Add resource turbot_guardrail_attachment. Closes #201

apiClient/guardrail.go

@@ -0,0 +1,39 @@
+package apiClient
+
+func (client *Client) CreateGuardrail(input map[string]interface{}) (*Guardrail, error) {
+	query := createGuardrailMutation()
+	responseData := &GuardrailResponse{}
+	variables := map[string]interface{}{
+		"input": input,
+	}
+
+	// execute api call
+	if err := client.doRequest(query, variables, responseData); err != nil {
+		return nil, client.handleCreateError(err, input, "guardrail")
+	}
+	return &responseData.Guardrail, nil
+}
+
+func (client *Client) ReadGuardrail(id string) (*Guardrail, error) {
+	query := readGuardrailQuery(id)
+	responseData := &GuardrailResponse{}
+
+	// execute api call
+	if err := client.doRequest(query, nil, responseData); err != nil {
+		return nil, client.handleReadError(err, id, "guardrail")
+	}
+	return &responseData.Guardrail, nil
+}
+
+func (client *Client) UpdateGuardrail(input map[string]interface{}) (*Guardrail, error) {
+	query := updateGuardrailMutation()
+	responseData := &GuardrailResponse{}
+	variables := map[string]interface{}{
+		"input": input,
+	}
+	// execute api call
+	if err := client.doRequest(query, variables, responseData); err != nil {
+		return nil, client.handleUpdateError(err, input, "guardrail")
+	}
+	return &responseData.Guardrail, nil
+}

apiClient/guardrail_attachment.go

@@ -0,0 +1,34 @@
+package apiClient
+
+import (
+	"fmt"
+)
+
+func (client *Client) AttachGuardrail(input map[string]interface{}) (*TurbotResourceMetadata, error) {
+	query := attachGuardrailMutation()
+	responseData := &AttachGuardrailResponse{}
+
+	variables := map[string]interface{}{
+		"input": input,
+	}
+
+	// execute api call
+	if err := client.doRequest(query, variables, responseData); err != nil {
+		return nil, client.handleCreateError(err, input, "guardrail attachment")
+	}
+	return &responseData.Turbot, nil
+}
+
+func (client *Client) DetachGuardrail(input map[string]interface{}) error {
+	query := detachGuardrailMutation()
+	var responseData interface{}
+
+	variables := map[string]interface{}{
+		"input": input,
+	}
+	// execute api call
+	if err := client.doRequest(query, variables, responseData); err != nil {
+		return fmt.Errorf("error deleting guardrail attachment: %s", err.Error())
+	}
+	return nil
+}

apiClient/queries.go

@@ -732,3 +732,88 @@ func (client *Client) GetTurbotWorkspaceVersion() (*semver.Version, error) {
 	}
 	return version, nil
 }
+
+// guardrail
+
+func createGuardrailMutation() string {
+	return `mutation CreateGuardrail($input: CreateGuardrailInput!) {
+		guardrail: createGuardrail(input: $input) {
+			title
+			description
+			tags
+			turbot {
+				id
+				akas
+				title
+			}
+		}
+	}`
+}
+
+func readGuardrailQuery(id string) string {
+	return fmt.Sprintf(`{
+		guardrail: guardrail(id: "%s") {
+			description
+			turbot {
+				id
+				akas
+				title
+				tags
+			}
+			accounts {
+				items {
+					turbot {
+						id
+						akas
+					}
+				}
+			}
+			targets {
+				items {
+					uri
+				}
+			}
+			controlTypes {
+				items {
+					uri
+				}
+			}
+		}
+	}`, id)
+}
+
+func updateGuardrailMutation() string {
+	return `mutation UpdateGuardrail($input: UpdateGuardrailInput!) {
+		guardrail: updateGuardrail(input: $input) {
+			description
+			tags
+			turbot {
+				id
+				akas
+				title
+			}
+		}
+	}`
+}
+
+func attachGuardrailMutation() string {
+	return `mutation AttachGuardrail($input: AttachGuardrailInput!) {
+		guardrail: attachGuardrails(input: $input) {
+			turbot {
+				id
+				akas
+				title
+			}
+		}
+	}`
+}
+
+func detachGuardrailMutation() string {
+	return `mutation DetachGuardrail($input: DetachGuardrailInput!) {
+		guardrail: detachGuardrails(input: $input) {
+			turbot {
+				id
+			}
+		}
+	}`
+}

apiClient/types.go

@@ -520,3 +520,39 @@ type TurbotWatchMetadata struct {
 	ResourceId string
 	FavoriteId string
 }
+
+// Guardrail
+
+type GuardrailResponse struct {
+	Guardrail Guardrail
+}
+
+type Guardrail struct {
+	Description string
+	Turbot      TurbotResourceMetadata
+	Accounts    struct {
+		Items []Account
+	}
+	ControlTypes struct {
+		Items []ControlType
+	}
+	Targets struct {
+		Items []Target
+	}
+}
+
+type AttachGuardrailResponse struct {
+	Turbot TurbotResourceMetadata
+}
+
+type Account struct {
+	Turbot TurbotResourceMetadata
+}
+
+type ControlType struct {
+	Uri string
+}
+
+type Target struct {
+	Uri string
+}

errors/errors.go

@@ -2,11 +2,12 @@ package errors
 
 import (
 	"fmt"
-	"github.com/pkg/errors"
 	"net/http"
 	"regexp"
 	"strconv"
 	"strings"
+
+	"github.com/pkg/errors"
 )
 
 func NotFoundError(err error) bool {
@@ -21,6 +22,12 @@ func FailedValidationError(err error) bool {
 	return expectedErr.Match([]byte(err.Error()))
 }
 
+func ForbiddenError(err error) bool {
+	forbiddenErr := "(?i)graphql: Forbidden: Insufficient permissions for resource(?i)"
+	expectedErr := regexp.MustCompile(forbiddenErr)
+	return expectedErr.Match([]byte(err.Error()))
+}
+
 func ExtractErrorCode(err error) (int, error) {
 	// error returned from machinebox/graphql is of graphql type
 	// errorNon200Template = "graphql: server returned a non-200 status code: 503"

turbot/provider.go

@@ -41,6 +41,8 @@ func Provider() terraform.ResourceProvider {
 			"turbot_google_directory":        resourceGoogleDirectory(),
 			"turbot_grant":                   resourceTurbotGrant(),
 			"turbot_grant_activation":        resourceTurbotGrantActivation(),
+			"turbot_guardrail":               resourceTurbotGuardrail(),
+			"turbot_guardrail_attachment":    resourceTurbotGuardrailAttachment(),
 			"turbot_ldap_directory":          resourceTurbotLdapDirectory(),
 			"turbot_local_directory":         resourceTurbotLocalDirectory(),
 			"turbot_local_directory_user":    resourceTurbotLocalDirectoryUser(),