forked from hashicorp/terraform
-
Notifications
You must be signed in to change notification settings - Fork 7
/
resource_auth_backend.go
121 lines (93 loc) · 2.49 KB
/
resource_auth_backend.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package vault
import (
"errors"
"fmt"
"log"
"strings"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/vault/api"
)
func authBackendResource() *schema.Resource {
return &schema.Resource{
Create: authBackendWrite,
Delete: authBackendDelete,
Read: authBackendRead,
Schema: map[string]*schema.Schema{
"type": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: "Name of the auth backend",
},
"path": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
Description: "path to mount the backend. This defaults to the type.",
ValidateFunc: func(v interface{}, k string) (ws []string, errs []error) {
value := v.(string)
if strings.HasSuffix(value, "/") {
errs = append(errs, errors.New("cannot write to a path ending in '/'"))
}
return
},
},
"description": &schema.Schema{
Type: schema.TypeString,
ForceNew: true,
Optional: true,
Description: "The description of the auth backend",
},
},
}
}
func authBackendWrite(d *schema.ResourceData, meta interface{}) error {
client := meta.(*api.Client)
name := d.Get("type").(string)
desc := d.Get("description").(string)
path := d.Get("path").(string)
log.Printf("[DEBUG] Writing auth %s to Vault", name)
var err error
if path == "" {
path = name
err = d.Set("path", name)
if err != nil {
return fmt.Errorf("unable to set state: %s", err)
}
}
err = client.Sys().EnableAuth(path, name, desc)
if err != nil {
return fmt.Errorf("error writing to Vault: %s", err)
}
d.SetId(name)
return nil
}
func authBackendDelete(d *schema.ResourceData, meta interface{}) error {
client := meta.(*api.Client)
name := d.Id()
log.Printf("[DEBUG] Deleting auth %s from Vault", name)
err := client.Sys().DisableAuth(name)
if err != nil {
return fmt.Errorf("error disabling auth from Vault: %s", err)
}
return nil
}
func authBackendRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*api.Client)
name := d.Id()
auths, err := client.Sys().ListAuth()
if err != nil {
return fmt.Errorf("error reading from Vault: %s", err)
}
for path, auth := range auths {
configuredPath := d.Get("path").(string)
vaultPath := configuredPath + "/"
if auth.Type == name && path == vaultPath {
return nil
}
}
// If we fell out here then we didn't find our Auth in the list.
d.SetId("")
return nil
}