/
data_source_schema_registry_dek.go
118 lines (110 loc) · 4.62 KB
/
data_source_schema_registry_dek.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
// Copyright 2023 Confluent Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package provider
import (
"context"
"encoding/json"
"fmt"
"github.com/hashicorp/terraform-plugin-log/tflog"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
"regexp"
"strconv"
)
func schemaRegistryDekDataSource() *schema.Resource {
return &schema.Resource{
ReadContext: schemaRegistryDekDataSourceRead,
Schema: map[string]*schema.Schema{
paramSchemaRegistryCluster: schemaRegistryClusterBlockDataSourceSchema(),
paramRestEndpoint: {
Type: schema.TypeString,
Optional: true,
Description: "The REST endpoint of the Schema Registry cluster, for example, `https://psrc-00000.us-central1.gcp.confluent.cloud:443`).",
ValidateFunc: validation.StringMatch(regexp.MustCompile("^http"), "the REST endpoint must start with 'https://'"),
},
paramCredentials: credentialsSchema(),
paramKekName: {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},
paramSubjectName: {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},
paramVersion: {
Type: schema.TypeInt,
Optional: true,
Default: 1,
},
paramAlgorithm: {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice(acceptedDekAlgorithm, false),
Default: "AES256_GCM",
},
paramEncryptedKeyMaterial: {
Type: schema.TypeString,
Computed: true,
},
paramKeyMaterial: {
Type: schema.TypeString,
Computed: true,
},
paramHardDelete: {
Type: schema.TypeBool,
Computed: true,
Description: "Controls whether a schema registry dek should be soft or hard deleted. Set it to `true` if you want to hard delete a schema registry dek on destroy. Defaults to `false` (soft delete).",
},
},
}
}
func schemaRegistryDekDataSourceRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
restEndpoint, err := extractSchemaRegistryRestEndpoint(meta.(*Client), d, false)
if err != nil {
return diag.Errorf("error reading Schema Registry DEK: %s", createDescriptiveError(err))
}
clusterId, err := extractSchemaRegistryClusterId(meta.(*Client), d, false)
if err != nil {
return diag.Errorf("error reading Schema Registry DEK: %s", createDescriptiveError(err))
}
clusterApiKey, clusterApiSecret, err := extractSchemaRegistryClusterApiKeyAndApiSecret(meta.(*Client), d, false)
if err != nil {
return diag.Errorf("error reading Schema Registry DEK: %s", createDescriptiveError(err))
}
kekName := d.Get(paramKekName).(string)
subject := d.Get(paramSubjectName).(string)
version := d.Get(paramVersion).(int)
algorithm := d.Get(paramAlgorithm).(string)
dekId := createDekId(clusterId, kekName, subject, algorithm, int32(version))
tflog.Debug(ctx, fmt.Sprintf("Reading Schema Registry DEK %q", dekId), map[string]interface{}{schemaRegistryDekKey: dekId})
schemaRegistryRestClient := meta.(*Client).schemaRegistryRestClientFactory.CreateSchemaRegistryRestClient(restEndpoint, clusterId, clusterApiKey, clusterApiSecret, meta.(*Client).isSchemaRegistryMetadataSet)
request := schemaRegistryRestClient.apiClient.DataEncryptionKeysV1Api.GetDekByVersion(schemaRegistryRestClient.apiContext(ctx), kekName, subject, strconv.Itoa(version))
request = request.Algorithm(algorithm)
dek, _, err := request.Execute()
if err != nil {
return diag.Errorf("error reading Schema Registry DEK %q: %s", dekId, createDescriptiveError(err))
}
dekJson, err := json.Marshal(dek)
if err != nil {
return diag.Errorf("error reading Schema Registry DEK %q: error marshaling %#v to json: %s", dekId, dek, createDescriptiveError(err))
}
tflog.Debug(ctx, fmt.Sprintf("Fetched Schema Registry DEK %q: %s", dekId, dekJson), map[string]interface{}{schemaRegistryDekKey: dekId})
if _, err := setDekAttributes(d, clusterId, dek); err != nil {
return diag.FromErr(createDescriptiveError(err))
}
return nil
}