
|
|
||
| integrationGcpMutex.Lock() | ||
| defer integrationGcpMutex.Unlock() |
There was a problem hiding this comment.
Is this meant to be a global lock? Any reason to not move it to being defined on integrationGcpResource so it's scoped to the instance? Even if integrationGcpResource is a singleton, an instance lock will in that case act like a global lock.
There was a problem hiding this comment.
Terraform will do some automated parallelism behind the scenes. This is to ensure that the API calls aren't clobbering each other.
| } | ||
|
|
||
| func (r *integrationGcpResource) getGCPIntegration(state integrationGcpModel) (*datadogV1.GCPAccount, diag.Diagnostics) { | ||
| diags := diag.Diagnostics{} |
There was a problem hiding this comment.
Nit: prefer var diags diag.Diagnostics
| state.ID = projectId | ||
| } | ||
|
|
||
| func (r *integrationGcpResource) getGCPIntegration(state integrationGcpModel) (*datadogV1.GCPAccount, diag.Diagnostics) { |
There was a problem hiding this comment.
Kinda nit:
IMO all of this code would be cleaner if we left out terraform-specific stuff until the last moment. i.e. make the return signature of this method (datadogV1.GCPAccount, error), and add the error to the diag. That way we don't have to rely on pointers to tell if something worked or not, and we don't have to switch back and forth btw pointers and values.
| diags.AddError("response contains unparsedObject", err.Error()) | ||
| return nil, diags | ||
| } | ||
| account = &integration |
There was a problem hiding this comment.
Preference for making this line return &integration, diags and making the last line return nil, diags, and removing the local var and break all together.
| return account, diags | ||
| } | ||
|
|
||
| func (r *integrationGcpResource) buildIntegrationGcpRequestBodyBase(state integrationGcpModel) (*datadogV1.GCPAccount, diag.Diagnostics) { |
There was a problem hiding this comment.
Why is diags.Diagnostics part of this return signature? It's always empty?
| body.SetHostFilters(state.HostFilters.ValueString()) | ||
| if !state.ResourceCollectionEnabled.IsUnknown() { | ||
| body.SetResourceCollectionEnabled(state.ResourceCollectionEnabled.ValueBool()) | ||
| } |
There was a problem hiding this comment.
Any reason this is special case? (i.e. I don't see IsUnknown() used anywhere else but ResourceCollectionEnabled)
There was a problem hiding this comment.
Mainly for backwards compatibility. The API will return an error if the CSPM flag is on but the Resource Collection Flag is explicitly set to False. In this case, we don't want to set any value for the Resource Collection flag unless a value was explicitly set by the user.
|
Moving to draft until ready for re-review |
…SecurityCommandCenterEnabled fields Update datadog client library Remove unused variable Fixes for migration to fwprovider More fixes Update codeowners for changes to gcp
… cassettes interacting with the GCP APIs
smuhit
force-pushed
the
sabbir.muhit/gcp-1258/add-resource-collection-flag-to-gcp-resources
branch
from
7f7ae53 to
03e539a
Compare
| } | ||
|
|
||
| func (r *integrationGcpResource) Configure(_ context.Context, request resource.ConfigureRequest, response *resource.ConfigureResponse) { | ||
| providerData, _ := request.ProviderData.(*FrameworkProvider) |
There was a problem hiding this comment.
Nit: I believe the , _ can be removed? It's a bool that makes this a safe cast, but we ignore the bool anyways. I think we'll get an NPE on the next two lines anyway if the cast fails.
| --- | ||
|
|
||
| # datadog_integration_gcp (Resource) | ||
|
|
||
| This resource is deprecated — use the `datadog_integration_gcp_sts resource` instead. Provides a Datadog - Google Cloud Platform integration resource. This can be used to create and manage Datadog - Google Cloud Platform integration. | ||
| This resource is deprecated—use the `datadog_integration_gcp_sts` resource instead. Provides a Datadog - Google Cloud Platform integration resource. This can be used to create and manage Datadog - Google Cloud Platform integration. |
There was a problem hiding this comment.
Nit: why remove the spacing around the dash in these two?
There was a problem hiding this comment.
Basically guidance from documentation: #2230 (comment)
| @@ -3,12 +3,12 @@ | |||
| page_title: "datadog_integration_gcp Resource - terraform-provider-datadog" | |||
| subcategory: "" | |||
| description: |- | |||
| This resource is deprecated — use the datadog_integration_gcp_sts resource instead. Provides a Datadog - Google Cloud Platform integration resource. This can be used to create and manage Datadog - Google Cloud Platform integration. | |||
| This resource is deprecated—use the datadog_integration_gcp_sts resource instead. Provides a Datadog - Google Cloud Platform integration resource. This can be used to create and manage Datadog - Google Cloud Platform integration. | |||
There was a problem hiding this comment.
Nit: add backticks to datadog_integration_gcp_sts as you did below?
skarimo
deleted the
sabbir.muhit/gcp-1258/add-resource-collection-flag-to-gcp-resources
branch
Added a couple of new fields to the (legacy) gcp integration resource. (NOTE: Despite being legacy, a couple of fields were added to the legacy APIs and hence needed to be added here.)
Tested locally and verified the following:
NOTE: Waiting on a new release of the datadog go client library to be released.