Enhance cloudstack_role data source and resource with filter support and improved documentation

- Added filter support to the cloudstack_role data source for role retrieval.
- Updated resource_cloudstack_role to require either role_id or type.
- Enhanced documentation for both data source and resource with examples and argument descriptions.

Author: ianc769

cloudstack/data_source_cloudstack_role.go

@@ -20,8 +20,11 @@
 package cloudstack
 
 import (
+	"encoding/json"
 	"fmt"
 	"log"
+	"regexp"
+	"strings"
 
 	"github.com/apache/cloudstack-go/v2/cloudstack"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -33,15 +36,14 @@ func dataSourceCloudstackRole() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"filter": dataSourceFiltersSchema(),
 
+			//Computed values
 			"id": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 
 			"name": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 
@@ -65,24 +67,36 @@ func dataSourceCloudstackRole() *schema.Resource {
 
 func dataSourceCloudstackRoleRead(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
+	p := cs.Role.NewListRolesParams()
 
-	var err error
+	csRoles, err := cs.Role.ListRoles(p)
+	if err != nil {
+		return fmt.Errorf("failed to list roles: %s", err)
+	}
+
+	filters := d.Get("filter")
 	var role *cloudstack.Role
 
-	if id, ok := d.GetOk("id"); ok {
-		log.Printf("[DEBUG] Getting Role by ID: %s", id.(string))
-		role, _, err = cs.Role.GetRoleByID(id.(string))
-	} else if name, ok := d.GetOk("name"); ok {
-		log.Printf("[DEBUG] Getting Role by name: %s", name.(string))
-		role, _, err = cs.Role.GetRoleByName(name.(string))
-	} else {
-		return fmt.Errorf("Either 'id' or 'name' must be specified")
+	for _, r := range csRoles.Roles {
+		match, err := applyRoleFilters(r, filters.(*schema.Set))
+		if err != nil {
+			return err
+		}
+		if match {
+			role = r
+			break
+		}
 	}
 
-	if err != nil {
-		return err
+	if role == nil {
+		return fmt.Errorf("no role is matching with the specified criteria")
 	}
+	log.Printf("[DEBUG] Selected role: %s\n", role.Name)
+
+	return roleDescriptionAttributes(d, role)
+}
 
+func roleDescriptionAttributes(d *schema.ResourceData, role *cloudstack.Role) error {
 	d.SetId(role.Id)
 	d.Set("name", role.Name)
 	d.Set("type", role.Type)
@@ -91,3 +105,55 @@ func dataSourceCloudstackRoleRead(d *schema.ResourceData, meta interface{}) erro
 
 	return nil
 }
+
+func latestRole(roles []*cloudstack.Role) (*cloudstack.Role, error) {
+	// Since the Role struct doesn't have a Created field,
+	// we'll just return the first role in the list
+	if len(roles) > 0 {
+		return roles[0], nil
+	}
+	return nil, fmt.Errorf("no roles found")
+}
+
+func applyRoleFilters(role *cloudstack.Role, filters *schema.Set) (bool, error) {
+	var roleJSON map[string]interface{}
+	k, _ := json.Marshal(role)
+	err := json.Unmarshal(k, &roleJSON)
+	if err != nil {
+		return false, err
+	}
+
+	for _, f := range filters.List() {
+		m := f.(map[string]interface{})
+		r, err := regexp.Compile(m["value"].(string))
+		if err != nil {
+			return false, fmt.Errorf("invalid regex: %s", err)
+		}
+		updatedName := strings.ReplaceAll(m["name"].(string), "_", "")
+
+		// Check if the field exists in the role JSON
+		roleField, ok := roleJSON[updatedName]
+		if !ok {
+			return false, fmt.Errorf("field %s does not exist in role", updatedName)
+		}
+
+		// Convert the field to string for regex matching
+		var roleFieldStr string
+		switch v := roleField.(type) {
+		case string:
+			roleFieldStr = v
+		case bool:
+			roleFieldStr = fmt.Sprintf("%t", v)
+		case float64:
+			roleFieldStr = fmt.Sprintf("%g", v)
+		default:
+			roleFieldStr = fmt.Sprintf("%v", v)
+		}
+
+		if !r.MatchString(roleFieldStr) {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}

