-
-
Notifications
You must be signed in to change notification settings - Fork 127
/
resource_kafka_user_scram_credential.go
151 lines (129 loc) · 4.57 KB
/
resource_kafka_user_scram_credential.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package kafka
import (
"context"
"log"
"github.com/IBM/sarama"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
)
const defaultIterations int32 = 4096
func kafkaUserScramCredentialResource() *schema.Resource {
//lintignore:R011
return &schema.Resource{
CreateContext: userScramCredentialCreate,
ReadContext: userScramCredentialRead,
UpdateContext: userScramCredentialUpdate,
DeleteContext: userScramCredentialDelete,
Schema: map[string]*schema.Schema{
"username": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: "The name of the credential",
},
"scram_mechanism": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateDiagFunc: validateDiagFunc(validation.StringInSlice([]string{sarama.SASLTypeSCRAMSHA256, sarama.SASLTypeSCRAMSHA512}, false)),
Description: "The SCRAM mechanism used to generate the credential (SCRAM-SHA-256, SCRAM-SHA-512)",
},
"scram_iterations": {
Type: schema.TypeInt,
Optional: true,
ForceNew: false,
Default: defaultIterations,
ValidateFunc: validation.IntAtLeast(4096),
Description: "The number of SCRAM iterations used when generating the credential",
},
"password": {
Type: schema.TypeString,
Required: true,
ForceNew: false,
ValidateFunc: validation.StringIsNotWhiteSpace,
Description: "The password of the credential",
Sensitive: true,
},
},
}
}
func userScramCredentialCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
log.Printf("[INFO] Creating user scram credential")
c := meta.(*LazyClient)
userScramCredential := parseUserScramCredential(d)
err := c.UpsertUserScramCredential(userScramCredential)
if err != nil {
log.Println("[ERROR] Failed to create user scram credential")
return diag.FromErr(err)
}
d.SetId(userScramCredential.ID())
return nil
}
func userScramCredentialRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
log.Println("[INFO] Reading user scram credential")
c := meta.(*LazyClient)
username := d.Get("username").(string)
mechanism := d.Get("scram_mechanism").(string)
userScramCredential, err := c.DescribeUserScramCredential(username, mechanism)
if err != nil {
log.Printf("[ERROR] Error getting user scram credential %s from Kafka", err)
_, ok := err.(UserScramCredentialMissingError)
if ok {
d.SetId("")
return nil
}
return diag.FromErr(err)
}
log.Printf("[DEBUG] Setting the state from Kafka %v", userScramCredential)
errSet := errSetter{d: d}
errSet.Set("username", userScramCredential.Name)
errSet.Set("scram_mechanism", userScramCredential.Mechanism.String())
errSet.Set("scram_iterations", userScramCredential.Iterations)
if errSet.err != nil {
return diag.FromErr(errSet.err)
}
return nil
}
func userScramCredentialUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
log.Printf("[INFO] Updating user scram credential")
c := meta.(*LazyClient)
userScramCredential := parseUserScramCredential(d)
err := c.UpsertUserScramCredential(userScramCredential)
if err != nil {
log.Println("[ERROR] Failed to update user scram credential")
return diag.FromErr(err)
}
return nil
}
func userScramCredentialDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
log.Printf("[INFO] Deleting user scram credential")
c := meta.(*LazyClient)
userScramCredential := parseUserScramCredential(d)
err := c.DeleteUserScramCredential(userScramCredential)
if err != nil {
log.Println("[ERROR] Failed to delete user scram credential")
return diag.FromErr(err)
}
return nil
}
func parseUserScramCredential(d *schema.ResourceData) UserScramCredential {
scram_mechanism_string := d.Get("scram_mechanism").(string)
mechanism := convertedScramMechanism(scram_mechanism_string)
return UserScramCredential{
Name: d.Get("username").(string),
Mechanism: mechanism,
Iterations: int32(d.Get("scram_iterations").(int)),
Password: []byte(d.Get("password").(string)),
}
}
func convertedScramMechanism(scram_mechanism_string string) sarama.ScramMechanismType {
switch scram_mechanism_string {
case sarama.SCRAM_MECHANISM_SHA_256.String():
return sarama.SCRAM_MECHANISM_SHA_256
case sarama.SCRAM_MECHANISM_SHA_512.String():
return sarama.SCRAM_MECHANISM_SHA_512
default:
return sarama.SCRAM_MECHANISM_UNKNOWN
}
}