Merge pull request 'Added gitea_token resource' (#19) from feature/token-resource into main

Reviewed-on: #19

Makefile

@@ -3,7 +3,7 @@ GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 
 GOFMT ?= gofmt -s
 
-VERSION = 0.7.4
+VERSION = 0.10.0
 
 test: fmt-check
 	go test -i $(TEST) || exit 1

README.md

@@ -17,7 +17,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.7.4"
+      version = "0.10.0"
     }
   }
 }

docs/index.md

@@ -17,7 +17,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.7.2"
+      version = "0.10.0"
     }
   }
 }

docs/resources/fork.md

@@ -0,0 +1,61 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_fork Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_fork manages repository fork to the current user or an organisation
+  Forking a repository to a dedicated user is currently unsupported
+  Creating a fork using this resource without an organisation will create the fork in the executors name
+---
+
+# gitea_fork (Resource)
+
+`gitea_fork` manages repository fork to the current user or an organisation
+Forking a repository to a dedicated user is currently unsupported
+Creating a fork using this resource without an organisation will create the fork in the executors name
+
+## Example Usage
+
+```terraform
+resource "gitea_org" "org1" {
+  name = "org1"
+}
+
+resource "gitea_org" "org2" {
+  name = "org2"
+}
+
+resource "gitea_repository" "repo1_in_org1" {
+  username = gitea_org.org1.name
+  name     = "repo1-in-org1"
+}
+
+resource "gitea_fork" "user_fork_of_repo1_in_org1" {
+  owner = gitea_org.org1.name
+  repo  = gitea_repository.repo1_in_org1.name
+}
+
+resource "gitea_fork" "org2_fork_of_repo1_in_org1" {
+  owner        = gitea_org.org1.name
+  repo         = gitea_repository.repo1_in_org1.name
+  organization = gitea_org.org2.name
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `owner` (String) The owner or owning organization of the repository to fork
+- `repo` (String) The name of the repository to fork
+
+### Optional
+
+- `organization` (String) The organization that owns the forked repo
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/git_hook.md

@@ -0,0 +1,55 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_git_hook Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_git_hook manages git hooks on a repository.
+  import is currently not supported
+  WARNING: using this resource requires to enable server side hookswhich are known to cause security issues https://github.com/go-gitea/gitea/pull/13058!
+  if you want to procede, you need to enable server side hooks as stated here https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
+---
+
+# gitea_git_hook (Resource)
+
+`gitea_git_hook` manages git hooks on a repository.
+import is currently not supported
+
+WARNING: using this resource requires to enable server side hookswhich are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!
+
+if you want to procede, you need to enable server side hooks as stated [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)
+
+## Example Usage
+
+```terraform
+resource "gitea_org" "test_org" {
+  name = "test-org"
+}
+
+resource "gitea_repository" "org_repo" {
+  username = gitea_org.test_org.name
+  name     = "org-test-repo"
+}
+
+resource "gitea_git_hook" "org_repo_post_receive" {
+  name    = "post-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/post-receive.sh")
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `content` (String) Content of the git hook
+- `name` (String) Name of the git hook to configure
+- `repo` (String) The repository that this hook belongs too.
+- `user` (String) The user (or organisation) owning the repo this hook belongs too
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/token.md

@@ -0,0 +1,67 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_token Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_token manages gitea Access Tokens.
+  Due to upstream limitations (see https://gitea.com/gitea/go-sdk/issues/610) this resource
+  can only be used with username/password provider configuration.
+  WARNING:
+  Tokens will be stored in the terraform state!
+---
+
+# gitea_token (Resource)
+
+`gitea_token` manages gitea Access Tokens.
+
+Due to upstream limitations (see https://gitea.com/gitea/go-sdk/issues/610) this resource
+can only be used with username/password provider configuration.
+
+WARNING:
+Tokens will be stored in the terraform state!
+
+## Example Usage
+
+```terraform
+provider "gitea" {
+  base_url = var.gitea_url
+  # Token Auth can not be used with this resource
+  username = var.gitea_username
+  password = var.gitea_password
+}
+
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+  admin                = true
+}
+
+resource "gitea_token" "test_token" {
+  username = resource.gitea_user.test.username
+  name     = "test-token"
+}
+
+output "token" {
+  value     = resource.gitea_token.test_token.token
+  sensitive = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the Access Token
+- `username` (String) The owner of the Access Token
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `last_eight` (String)
+- `token` (String, Sensitive) The actual Access Token
+
+

