This repository has been archived by the owner on Jul 3, 2023. It is now read-only.
/
resource_pingaccess_hsm_provider.go
144 lines (126 loc) · 5.05 KB
/
resource_pingaccess_hsm_provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package sdkv2provider
import (
"context"
"encoding/json"
"fmt"
"github.com/iwarapter/pingaccess-sdk-go/v62/pingaccess/models"
"github.com/iwarapter/pingaccess-sdk-go/v62/services/hsmProviders"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
func resourcePingAccessHsmProvider() *schema.Resource {
return &schema.Resource{
CreateContext: resourcePingAccessHsmProviderCreate,
ReadContext: resourcePingAccessHsmProviderRead,
UpdateContext: resourcePingAccessHsmProviderUpdate,
DeleteContext: resourcePingAccessHsmProviderDelete,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},
Schema: resourcePingAccessHsmProviderSchema(),
CustomizeDiff: func(ctx context.Context, d *schema.ResourceDiff, m interface{}) error {
svc := m.(paClient).HsmProviders
desc, _, err := svc.GetHsmProviderDescriptorsCommand()
if err != nil {
return fmt.Errorf("unable to retrieve HsmProvider descriptors %s", err)
}
className := d.Get("class_name").(string)
if err := descriptorsHasClassName(className, desc); err != nil {
return err
}
return validateConfiguration(className, d, desc)
},
Description: `Provides configuration for HSM Providers within PingAccess.
-> The PingAccess API does not provider repeatable means of querying a sensitive value, we are unable to detect configuration drift of any sensitive fields in the configuration block.`,
}
}
func resourcePingAccessHsmProviderSchema() map[string]*schema.Schema {
return map[string]*schema.Schema{
"class_name": {
Type: schema.TypeString,
Required: true,
Description: "The HSM provider's class name.",
},
"name": {
Type: schema.TypeString,
Required: true,
Description: "The HSM provider's name.",
},
"configuration": {
Type: schema.TypeString,
Required: true,
DiffSuppressFunc: suppressEquivalentJSONDiffs,
Description: "The HSM provider's configuration data.",
},
}
}
func resourcePingAccessHsmProviderCreate(_ context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
svc := m.(paClient).HsmProviders
input := hsmProviders.AddHsmProviderCommandInput{
Body: *resourcePingAccessHsmProviderReadData(d),
}
result, _, err := svc.AddHsmProviderCommand(&input)
if err != nil {
return diag.Errorf("unable to create HsmProvider: %s", err)
}
d.SetId(result.Id.String())
return resourcePingAccessHsmProviderReadResult(d, result, svc)
}
func resourcePingAccessHsmProviderRead(_ context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
svc := m.(paClient).HsmProviders
input := &hsmProviders.GetHsmProviderCommandInput{
Id: d.Id(),
}
result, _, err := svc.GetHsmProviderCommand(input)
if err != nil {
return diag.Errorf("unable to read HsmProvider: %s", err)
}
return resourcePingAccessHsmProviderReadResult(d, result, svc)
}
func resourcePingAccessHsmProviderUpdate(_ context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
svc := m.(paClient).HsmProviders
input := hsmProviders.UpdateHsmProviderCommandInput{
Body: *resourcePingAccessHsmProviderReadData(d),
Id: d.Id(),
}
result, _, err := svc.UpdateHsmProviderCommand(&input)
if err != nil {
return diag.Errorf("unable to update HsmProvider: %s", err)
}
d.SetId(result.Id.String())
return resourcePingAccessHsmProviderReadResult(d, result, svc)
}
func resourcePingAccessHsmProviderDelete(_ context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
svc := m.(paClient).HsmProviders
_, err := svc.DeleteHsmProviderCommand(&hsmProviders.DeleteHsmProviderCommandInput{Id: d.Id()})
if err != nil {
return diag.Errorf("unable to delete HsmProvider: %s", err)
}
return nil
}
func resourcePingAccessHsmProviderReadResult(d *schema.ResourceData, input *models.HsmProviderView, svc hsmProviders.HsmProvidersAPI) diag.Diagnostics {
var diags diag.Diagnostics
b, _ := json.Marshal(input.Configuration)
config := string(b)
originalConfig := d.Get("configuration").(string)
//Search the HSM descriptors for CONCEALED fields, and update the original value back as we cannot use the
// encryptedValue provided by the API, whilst this gives us a stable plan - we cannot determine if a CONCEALED value
// has changed and needs updating
desc, _, _ := svc.GetHsmProviderDescriptorsCommand()
config = maskConfigFromDescriptors(desc, input.ClassName, originalConfig, config)
setResourceDataStringWithDiagnostic(d, "name", input.Name, &diags)
setResourceDataStringWithDiagnostic(d, "class_name", input.ClassName, &diags)
setResourceDataStringWithDiagnostic(d, "configuration", &config, &diags)
return diags
}
func resourcePingAccessHsmProviderReadData(d *schema.ResourceData) *models.HsmProviderView {
config := d.Get("configuration").(string)
var dat map[string]interface{}
_ = json.Unmarshal([]byte(config), &dat)
hsmProvider := &models.HsmProviderView{
Name: String(d.Get("name").(string)),
ClassName: String(d.Get("class_name").(string)),
Configuration: dat,
}
return hsmProvider
}