generated from hashicorp/terraform-provider-scaffolding
/
provider.go
185 lines (169 loc) · 7.2 KB
/
provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
package provider
import (
"context"
"fmt"
"strings"
"github.com/hashicorp/go-azure-helpers/authentication"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-hcs/internal/clients"
"github.com/hashicorp/terraform-provider-hcs/version"
)
func init() {
schema.DescriptionKind = schema.StringPlain
// Add defaults and deprecated to schema descriptions.
schema.SchemaDescriptionBuilder = func(s *schema.Schema) string {
desc := s.Description
if s.Default != nil {
desc += fmt.Sprintf(" Defaults to `%v`.", s.Default)
}
if s.Deprecated != "" {
desc += " " + s.Deprecated
}
return strings.TrimSpace(desc)
}
}
func New() func() *schema.Provider {
return func() *schema.Provider {
p := &schema.Provider{
DataSourcesMap: map[string]*schema.Resource{
"hcs_agent_helm_config": dataSourceAgentHelmConfig(),
"hcs_agent_kubernetes_secret": dataSourceAgentConfigKubernetesSecret(),
"hcs_cluster": dataSourceCluster(),
"hcs_consul_versions": dataSourceConsulVersions(),
"hcs_federation_token": dataSourceFederationToken(),
"hcs_plan_defaults": dataSourcePlanDefaults(),
},
ResourcesMap: map[string]*schema.Resource{
"hcs_cluster": resourceCluster(),
"hcs_cluster_root_token": resourceClusterRootToken(),
"hcs_snapshot": resourceSnapshot(),
},
Schema: map[string]*schema.Schema{
"hcp_api_domain": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("HCP_DOMAIN_OVERRIDE", "api.cloud.hashicorp.com"),
Description: "The HashiCorp Cloud Platform API domain.",
},
"hcs_marketplace_product_name": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("HCP_MARKETPLACE_PRODUCT_NAME", "hcs-production"),
Description: "The HashiCorp Consul Service product name on the Azure marketplace.",
},
// We must support the same optional fields found in the azurerm provider schema
// that are used for authentication to Azure. They are prefixed with azure_ below.
"azure_subscription_id": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_SUBSCRIPTION_ID", ""),
Description: "The Azure Subscription ID which should be used.",
},
"azure_client_id": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_ID", ""),
Description: "The Azure Client ID which should be used.",
},
"azure_tenant_id": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_TENANT_ID", ""),
Description: "The Azure Tenant ID which should be used.",
},
"azure_environment": {
Type: schema.TypeString,
Required: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_ENVIRONMENT", "public"),
Description: "The Azure Cloud Environment which should be used. Possible values are public, usgovernment, german, and china. Defaults to public.",
},
"azure_metadata_host": {
Type: schema.TypeString,
Required: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_METADATA_HOSTNAME", ""),
Description: "The hostname which should be used for the Azure Metadata Service.",
},
// Client Certificate specific fields
"azure_client_certificate_path": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_CERTIFICATE_PATH", ""),
Description: "The path to the Azure Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate.",
},
"azure_client_certificate_password": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_CERTIFICATE_PASSWORD", ""),
Description: "The password associated with the Azure Client Certificate. For use when authenticating as a Service Principal using a Client Certificate",
},
// Client Secret specific fields
"azure_client_secret": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_SECRET", ""),
Description: "The Azure Client Secret which should be used. For use when authenticating as a Service Principal using a Client Secret.",
},
// Managed Service Identity specific fields
"azure_use_msi": {
Type: schema.TypeBool,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_USE_MSI", false),
Description: "Allowed Azure Managed Service Identity be used for Authentication.",
},
"azure_msi_endpoint": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_MSI_ENDPOINT", ""),
Description: "The path to a custom endpoint for Azure Managed Service Identity - in most circumstances this should be detected automatically. ",
},
},
}
p.ConfigureContextFunc = configure(p)
return p
}
}
// configure returns a func that builds an authenticated Client which is used for all provider resource CRUD.
func configure(p *schema.Provider) func(context.Context, *schema.ResourceData) (interface{}, diag.Diagnostics) {
return func(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) {
builder := &authentication.Builder{
SubscriptionID: d.Get("azure_subscription_id").(string),
ClientID: d.Get("azure_client_id").(string),
ClientSecret: d.Get("azure_client_secret").(string),
TenantID: d.Get("azure_tenant_id").(string),
Environment: d.Get("azure_environment").(string),
MetadataHost: d.Get("azure_metadata_host").(string),
MsiEndpoint: d.Get("azure_msi_endpoint").(string),
ClientCertPassword: d.Get("azure_client_certificate_password").(string),
ClientCertPath: d.Get("azure_client_certificate_path").(string),
// Feature Toggles
SupportsClientCertAuth: true,
SupportsClientSecretAuth: true,
SupportsManagedServiceIdentity: d.Get("azure_use_msi").(bool),
SupportsAzureCliToken: true,
// TODO: Do we need to support auxiliary tenants?
SupportsAuxiliaryTenants: false,
// TODO: Should we keep this link to the Azure provider docs for auth?
ClientSecretDocsLink: "https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret",
}
authConfig, err := builder.Build()
if err != nil {
return nil, diag.Errorf("unable to build Azure authentication config: %v", err)
}
userAgent := p.UserAgent("terraform-provider-hcs", version.ProviderVersion)
clientOptions := clients.Options{
ProviderUserAgent: userAgent,
AzureAuthConfig: authConfig,
Config: clients.Config{
HCPApiDomain: d.Get("hcp_api_domain").(string),
MarketPlaceProductName: d.Get("hcs_marketplace_product_name").(string),
SourceChannel: userAgent,
},
}
c, err := clients.Build(ctx, clientOptions)
if err != nil {
return nil, diag.Errorf("unable to create HCS client: %v", err)
}
return c, nil
}
}