Add MDM OTA enrollment data source & resource

docs/data-sources/mdm_ota_enrollment.md

@@ -0,0 +1,36 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "zentral_mdm_ota_enrollment Data Source - terraform-provider-zentral"
+subcategory: ""
+description: |-
+  The data source zentral_mdm_ota_enrollment allows details of a MDM OTA enrollment to be retrieved by its ID and name.
+---
+
+# zentral_mdm_ota_enrollment (Data Source)
+
+The data source `zentral_mdm_ota_enrollment` allows details of a MDM OTA enrollment to be retrieved by its `ID` and `name`.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `id` (Number) `ID` of the MDM OTA enrollment.
+- `name` (String) Name of the MDM OTA enrollment.
+
+### Read-Only
+
+- `blueprint_id` (Number) `ID` of the MDM blueprint linked to the OTA enrollment.
+- `display_name` (String) Name of the MDM OTA enrollment as displayed on the device.
+- `meta_business_unit_id` (Number) The `ID` of the meta business unit the machine will be assigned to at enrollment.
+- `push_certificate_id` (Number) `ID` of the MDM push certificate linked to the OTA enrollment.
+- `quota` (Number) The number of time the enrollment can be used.
+- `realm_id` (Number) `ID` of the identity realm linked to the OTA enrollment.
+- `scep_config_id` (Number) `ID` of the MDM SCEP configuration linked to the OTA enrollment.
+- `scep_verification` (Boolean) Indicates if a SCEP verification is expected during the enrollment.
+- `secret` (String) Enrollment secret.
+- `serial_numbers` (Set of String) The serial numbers the enrollment is restricted to.
+- `tag_ids` (Set of Number) The `ID`s of the tags that the machine will get at enrollment.
+- `udids` (Set of String) The `UDID`s the enrollment is restricted to.

docs/resources/mdm_ota_enrollment.md

@@ -0,0 +1,39 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "zentral_mdm_ota_enrollment Resource - terraform-provider-zentral"
+subcategory: ""
+description: |-
+  The resource zentral_mdm_ota_enrollment manages MDM OTA enrollments.
+---
+
+# zentral_mdm_ota_enrollment (Resource)
+
+The resource `zentral_mdm_ota_enrollment` manages MDM OTA enrollments.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `meta_business_unit_id` (Number) The `ID` of the meta business unit the machine will be assigned to at enrollment.
+- `name` (String) Name of the MDM OTA enrollment.
+- `push_certificate_id` (Number) `ID` of the MDM push certificate linked to the OTA enrollment.
+- `scep_config_id` (Number) `ID` of the MDM SCEP configuration linked to the OTA enrollment.
+
+### Optional
+
+- `blueprint_id` (Number) `ID` of the MDM blueprint linked to the OTA enrollment.
+- `display_name` (String) Name of the MDM OTA enrollment as displayed on the device.
+- `quota` (Number) The number of time the enrollment can be used.
+- `realm_id` (Number) `ID` of the identity realm linked to the OTA enrollment.
+- `scep_verification` (Boolean) Indicates if a SCEP verification is expected during the enrollment.
+- `serial_numbers` (Set of String) The serial numbers the enrollment is restricted to.
+- `tag_ids` (Set of Number) The `ID`s of the tags that the machine will get at enrollment.
+- `udids` (Set of String) The `UDID`s the enrollment is restricted to.
+
+### Read-Only
+
+- `id` (Number) `ID` of the MDM OTA enrollment.
+- `secret` (String) Enrollment secret.

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/hashicorp/terraform-plugin-go v0.23.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
-	github.com/zentralopensource/goztl v0.1.49
+	github.com/zentralopensource/goztl v0.1.50
 )
 
 require (

go.sum

@@ -204,8 +204,8 @@ github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8
 github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
-github.com/zentralopensource/goztl v0.1.49 h1:AbVYNUb0tyaka3/r2ZI/LBGgvIRf6GBinXhq6kHjv5Q=
-github.com/zentralopensource/goztl v0.1.49/go.mod h1:I3yd+zBFHVeiBz44Ov/74YbMl21k8BpOkPg7Q8sFHUM=
+github.com/zentralopensource/goztl v0.1.50 h1:R0LnFqpwoTYrVKKWl9BUud3CSzFRm0N45jiOFsrsTpI=
+github.com/zentralopensource/goztl v0.1.50/go.mod h1:I3yd+zBFHVeiBz44Ov/74YbMl21k8BpOkPg7Q8sFHUM=
 go.abhg.dev/goldmark/frontmatter v0.2.0 h1:P8kPG0YkL12+aYk2yU3xHv4tcXzeVnN+gU0tJ5JnxRw=
 go.abhg.dev/goldmark/frontmatter v0.2.0/go.mod h1:XqrEkZuM57djk7zrlRUB02x8I5J0px76YjkOzhB4YlU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=

