Manage cert content in base64 format

jgramoll · Nov 30, 2020 · ef58dba · ef58dba
1 parent 10515c7
commit ef58dba
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 47 deletions.
diff --git a/client/client.go b/client/client.go
@@ -59,7 +59,7 @@ func newTLSHTTPClient(config *Config) (*http.Client, error) {
 	var cert tls.Certificate
 	var err error
 	if config.Auth.CertContent != "" {
-		cert, err = tls.X509KeyPair([]byte(config.Auth.CertContent), []byte(config.Auth.KeyContent))
+		cert, err = decodeBase64KeyPair(config.Auth.CertContent, config.Auth.KeyContent)
 	} else {
 		homeDir, err := os.UserHomeDir()
 		if err != nil {
@@ -88,6 +88,18 @@ func newTLSHTTPClient(config *Config) (*http.Client, error) {
 	return &http.Client{Transport: transport}, nil
 }
 
+func decodeBase64KeyPair(cert64, key64 string) (tls.Certificate, error) {
+	certBytes, err := base64.StdEncoding.DecodeString(cert64)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	keyBytes, err := base64.StdEncoding.DecodeString(key64)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	return tls.X509KeyPair(certBytes, keyBytes)
+}
+
 // NewRequest create http request
 func (client *Client) NewRequest(method string, path string) (*http.Request, error) {
 	return client.NewRequestWithBody(method, path, nil)

diff --git a/provider/provider.go b/provider/provider.go
@@ -28,53 +28,58 @@ func Provider() terraform.ResourceProvider {
 				Description: "Address of spinnaker api",
 			},
 
-			"enabled": {
-				Type:        schema.TypeBool,
-				Optional:    true,
-				Default:     true,
-				Description: "Path to cert to authenticate with spinnaker api",
-			},
-
-			"cert_path": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_CERT", nil),
-				Description: "Path to cert to authenticate with spinnaker api",
-			},
-
-			"key_path": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_KEY", nil),
-				Description: "Path to key to authenticate with spinnaker api",
-			},
-
-			"cert_path_content": &schema.Schema{
-				Type:        schema.TypeString,
-				Required:    false,
-				DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_CERT_CONTENT", nil),
-				Description: "Cert string to authenticate with spinnaker api",
-			},
-
-			"key_path_content": &schema.Schema{
-				Type:        schema.TypeString,
-				Required:    false,
-				DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_KEY_CONTENT", nil),
-				Description: "Key string to authenticate with spinnaker api",
-			},
-
-			"user_email": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_EMAIL", nil),
-				Description: "Path to user_email to authenticate with spinnaker api",
-			},
 
-			"insecure": {
-				Type:        schema.TypeBool,
-				Optional:    true,
-				Default:     true,
-				Description: "If http client should skip ssl validation",
+			"auth": &schema.Schema{
+				Type:     schema.TypeMap,
+				Optional: true,
+				"enabled": {
+					Type:        schema.TypeBool,
+					Optional:    true,
+					Default:     true,
+					Description: "If a cert should be used to talk to spinnaker",
+				},
+
+				"cert_path": {
+					Type:        schema.TypeString,
+					Optional:    true,
+					DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_CERT", nil),
+					Description: "Path to cert to authenticate with spinnaker api",
+				},
+
+				"key_path": {
+					Type:        schema.TypeString,
+					Optional:    true,
+					DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_KEY", nil),
+					Description: "Path to key to authenticate with spinnaker api",
+				},
+
+				"cert_path_content": &schema.Schema{
+					Type:        schema.TypeString,
+					Required:    false,
+					DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_CERT_CONTENT", nil),
+					Description: "Cert string in base64 to authenticate with spinnaker api",
+				},
+
+				"key_path_content": &schema.Schema{
+					Type:        schema.TypeString,
+					Required:    false,
+					DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_KEY_CONTENT", nil),
+					Description: "Key string in base64 to authenticate with spinnaker api",
+				},
+
+				"user_email": {
+					Type:        schema.TypeString,
+					Optional:    true,
+					DefaultFunc: schema.EnvDefaultFunc("SPINNAKER_EMAIL", nil),
+					Description: "Path to user_email to authenticate with spinnaker api",
+				},
+
+				"insecure": {
+					Type:        schema.TypeBool,
+					Optional:    true,
+					Default:     true,
+					Description: "If http client should skip ssl validation",
+				},
 			},
 		},