examples/main.tf

@@ -56,3 +56,52 @@ resource "gitea_team" "test_team" {
   permission   = "write"
   members      = [gitea_user.test.username]
 }
+
+resource "gitea_team" "admin_team" {
+  name         = "Admins"
+  organisation = gitea_org.test_org.name
+  description  = "Admins of Test Org"
+  permission   = "admin"
+  members      = [data.gitea_user.me.username]
+}
+
+resource "gitea_git_hook" "org_repo_pre_receive" {
+  name    = "pre-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/pre-receive.sh")
+}
+
+resource "gitea_org" "org1" {
+  name = "org1"
+}
+
+resource "gitea_org" "org2" {
+  name = "org2"
+}
+
+resource "gitea_repository" "repo1_in_org1" {
+  username = gitea_org.org1.name
+  name     = "repo1-in-org1"
+}
+
+resource "gitea_fork" "user_fork_of_repo1_in_org1" {
+  owner = gitea_org.org1.name
+  repo  = gitea_repository.repo1_in_org1.name
+}
+
+resource "gitea_fork" "org2_fork_of_repo1_in_org1" {
+  owner        = gitea_org.org1.name
+  repo         = gitea_repository.repo1_in_org1.name
+  organization = gitea_org.org2.name
+}
+
+resource "gitea_token" "test_token" {
+  username = data.gitea_user.me.username
+  name     = "test-token"
+}
+
+output "token" {
+  value = resource.gitea_token.test_token.token
+  sensitive = true
+}

examples/pre-receive.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        echo "wrong branch"
+        exit 1
+    fi
+done

examples/provider.tf

@@ -2,12 +2,14 @@ terraform {
   required_providers {
     gitea = {
       source = "terraform.local/lerentis/gitea"
-      version = "0.7.4"
+      version = "0.10.0"
     }
   }
 }
 
 provider "gitea" {
   base_url = var.gitea_url
-  token    = var.gitea_token
+  username = "lerentis"
+  password = var.gitea_password
+  #token    = var.gitea_token
 }

examples/provider/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.7.4"
+      version = "0.10.0"
     }
   }
 }

examples/resources/gitea_fork/resource.tf

@@ -0,0 +1,23 @@
+resource "gitea_org" "org1" {
+  name = "org1"
+}
+
+resource "gitea_org" "org2" {
+  name = "org2"
+}
+
+resource "gitea_repository" "repo1_in_org1" {
+  username = gitea_org.org1.name
+  name     = "repo1-in-org1"
+}
+
+resource "gitea_fork" "user_fork_of_repo1_in_org1" {
+  owner = gitea_org.org1.name
+  repo  = gitea_repository.repo1_in_org1.name
+}
+
+resource "gitea_fork" "org2_fork_of_repo1_in_org1" {
+  owner        = gitea_org.org1.name
+  repo         = gitea_repository.repo1_in_org1.name
+  organization = gitea_org.org2.name
+}

examples/resources/gitea_git_hook/post-receive.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+while read oldrev newrev refname
+do
+    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+    if [ "master" = "$branch" ]; then
+        # Do something
+    fi
+done

examples/resources/gitea_git_hook/resource.tf

@@ -0,0 +1,15 @@
+resource "gitea_org" "test_org" {
+  name = "test-org"
+}
+
+resource "gitea_repository" "org_repo" {
+  username = gitea_org.test_org.name
+  name     = "org-test-repo"
+}
+
+resource "gitea_git_hook" "org_repo_post_receive" {
+  name    = "post-receive"
+  user    = gitea_org.test_org.name
+  repo    = gitea_repository.org_repo.name
+  content = file("${path.module}/post-receive.sh")
+}

examples/resources/gitea_token/resource.tf

@@ -0,0 +1,25 @@
+provider "gitea" {
+  base_url = var.gitea_url
+  # Token Auth can not be used with this resource
+  username = var.gitea_username
+  password = var.gitea_password
+}
+
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+  admin                = true
+}
+
+resource "gitea_token" "test_token" {
+  username = resource.gitea_user.test.username
+  name     = "test-token"
+}
+
+output "token" {
+  value     = resource.gitea_token.test_token.token
+  sensitive = true
+}

examples/variables.tf

@@ -9,3 +9,7 @@ variable "gitea_token" {
 variable "gitea_mirror_token" {
   
 }
+
+variable "gitea_password" {
+  
+}

gitea/provider.go

@@ -78,8 +78,11 @@ func Provider() *schema.Provider {
 			"gitea_user":       resourceGiteaUser(),
 			"gitea_oauth2_app": resourceGiteaOauthApp(),
 			"gitea_repository": resourceGiteaRepository(),
+			"gitea_fork":       resourceGiteaFork(),
 			"gitea_public_key": resourceGiteaPublicKey(),
 			"gitea_team":       resourceGiteaTeam(),
+			"gitea_git_hook":   resourceGiteaGitHook(),
+			"gitea_token":      resourceGiteaToken(),
 		},
 