cloudstack/data_source_cloudstack_role_test.go

@@ -53,6 +53,9 @@ resource "cloudstack_role" "foo" {
 }
 
 data "cloudstack_role" "role" {
-  name = "${cloudstack_role.foo.name}"
+  filter {
+    name = "name"
+    value = "${cloudstack_role.foo.name}"
+  }
 }
 `

cloudstack/resource_cloudstack_role.go

@@ -39,19 +39,27 @@ func resourceCloudStackRole() *schema.Resource {
 				Required: true,
 			},
 			"type": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "The type of the role, valid options are: Admin, ResourceAdmin, DomainAdmin, User",
 			},
 			"description": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 			},
 			"is_public": {
-				Type:     schema.TypeBool,
-				Optional: true,
-				Default:  false,
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Indicates whether the role will be visible to all users (public) or only to root admins (private). Default is true.",
+			},
+			"role_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "ID of the role to be cloned from. Either role_id or type must be passed in.",
 			},
 		},
 	}
@@ -64,8 +72,17 @@ func resourceCloudStackRoleCreate(d *schema.ResourceData, meta interface{}) erro
 	// Create a new parameter struct
 	p := cs.Role.NewCreateRoleParams(name)
 
-	if roleType, ok := d.GetOk("type"); ok {
+	// Check if either role_id or type is provided
+	roleID, roleIDOk := d.GetOk("role_id")
+	roleType, roleTypeOk := d.GetOk("type")
+
+	if roleIDOk {
+		p.SetRoleid(roleID.(string))
+	} else if roleTypeOk {
 		p.SetType(roleType.(string))
+	} else {
+		// According to the API, either roleid or type must be passed in
+		return fmt.Errorf("either role_id or type must be specified")
 	}
 
 	if description, ok := d.GetOk("description"); ok {

website/docs/d/role.html.markdown

@@ -14,7 +14,10 @@ Use this data source to get information about a role for use in other resources.
 
 ```hcl
 data "cloudstack_role" "admin" {
-  name = "Admin"
+  filter {
+    name = "name"
+    value = "Admin"
+  }
 }
 
 resource "cloudstack_account" "example" {
@@ -32,10 +35,18 @@ resource "cloudstack_account" "example" {
 
 The following arguments are supported:
 
-* `id` - (Optional) The ID of the role.
-* `name` - (Optional) The name of the role.
+* `filter` - (Required) One or more name/value pairs to filter off of. See the example below for usage.
 
-At least one of the above arguments is required.
+## Filter Example
+
+```hcl
+data "cloudstack_role" "admin" {
+  filter {
+    name = "name"
+    value = "Admin"
+  }
+}
+```
 
 ## Attributes Reference
 

website/docs/r/role.html.markdown

@@ -13,22 +13,32 @@ Creates a role.
 ## Example Usage
 
 ```hcl
+# Create a role with a specific type
 resource "cloudstack_role" "admin" {
   name        = "Admin"
   type        = "Admin"
   description = "Administrator role"
   is_public   = true
 }
+
+# Create a role by cloning an existing role
+resource "cloudstack_role" "custom_admin" {
+  name        = "CustomAdmin"
+  role_id     = "12345678-1234-1234-1234-123456789012"
+  description = "Custom administrator role cloned from an existing role"
+  is_public   = false
+}
 ```
 
 ## Argument Reference
 
 The following arguments are supported:
 
 * `name` - (Required) The name of the role.
-* `type` - (Optional) The type of the role. Defaults to the CloudStack default.
+* `type` - (Optional) The type of the role. Valid options are: Admin, ResourceAdmin, DomainAdmin, User. Either `type` or `role_id` must be specified.
 * `description` - (Optional) The description of the role.
-* `is_public` - (Optional) Whether the role is public or not. Defaults to `false`.
+* `is_public` - (Optional) Whether the role is public or not. Defaults to `true`.
+* `role_id` - (Optional) ID of the role to be cloned from. Either `role_id` or `type` must be specified.
 
 ## Attributes Reference