PER-13046-add-tenant-tf (#51)

* PER-13046-add-tenant-tf

* lint fix

Author: EliMoshkovich

README.md

@@ -89,6 +89,20 @@ resource "permitio_user_attribute" "department" {
 }
 ```
 
+#### Create a Tenant
+
+```hcl
+resource "permitio_tenant" "acme_corp" {
+  key         = "acme-corp"
+  name        = "Acme Corporation"
+  description = "Main tenant for Acme Corporation"
+  attributes  = jsonencode({
+    region = "us-west"
+    tier   = "enterprise"
+  })
+}
+```
+
 ## Requirements
 
 - [Terraform](https://developer.hashicorp.com/terraform/downloads) >= 1.0

internal/provider/provider.go

@@ -20,6 +20,7 @@ import (
 	"github.com/permitio/terraform-provider-permit-io/internal/provider/resources"
 	"github.com/permitio/terraform-provider-permit-io/internal/provider/role_derivations"
 	"github.com/permitio/terraform-provider-permit-io/internal/provider/roles"
+	"github.com/permitio/terraform-provider-permit-io/internal/provider/tenants"
 	"github.com/permitio/terraform-provider-permit-io/internal/provider/user_attributes"
 
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
@@ -186,6 +187,7 @@ func (p *PermitProvider) Resources(_ context.Context) []func() resource.Resource
 		proxy_configs.NewProxyConfigResource,
 		relations.NewRelationResource,
 		role_derivations.NewRoleDerivationResource,
+		tenants.NewTenantResource,
 		user_attributes.NewUserAttributeResource,
 	}
 }

internal/provider/tenants/client.go

@@ -0,0 +1,77 @@
+package tenants
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/permitio/permit-golang/pkg/models"
+	"github.com/permitio/permit-golang/pkg/permit"
+)
+
+type tenantClient struct {
+	client *permit.Client
+}
+
+func (c *tenantClient) Create(ctx context.Context, plan tenantModel) (tenantModel, error) {
+	// Parse attributes from JSON string
+	var attributes map[string]interface{}
+	if !plan.Attributes.IsNull() && plan.Attributes.ValueString() != "" {
+		err := json.Unmarshal([]byte(plan.Attributes.ValueString()), &attributes)
+		if err != nil {
+			return tenantModel{}, err
+		}
+	}
+
+	tenantCreate := models.TenantCreate{
+		Key:         plan.Key.ValueString(),
+		Name:        plan.Name.ValueString(),
+		Description: plan.Description.ValueStringPointer(),
+		Attributes:  attributes,
+	}
+
+	createdTenant, err := c.client.Api.Tenants.Create(ctx, tenantCreate)
+
+	if err != nil {
+		return tenantModel{}, err
+	}
+
+	return tfModelFromTenantRead(*createdTenant), nil
+}
+
+func (c *tenantClient) Read(ctx context.Context, key string) (tenantModel, error) {
+	tenantRead, err := c.client.Api.Tenants.Get(ctx, key)
+
+	if err != nil {
+		return tenantModel{}, err
+	}
+
+	return tfModelFromTenantRead(*tenantRead), nil
+}
+
+func (c *tenantClient) Update(ctx context.Context, plan tenantModel) (tenantModel, error) {
+	// Parse attributes from JSON string
+	var attributes map[string]interface{}
+	if !plan.Attributes.IsNull() && plan.Attributes.ValueString() != "" {
+		err := json.Unmarshal([]byte(plan.Attributes.ValueString()), &attributes)
+		if err != nil {
+			return tenantModel{}, err
+		}
+	}
+
+	tenantUpdate := models.TenantUpdate{
+		Name:        plan.Name.ValueStringPointer(),
+		Description: plan.Description.ValueStringPointer(),
+		Attributes:  attributes,
+	}
+
+	updatedTenant, err := c.client.Api.Tenants.Update(ctx, plan.Key.ValueString(), tenantUpdate)
+
+	if err != nil {
+		return tenantModel{}, err
+	}
+
+	return tfModelFromTenantRead(*updatedTenant), nil
+}
+
+func (c *tenantClient) Delete(ctx context.Context, key string) error {
+	return c.client.Api.Tenants.Delete(ctx, key)
+}

internal/provider/tenants/model.go

@@ -0,0 +1,49 @@
+package tenants
+
+import (
+	"encoding/json"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/permitio/permit-golang/pkg/models"
+)
+
+type tenantModel struct {
+	Id             types.String `tfsdk:"id"`
+	OrganizationId types.String `tfsdk:"organization_id"`
+	ProjectId      types.String `tfsdk:"project_id"`
+	EnvironmentId  types.String `tfsdk:"environment_id"`
+	CreatedAt      types.String `tfsdk:"created_at"`
+	UpdatedAt      types.String `tfsdk:"updated_at"`
+	LastActionAt   types.String `tfsdk:"last_action_at"`
+	Key            types.String `tfsdk:"key"`
+	Name           types.String `tfsdk:"name"`
+	Description    types.String `tfsdk:"description"`
+	Attributes     types.String `tfsdk:"attributes"`
+}
+
+func tfModelFromTenantRead(m models.TenantRead) tenantModel {
+	r := tenantModel{}
+	r.Id = types.StringValue(m.Id)
+	r.Key = types.StringValue(m.Key)
+	r.Name = types.StringValue(m.Name)
+	r.Description = types.StringPointerValue(m.Description)
+	r.EnvironmentId = types.StringValue(m.EnvironmentId)
+	r.ProjectId = types.StringValue(m.ProjectId)