 		ConfigureFunc: providerConfigure,

gitea/resource_gitea_fork.go

@@ -0,0 +1,127 @@
+package gitea
+
+import (
+	"fmt"
+	"strconv"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	forkOwner        string = "owner"
+	forkRepo         string = "repo"
+	forkOrganization string = "organization"
+)
+
+func resourceForkCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	var opts gitea.CreateForkOption
+	var org string
+	org = d.Get(forkOrganization).(string)
+	if org != "" {
+		opts.Organization = &org
+	}
+
+	repo, _, err := client.CreateFork(d.Get(forkOwner).(string),
+		d.Get(forkRepo).(string),
+		opts)
+	if err == nil {
+		err = setForkResourceData(repo, d)
+	}
+	return err
+}
+
+func resourceForkRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+	var resp *gitea.Response
+
+	if err != nil {
+		return err
+	}
+
+	repo, resp, err := client.GetRepoByID(id)
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return nil
+		} else {
+			return err
+		}
+	}
+
+	err = setForkResourceData(repo, d)
+
+	return
+}
+
+func resourceForkDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+
+	if err != nil {
+		return err
+	}
+
+	repo, _, err := client.GetRepoByID(id)
+	var resp *gitea.Response
+
+	resp, err = client.DeleteRepo(repo.Owner.UserName, repo.Name)
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			return
+		} else {
+			return err
+		}
+	}
+
+	return
+}
+
+func setForkResourceData(repo *gitea.Repository, d *schema.ResourceData) (err error) {
+
+	d.SetId(fmt.Sprintf("%d", repo.ID))
+
+	return
+}
+
+func resourceGiteaFork() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceForkRead,
+		Create: resourceForkCreate,
+		Delete: resourceForkDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"owner": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The owner or owning organization of the repository to fork",
+			},
+			"repo": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The name of the repository to fork",
+			},
+			"organization": {
+				Type:        schema.TypeString,
+				Required:    false,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "The organization that owns the forked repo",
+			},
+		},
+		Description: "`gitea_fork` manages repository fork to the current user or an organisation\n" +
+			"Forking a repository to a dedicated user is currently unsupported\n" +
+			"Creating a fork using this resource without an organisation will create the fork in the executors name",
+	}
+}

gitea/resource_gitea_git_hook.go

@@ -0,0 +1,120 @@
+package gitea
+
+import (
+	"fmt"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	GitHookUser    string = "user"
+	GitHookRepo    string = "repo"
+	GitHookName    string = "name"
+	GitHookContent string = "content"
+)
+
+func resourceGitHookRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	gitHook, _, err := client.GetRepoGitHook(user, repo, name)
+
+	if err != nil {
+		return err
+	}
+
+	err = setGitHookResourceData(user, repo, gitHook, d)
+
+	return
+}
+
+func resourceGitHookUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	opts := gitea.EditGitHookOption{
+		Content: d.Get(GitHookContent).(string),
+	}
+
+	_, err = client.EditRepoGitHook(user, repo, name, opts)
+
+	if err != nil {
+		return err
+	}
+
+	// Get gitHook ourselves, EditRepoGitHook does not return it
+	gitHook, _, err := client.GetRepoGitHook(user, repo, name)
+
+	if err != nil {
+		return err
+	}
+
+	err = setGitHookResourceData(user, repo, gitHook, d)
+
+	return
+}
+
+func resourceGitHookDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(GitHookUser).(string)
+	repo := d.Get(GitHookRepo).(string)
+	name := d.Get(GitHookName).(string)
+
+	_, err = client.DeleteRepoGitHook(user, repo, name)
+
+	return
+}
+
+func setGitHookResourceData(user string, repo string, gitHook *gitea.GitHook, d *schema.ResourceData) (err error) {
+	d.SetId(fmt.Sprintf("%s/%s/%s", user, repo, gitHook.Name))
+	d.Set(GitHookUser, user)
+	d.Set(GitHookRepo, repo)
+	d.Set(GitHookName, gitHook.Name)
+	d.Set(GitHookContent, gitHook.Content)
+	return
+}
+
+func resourceGiteaGitHook() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceGitHookRead,
+		Create: resourceGitHookUpdate, // All hooks already exist, just empty and disabled
+		Update: resourceGitHookUpdate,
+		Delete: resourceGitHookDelete,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Name of the git hook to configure",
+			},
+			"repo": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The repository that this hook belongs too.",
+			},
+			"user": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The user (or organisation) owning the repo this hook belongs too",
+			},
+			"content": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Content of the git hook",
+			},
+		},
+		Description: "`gitea_git_hook` manages git hooks on a repository.\n" +
+			"import is currently not supported\n\n" +
+			"WARNING: using this resource requires to enable server side hooks" +
+			"which are known to cause [security issues](https://github.com/go-gitea/gitea/pull/13058)!\n\n" +
+			"if you want to procede, you need to enable server side hooks as stated" +
+			" [here](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)",
+	}
+}