internal/provider/mdm_ota_enrollment.go

@@ -0,0 +1,135 @@
+package provider
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/zentralopensource/goztl"
+)
+
+type mdmOTAEnrollment struct {
+	ID                types.Int64  `tfsdk:"id"`
+	Name              types.String `tfsdk:"name"`
+	DisplayName       types.String `tfsdk:"display_name"`
+	BlueprintID       types.Int64  `tfsdk:"blueprint_id"`
+	PushCertificateID types.Int64  `tfsdk:"push_certificate_id"`
+	RealmID           types.Int64  `tfsdk:"realm_id"`
+	SCEPConfigID      types.Int64  `tfsdk:"scep_config_id"`
+	SCEPVerification  types.Bool   `tfsdk:"scep_verification"`
+	// enrollment secret
+	Secret             types.String `tfsdk:"secret"`
+	MetaBusinessUnitID types.Int64  `tfsdk:"meta_business_unit_id"`
+	TagIDs             types.Set    `tfsdk:"tag_ids"`
+	SerialNumbers      types.Set    `tfsdk:"serial_numbers"`
+	UDIDs              types.Set    `tfsdk:"udids"`
+	Quota              types.Int64  `tfsdk:"quota"`
+}
+
+func mdmOTAEnrollmentForState(moe *goztl.MDMOTAEnrollment) mdmOTAEnrollment {
+	var blueprintID types.Int64
+	if moe.BlueprintID != nil {
+		blueprintID = types.Int64Value(int64(*moe.BlueprintID))
+	} else {
+		blueprintID = types.Int64Null()
+	}
+
+	var realmID types.Int64
+	if moe.RealmID != nil {
+		realmID = types.Int64Value(int64(*moe.RealmID))
+	} else {
+		realmID = types.Int64Null()
+	}
+
+	tagIDs := make([]attr.Value, 0)
+	for _, tagID := range moe.Secret.TagIDs {
+		tagIDs = append(tagIDs, types.Int64Value(int64(tagID)))
+	}
+
+	serialNumbers := make([]attr.Value, 0)
+	for _, serialNumber := range moe.Secret.SerialNumbers {
+		serialNumbers = append(serialNumbers, types.StringValue(serialNumber))
+	}
+
+	udids := make([]attr.Value, 0)
+	for _, udid := range moe.Secret.UDIDs {
+		udids = append(udids, types.StringValue(udid))
+	}
+
+	var quota types.Int64
+	if moe.Secret.Quota != nil {
+		quota = types.Int64Value(int64(*moe.Secret.Quota))
+	} else {
+		quota = types.Int64Null()
+	}
+
+	return mdmOTAEnrollment{
+		ID:                types.Int64Value(int64(moe.ID)),
+		Name:              types.StringValue(moe.Name),
+		DisplayName:       types.StringValue(moe.DisplayName),
+		BlueprintID:       blueprintID,
+		PushCertificateID: types.Int64Value(int64(moe.PushCertificateID)),
+		RealmID:           realmID,
+		SCEPConfigID:      types.Int64Value(int64(moe.SCEPConfigID)),
+		SCEPVerification:  types.BoolValue(moe.SCEPVerification),
+		// enrollment secret
+		Secret:             types.StringValue(moe.Secret.Secret),
+		MetaBusinessUnitID: types.Int64Value(int64(moe.Secret.MetaBusinessUnitID)),
+		TagIDs:             types.SetValueMust(types.Int64Type, tagIDs),
+		SerialNumbers:      types.SetValueMust(types.StringType, serialNumbers),
+		UDIDs:              types.SetValueMust(types.StringType, udids),
+		Quota:              quota,
+	}
+}
+
+func mdmOTAEnrollmentRequestWithState(data mdmOTAEnrollment) *goztl.MDMOTAEnrollmentRequest {
+	var bpID *int
+	if !data.BlueprintID.IsNull() {
+		bpID = goztl.Int(int(data.BlueprintID.ValueInt64()))
+	}
+
+	var rID *int
+	if !data.RealmID.IsNull() {
+		rID = goztl.Int(int(data.RealmID.ValueInt64()))
+	}
+
+	var dn *string
+	if !data.DisplayName.IsNull() {
+		dn = goztl.String(data.DisplayName.ValueString())
+	}
+
+	tagIDs := make([]int, 0)
+	for _, tagID := range data.TagIDs.Elements() { // nil if null or unknown → no iterations
+		tagIDs = append(tagIDs, int(tagID.(types.Int64).ValueInt64()))
+	}
+
+	serialNumbers := make([]string, 0)
+	for _, serialNumber := range data.SerialNumbers.Elements() { // nil if null or unknown → no iterations
+		serialNumbers = append(serialNumbers, serialNumber.(types.String).ValueString())
+	}
+
+	udids := make([]string, 0)
+	for _, udid := range data.UDIDs.Elements() { // nil if null or unknown → no iterations
+		udids = append(udids, udid.(types.String).ValueString())
+	}
+
+	mdmOTAEnrollmentRequest := &goztl.MDMOTAEnrollmentRequest{
+		Name:              data.Name.ValueString(),
+		DisplayName:       dn,
+		BlueprintID:       bpID,
+		PushCertificateID: int(data.PushCertificateID.ValueInt64()),
+		RealmID:           rID,
+		SCEPConfigID:      int(data.SCEPConfigID.ValueInt64()),
+		SCEPVerification:  data.SCEPVerification.ValueBool(),
+		Secret: goztl.EnrollmentSecretRequest{
+			MetaBusinessUnitID: int(data.MetaBusinessUnitID.ValueInt64()),
+			TagIDs:             tagIDs,
+			SerialNumbers:      serialNumbers,
+			UDIDs:              udids,
+		},
+	}
+
+	if !data.Quota.IsNull() {
+		mdmOTAEnrollmentRequest.Secret.Quota = goztl.Int(int(data.Quota.ValueInt64()))
+	}
+
+	return mdmOTAEnrollmentRequest
+}