From 594278871ce9d50d372959b6732d9c252b56446c Mon Sep 17 00:00:00 2001
From: Erik Merkle <erik.merkle@datastax.com>
Date: Fri, 28 Jun 2024 17:55:14 -0500
Subject: [PATCH] Add Token creation for Enterprises (#399)

---
 docs/resources/database.md             |  2 +-
 docs/resources/token.md                |  4 ++++
 go.mod                                 |  2 +-
 go.sum                                 |  4 ++--
 internal/provider/resource_database.go |  2 +-
 internal/provider/resource_token.go    | 25 ++++++++++++++++++++++++-
 6 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/docs/resources/database.md b/docs/resources/database.md
index af6e4efb..05311b6a 100644
--- a/docs/resources/database.md
+++ b/docs/resources/database.md
@@ -69,7 +69,7 @@ output "cqlsh_url" {
 
 ### Optional
 
-- `db_type` (String) Database type. Currently only `vector` is supported. Omit this optional field if you want a regular severless database.
+- `db_type` (String) Database type. Currently only `vector` is supported. Omit this optional field if you want a regular serverless database.
 - `deletion_protection` (Boolean) Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a `terraform destroy` or `terraform apply` command that deletes the instance will fail. Defaults to `true`.
 - `keyspace` (String) Initial keyspace name. For additional keyspaces, use the astra_keyspace resource. If omitted, Astra will use its default, currently `default_keyspace`
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
diff --git a/docs/resources/token.md b/docs/resources/token.md
index 8348ee47..bb1f76e8 100644
--- a/docs/resources/token.md
+++ b/docs/resources/token.md
@@ -25,6 +25,10 @@ resource "astra_token" "example" {
 
 - `roles` (List of String) List of Role IDs to be assigned to the generated token
 
+### Optional
+
+- `org_id` (String) The UUID of the organization under which the token will be created. If not provided, the token will be created under the organization/enterprise of the token making the request.
+
 ### Read-Only
 
 - `client_id` (String) Client id, use as username in cql to connect
diff --git a/go.mod b/go.mod
index d0943c76..4814530b 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.21
 toolchain go1.22.0
 
 require (
-	github.com/datastax/astra-client-go/v2 v2.2.57
+	github.com/datastax/astra-client-go/v2 v2.2.58
 	github.com/datastax/pulsar-admin-client-go v0.0.0-20230707040954-1a4745e07587
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
diff --git a/go.sum b/go.sum
index 1f1cdf48..9e402772 100644
--- a/go.sum
+++ b/go.sum
@@ -101,8 +101,8 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/datastax/astra-client-go/v2 v2.2.57 h1:B2AvCRqWOVBs536r42TpWht1Jt1k2OLsBABLAfN0iVw=
-github.com/datastax/astra-client-go/v2 v2.2.57/go.mod h1:zxXWuqDkYia7PzFIL3T7RmjChc9LN81UnfI2yB4kE7M=
+github.com/datastax/astra-client-go/v2 v2.2.58 h1:B1fJYtp2Vip6Fbs0+u46clO3fmkqxOG09qVOCHpGTMU=
+github.com/datastax/astra-client-go/v2 v2.2.58/go.mod h1:zxXWuqDkYia7PzFIL3T7RmjChc9LN81UnfI2yB4kE7M=
 github.com/datastax/pulsar-admin-client-go v0.0.0-20230707040954-1a4745e07587 h1:3jv+O0hWcz3oj3sZ9/Ov9/m1Vaqx8Ql8jp5ZeA13O5A=
 github.com/datastax/pulsar-admin-client-go v0.0.0-20230707040954-1a4745e07587/go.mod h1:guL8YZ5gJINN+h5Kmja1AnuzhxLU3sHQL8o/8HYLtqk=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
diff --git a/internal/provider/resource_database.go b/internal/provider/resource_database.go
index 835ca724..ae46e6a8 100644
--- a/internal/provider/resource_database.go
+++ b/internal/provider/resource_database.go
@@ -91,7 +91,7 @@ func resourceDatabase() *schema.Resource {
 				Default:     true,
 			},
 			"db_type": {
-				Description:  "Database type. Currently only `vector` is supported. Omit this optional field if you want a regular severless database.",
+				Description:  "Database type. Currently only `vector` is supported. Omit this optional field if you want a regular serverless database.",
 				Type:         schema.TypeString,
 				Optional:     true,
 				ForceNew:     true,
diff --git a/internal/provider/resource_token.go b/internal/provider/resource_token.go
index 45030728..a8700479 100644
--- a/internal/provider/resource_token.go
+++ b/internal/provider/resource_token.go
@@ -33,6 +33,13 @@ func resourceToken() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			// Optional
+			"org_id": {
+				Description: "The UUID of the organization under which the token will be created. If not provided, the token will be created under the organization/enterprise of the token making the request.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+			},
 			"client_id": {
 				Description: "Client id, use as username in cql to connect",
 				Type:        schema.TypeString,
@@ -58,6 +65,17 @@ func resourceTokenCreate(ctx context.Context, d *schema.ResourceData, meta inter
 	client := meta.(astraClients).astraClient.(*astra.ClientWithResponses)
 
 	roles := d.Get("roles").([]interface{})
+	orgId := d.Get("org_id").(string)
+
+	if len(orgId) == 0 {
+		// no orgId provided, use the one associated with the effective token
+		currentOrg, err := getCurrentOrgID(ctx, client)
+		if err != nil {
+			return diag.Errorf("No Organization ID provided for token creation and an error occurred trying to fetch the Organization associated with the current API token.")
+		}
+		// use the org associated with the API token making the call if not provided
+		orgId = currentOrg
+	}
 
 	rolesList := make([]string, len(roles))
 
@@ -73,8 +91,9 @@ func resourceTokenCreate(ctx context.Context, d *schema.ResourceData, meta inter
 
 	tokenJSON := astra.GenerateTokenForClientJSONRequestBody{
 		Roles: rolesList,
+		OrgId: &orgId,
 	}
-	resp, err := client.GenerateTokenForClientWithResponse(ctx,
+	resp, err := client.GenerateAppTokenForClientWithResponse(ctx,
 		tokenJSON,
 	)
 
@@ -136,6 +155,7 @@ func setTokenData(d *schema.ResourceData, tokenMap map[string]interface{}) error
 	clientID := tokenMap["clientId"].(string)
 	secret := tokenMap["secret"].(string)
 	token := tokenMap["token"].(string)
+	responseOrgId := tokenMap["orgId"].(string)
 
 	d.SetId(fmt.Sprintf("%s", clientID))
 
@@ -148,6 +168,9 @@ func setTokenData(d *schema.ResourceData, tokenMap map[string]interface{}) error
 	if err := d.Set("token", token); err != nil {
 		return err
 	}
+	if err := d.Set("org_id", responseOrgId); err != nil {
+		return err
+	}
 
 	return nil
 }