-
Notifications
You must be signed in to change notification settings - Fork 359
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Keymanager V1: secrets resource (#807)
* Added new resources openstack_keymanager_secret_v1 and openstack_keymanager_secret_metadata_v1 * Added import test and documentation * Refactor to comply with code cleanup (#456) * Secret metadata is no longer its own resource, various small bugfixes Removed secrets metadata resource from provider.go Fixed unit test that wasn't running Fixed unit test that wasn't running * Turned tabs into whitespaces * Fix style nits * Small style corrections, add security notice * vendor commit * Fix various nits Add content types to documentation * Add DiffSuppressFunc for the "payload" parameter * Bump vendor dependencies * Introduce setting the expiration date * Add base64 encoding support * Update secrets docs * Handle importing and applying with the metadata Avoid the "Conflict. Key in request is already in the secret metadata" error message after updating the imported secret with the metadata. * Fix the "payload_content_type" import * Docs typo fix * Update docs format * Fix code typos * Fix code typos * Make secret name optional, as it is mentioned in the docs
- Loading branch information
1 parent
4ab8aa2
commit bd3b959
Showing
14 changed files
with
1,860 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package openstack | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform/helper/resource" | ||
) | ||
|
||
func TestAccKeyManagerSecretV1_importBasic(t *testing.T) { | ||
resourceName := "openstack_keymanager_secret_v1.secret_1" | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheckKeyManager(t) }, | ||
Providers: testAccProviders, | ||
CheckDestroy: testAccCheckSecretV1Destroy, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccKeyManagerSecretV1_basic, | ||
}, | ||
{ | ||
ResourceName: resourceName, | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
package openstack | ||
|
||
import ( | ||
"encoding/base64" | ||
"fmt" | ||
"log" | ||
"strings" | ||
|
||
"github.com/gophercloud/gophercloud" | ||
"github.com/gophercloud/gophercloud/openstack/keymanager/v1/secrets" | ||
"github.com/hashicorp/terraform/helper/resource" | ||
"github.com/hashicorp/terraform/helper/schema" | ||
) | ||
|
||
func keyManagerSecretV1WaitForSecretDeletion(kmClient *gophercloud.ServiceClient, id string) resource.StateRefreshFunc { | ||
return func() (interface{}, string, error) { | ||
err := secrets.Delete(kmClient, id).Err | ||
if err == nil { | ||
return "", "DELETED", nil | ||
} | ||
|
||
if _, ok := err.(gophercloud.ErrDefault404); ok { | ||
return "", "DELETED", nil | ||
} | ||
|
||
return nil, "ACTIVE", err | ||
} | ||
} | ||
|
||
func keyManagerSecretV1SecretType(v string) secrets.SecretType { | ||
var stype secrets.SecretType | ||
switch v { | ||
case "symmetric": | ||
stype = secrets.SymmetricSecret | ||
case "public": | ||
stype = secrets.PublicSecret | ||
case "private": | ||
stype = secrets.PrivateSecret | ||
case "passphrase": | ||
stype = secrets.PassphraseSecret | ||
case "certificate": | ||
stype = secrets.CertificateSecret | ||
case "opaque": | ||
stype = secrets.OpaqueSecret | ||
} | ||
|
||
return stype | ||
} | ||
|
||
func keyManagerSecretV1WaitForSecretCreation(kmClient *gophercloud.ServiceClient, id string) resource.StateRefreshFunc { | ||
return func() (interface{}, string, error) { | ||
secret, err := secrets.Get(kmClient, id).Extract() | ||
if err != nil { | ||
if _, ok := err.(gophercloud.ErrDefault404); ok { | ||
return "", "NOT_CREATED", nil | ||
} | ||
|
||
return "", "NOT_CREATED", err | ||
} | ||
|
||
if secret.Status == "ERROR" { | ||
return "", secret.Status, fmt.Errorf("Error creating secret") | ||
} | ||
|
||
return secret, secret.Status, nil | ||
} | ||
} | ||
|
||
func keyManagerSecretV1GetUUIDfromSecretRef(ref string) string { | ||
// secret ref has form https://{barbican_host}/v1/secrets/{secret_uuid} | ||
// so we are only interested in the last part | ||
ref_split := strings.Split(ref, "/") | ||
uuid := ref_split[len(ref_split)-1] | ||
return uuid | ||
} | ||
|
||
func flattenKeyManagerSecretV1Metadata(d *schema.ResourceData) map[string]string { | ||
m := make(map[string]string) | ||
for key, val := range d.Get("metadata").(map[string]interface{}) { | ||
m[key] = val.(string) | ||
} | ||
return m | ||
} | ||
|
||
func keyManagerSecretMetadataV1WaitForSecretMetadataCreation(kmClient *gophercloud.ServiceClient, id string) resource.StateRefreshFunc { | ||
return func() (interface{}, string, error) { | ||
metadata, err := secrets.GetMetadata(kmClient, id).Extract() | ||
if err != nil { | ||
if _, ok := err.(gophercloud.ErrDefault404); ok { | ||
return "", "NOT_CREATED", nil | ||
} | ||
|
||
return "", "NOT_CREATED", err | ||
} | ||
return metadata, "ACTIVE", nil | ||
} | ||
} | ||
|
||
func keyManagerSecretV1GetPayload(kmClient *gophercloud.ServiceClient, id string) string { | ||
payload, err := secrets.GetPayload(kmClient, id, nil).Extract() | ||
if err != nil { | ||
fmt.Errorf("Could not retrieve payload for secret with id %s: %s", id, err) | ||
} | ||
return string(payload) | ||
} | ||
|
||
func resourceSecretV1PayloadBase64CustomizeDiff(diff *schema.ResourceDiff) error { | ||
encoding := diff.Get("payload_content_encoding").(string) | ||
if diff.Id() != "" && diff.HasChange("payload") && encoding == "base64" { | ||
o, n := diff.GetChange("payload") | ||
oldPayload := o.(string) | ||
newPayload := n.(string) | ||
|
||
v, err := base64.StdEncoding.DecodeString(newPayload) | ||
if err != nil { | ||
return fmt.Errorf("The Payload is not in the defined base64 format: %s", err) | ||
} | ||
newPayloadDecoded := string(v) | ||
|
||
if oldPayload == newPayloadDecoded { | ||
log.Printf("[DEBUG] payload has not changed. clearing diff") | ||
return diff.Clear("payload") | ||
} | ||
} | ||
|
||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.