forked from hashicorp/terraform-provider-azurerm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
key_vault_secrets_data_source.go
101 lines (85 loc) · 2.74 KB
/
key_vault_secrets_data_source.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package keyvault
import (
"fmt"
"net/url"
"strings"
"time"
"github.com/kevinklinger/terraform-provider-azurerm/v2/internal/clients"
"github.com/kevinklinger/terraform-provider-azurerm/v2/internal/services/keyvault/parse"
keyVaultValidate "github.com/kevinklinger/terraform-provider-azurerm/v2/internal/services/keyvault/validate"
"github.com/kevinklinger/terraform-provider-azurerm/v2/internal/tf/pluginsdk"
"github.com/kevinklinger/terraform-provider-azurerm/v2/internal/timeouts"
"github.com/kevinklinger/terraform-provider-azurerm/v2/utils"
)
func dataSourceKeyVaultSecrets() *pluginsdk.Resource {
return &pluginsdk.Resource{
Read: dataSourceKeyVaultSecretsRead,
Timeouts: &pluginsdk.ResourceTimeout{
Read: pluginsdk.DefaultTimeout(5 * time.Minute),
},
Schema: map[string]*pluginsdk.Schema{
"key_vault_id": {
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: keyVaultValidate.VaultID,
},
"names": {
Type: pluginsdk.TypeList,
Computed: true,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
},
},
},
}
}
func dataSourceKeyVaultSecretsRead(d *pluginsdk.ResourceData, meta interface{}) error {
keyVaultsClient := meta.(*clients.Client).KeyVault
client := meta.(*clients.Client).KeyVault.ManagementClient
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
defer cancel()
keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string))
if err != nil {
return err
}
keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId)
if err != nil {
return fmt.Errorf("fetching base vault url from id %q: %+v", *keyVaultId, err)
}
secretList, err := client.GetSecretsComplete(ctx, *keyVaultBaseUri, utils.Int32(25))
if err != nil {
return fmt.Errorf("making Read request on Azure KeyVault %q: %+v", *keyVaultId, err)
}
d.SetId(keyVaultId.ID())
var names []string
if secretList.Response().Value != nil {
for secretList.NotDone() {
for _, v := range *secretList.Response().Value {
name, err := parseNameFromSecretUrl(*v.ID)
if err != nil {
return err
}
names = append(names, *name)
err = secretList.NextWithContext(ctx)
if err != nil {
return fmt.Errorf("listing secrets on Azure KeyVault %q: %+v", *keyVaultId, err)
}
}
}
}
d.Set("names", names)
d.Set("key_vault_id", keyVaultId.ID())
return nil
}
func parseNameFromSecretUrl(input string) (*string, error) {
uri, err := url.Parse(input)
if err != nil {
return nil, err
}
// https://favoretti-keyvault.vault.azure.net/secrets/secret-name
segments := strings.Split(uri.Path, "/")
if len(segments) != 3 {
return nil, fmt.Errorf("expected a Path in the format `/secrets/secret-name` but got %q", uri.Path)
}
return &segments[2], nil
}