gitea/resource_gitea_token.go

@@ -0,0 +1,151 @@
+package gitea
+
+import (
+	"fmt"
+	"strconv"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	TokenUsername  string = "username"
+	TokenName      string = "name"
+	TokenHash      string = "token"
+	TokenLastEight string = "last_eight"
+)
+
+func searchTokenById(c *gitea.Client, id int64) (res *gitea.AccessToken, err error) {
+	page := 1
+
+	for {
+		tokens, _, err := c.ListAccessTokens(gitea.ListAccessTokensOptions{
+			ListOptions: gitea.ListOptions{
+				Page:     page,
+				PageSize: 50,
+			},
+		})
+		if err != nil {
+			return nil, err
+		}
+
+		if len(tokens) == 0 {
+			return nil, fmt.Errorf("Token with ID %d could not be found", id)
+		}
+
+		for _, token := range tokens {
+			if token.ID == id {
+				return token, nil
+			}
+		}
+
+		page += 1
+	}
+}
+
+func resourceTokenCreate(d *schema.ResourceData, meta interface{}) (err error) {
+
+	client := meta.(*gitea.Client)
+
+	var opt gitea.CreateAccessTokenOption
+	opt.Name = d.Get(TokenName).(string)
+
+	token, _, err := client.CreateAccessToken(opt)
+
+	if err != nil {
+		return err
+	}
+
+	err = setTokenResourceData(token, d)
+
+	return
+}
+
+func resourceTokenRead(d *schema.ResourceData, meta interface{}) (err error) {
+
+	client := meta.(*gitea.Client)
+
+	var token *gitea.AccessToken
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+
+	token, err = searchTokenById(client, id)
+
+	if err != nil {
+		return err
+	}
+
+	err = setTokenResourceData(token, d)
+
+	return
+}
+
+func resourceTokenDelete(d *schema.ResourceData, meta interface{}) (err error) {
+
+	client := meta.(*gitea.Client)
+	var resp *gitea.Response
+
+	resp, err = client.DeleteAccessToken(d.Get(TokenName).(string))
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			return
+		} else {
+			return err
+		}
+	}
+
+	return
+}
+
+func setTokenResourceData(token *gitea.AccessToken, d *schema.ResourceData) (err error) {
+
+	d.SetId(fmt.Sprintf("%d", token.ID))
+	d.Set(TokenName, token.Name)
+	if token.Token != "" {
+		d.Set(TokenHash, token.Token)
+	}
+	d.Set(TokenLastEight, token.TokenLastEight)
+
+	return
+}
+
+func resourceGiteaToken() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceTokenRead,
+		Create: resourceTokenCreate,
+		Delete: resourceTokenDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The owner of the Access Token",
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The name of the Access Token",
+			},
+			"token": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Sensitive:   true,
+				Description: "The actual Access Token",
+			},
+			"last_eight": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+		Description: "`gitea_token` manages gitea Access Tokens.\n\n" +
+			"Due to upstream limitations (see https://gitea.com/gitea/go-sdk/issues/610) this resource\n" +
+			"can only be used with username/password provider configuration.\n\n" +
+			"WARNING:\n" +
+			"Tokens will be stored in the terraform state!",
+	}
+}

scripts/docker-compose.yaml

@@ -6,11 +6,12 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:1.16.8
+    image: gitea/gitea:1.17.1
     container_name: gitea
     environment:
       - USER_UID=1000
       - USER_GID=1000
+      - DISABLE_GIT_HOOKS=false
     restart: always
     networks:
       - gitea