+	r.OrganizationId = types.StringValue(m.OrganizationId)
+	r.CreatedAt = types.StringValue(m.CreatedAt.String())
+	r.UpdatedAt = types.StringValue(m.UpdatedAt.String())
+	r.LastActionAt = types.StringValue(m.LastActionAt.String())
+
+	// Convert attributes map to JSON string
+	if len(m.Attributes) > 0 {
+		attributesJSON, err := json.Marshal(m.Attributes)
+		if err == nil {
+			r.Attributes = types.StringValue(string(attributesJSON))
+		} else {
+			r.Attributes = types.StringValue("{}")
+		}
+	} else {
+		r.Attributes = types.StringNull()
+	}
+
+	return r
+}

internal/provider/tenants/resource.go

@@ -0,0 +1,136 @@
+package tenants
+
+import (
+	"context"
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/permitio/terraform-provider-permit-io/internal/provider/common"
+)
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+	_ resource.Resource              = &TenantResource{}
+	_ resource.ResourceWithConfigure = &TenantResource{}
+)
+
+func NewTenantResource() resource.Resource {
+	return &TenantResource{}
+}
+
+type TenantResource struct {
+	client tenantClient
+}
+
+func (r *TenantResource) Configure(ctx context.Context, request resource.ConfigureRequest, response *resource.ConfigureResponse) {
+	permitClient := common.Configure(ctx, request, response)
+	r.client = tenantClient{client: permitClient}
+}
+
+func (r *TenantResource) Metadata(_ context.Context, request resource.MetadataRequest, response *resource.MetadataResponse) {
+	response.TypeName = request.ProviderTypeName + "_tenant"
+}
+
+func (r *TenantResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
+	attributes := common.CreateBaseResourceSchema()
+
+	attributes["last_action_at"] = schema.StringAttribute{
+		MarkdownDescription: "Date and time when the tenant was last active (ISO_8601 format). In other words, this is the last time a permission check was done on a resource belonging to this tenant.",
+		Computed:            true,
+	}
+
+	attributes["attributes"] = schema.StringAttribute{
+		MarkdownDescription: "Arbitrary tenant attributes in JSON format that will be used to enforce attribute-based access control policies.",
+		Optional:            true,
+		Computed:            true,
+	}
+
+	resp.Schema = schema.Schema{
+		Attributes:          attributes,
+		MarkdownDescription: "Manages a Permit.io tenant. Tenants represent isolated groups or organizations within your application. See [the documentation](https://api.permit.io/v2/redoc#tag/Tenants) for more information about tenants.",
+	}
+}
+
+func (r *TenantResource) Create(ctx context.Context, request resource.CreateRequest, response *resource.CreateResponse) {
+	var plan tenantModel
+
+	response.Diagnostics.Append(request.Plan.Get(ctx, &plan)...)
+
+	if response.Diagnostics.HasError() {
+		return
+	}
+
+	tenantRead, err := r.client.Create(ctx, plan)
+
+	if err != nil {
+		response.Diagnostics.AddError(
+			"Unable to create tenant",
+			fmt.Errorf("unable to create tenant: %w", err).Error(),
+		)
+		return
+	}
+
+	response.Diagnostics.Append(response.State.Set(ctx, tenantRead)...)
+}
+
+func (r *TenantResource) Read(ctx context.Context, request resource.ReadRequest, response *resource.ReadResponse) {
+	var model tenantModel
+
+	response.Diagnostics.Append(request.State.Get(ctx, &model)...)
+
+	if response.Diagnostics.HasError() {
+		return
+	}
+
+	tenantRead, err := r.client.Read(ctx, model.Key.ValueString())
+
+	if err != nil {
+		response.Diagnostics.AddError(
+			"Unable to read tenant",
+			fmt.Errorf("unable to read tenant: %w", err).Error(),
+		)
+		return
+	}
+
+	response.Diagnostics.Append(response.State.Set(ctx, &tenantRead)...)
+}
+
+func (r *TenantResource) Update(ctx context.Context, request resource.UpdateRequest, response *resource.UpdateResponse) {
+	var plan tenantModel
+
+	response.Diagnostics.Append(request.Plan.Get(ctx, &plan)...)
+
+	if response.Diagnostics.HasError() {
+		return
+	}
+
+	tenantRead, err := r.client.Update(ctx, plan)
+
+	if err != nil {
+		response.Diagnostics.AddError(
+			"Unable to update tenant",
+			fmt.Errorf("unable to update tenant: %w", err).Error(),
+		)
+		return
+	}
+
+	response.Diagnostics.Append(response.State.Set(ctx, tenantRead)...)
+}
+
+func (r *TenantResource) Delete(ctx context.Context, request resource.DeleteRequest, response *resource.DeleteResponse) {
+	var model tenantModel
+	response.Diagnostics.Append(request.State.Get(ctx, &model)...)
+
+	if response.Diagnostics.HasError() {
+		return
+	}
+
+	err := r.client.Delete(ctx, model.Key.ValueString())
+
+	if err != nil {
+		response.Diagnostics.AddError(
+			"Unable to delete tenant",
+			fmt.Errorf("unable to delete tenant: %w", err).Error(),
+		)
+	}
+}