forked from hashicorp/terraform-provider-azurerm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
data_source_key_vault_access_policy.go
107 lines (99 loc) · 2.81 KB
/
data_source_key_vault_access_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package azurerm
import (
"strings"
"github.com/Azure/azure-sdk-for-go/arm/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)
func dataSourceArmKeyVaultAccessPolicy() *schema.Resource {
return &schema.Resource{
Read: dataSourceArmKeyVaultAccessPolicyRead,
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{
"Key Management",
"Secret Management",
"Certificate Management",
"Key & Secret Management",
"Key & Certificate Management",
"Secret & Certificate Management",
"Key, Secret, & Certificate Management",
}, false),
},
// Computed
"certificate_permissions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"key_permissions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"secret_permissions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
}
}
func dataSourceArmKeyVaultAccessPolicyRead(d *schema.ResourceData, meta interface{}) error {
name := d.Get("name").(string)
templateManagementPermissions := map[string][]string{
"key": {
string(keyvault.KeyPermissionsGet),
string(keyvault.KeyPermissionsList),
string(keyvault.KeyPermissionsUpdate),
string(keyvault.KeyPermissionsCreate),
string(keyvault.KeyPermissionsImport),
string(keyvault.KeyPermissionsDelete),
string(keyvault.KeyPermissionsRecover),
string(keyvault.KeyPermissionsBackup),
string(keyvault.KeyPermissionsRestore),
},
"secret": {
string(keyvault.SecretPermissionsGet),
string(keyvault.SecretPermissionsList),
string(keyvault.SecretPermissionsSet),
string(keyvault.SecretPermissionsDelete),
string(keyvault.SecretPermissionsRecover),
string(keyvault.SecretPermissionsBackup),
string(keyvault.SecretPermissionsRestore),
},
"certificate": {
string(keyvault.Get),
string(keyvault.List),
string(keyvault.Update),
string(keyvault.Create),
string(keyvault.Import),
string(keyvault.Delete),
string(keyvault.Managecontacts),
string(keyvault.Manageissuers),
string(keyvault.Getissuers),
string(keyvault.Listissuers),
string(keyvault.Setissuers),
string(keyvault.Deleteissuers),
},
}
d.SetId(name)
if strings.Contains(name, "Key") {
d.Set("key_permissions", templateManagementPermissions["key"])
}
if strings.Contains(name, "Secret") {
d.Set("secret_permissions", templateManagementPermissions["secret"])
}
if strings.Contains(name, "Certificate") {
d.Set("certificate_permissions", templateManagementPermissions["certificate"])
}
return nil
}