This repository has been archived by the owner on Nov 14, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
keymanager_secret_v1.go
127 lines (107 loc) · 3.4 KB
/
keymanager_secret_v1.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package openstack
import (
"encoding/base64"
"fmt"
"log"
"strings"
"github.com/gophercloud/gophercloud"
"github.com/gophercloud/gophercloud/openstack/keymanager/v1/secrets"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
)
func keyManagerSecretV1WaitForSecretDeletion(kmClient *gophercloud.ServiceClient, id string) resource.StateRefreshFunc {
return func() (interface{}, string, error) {
err := secrets.Delete(kmClient, id).Err
if err == nil {
return "", "DELETED", nil
}
if _, ok := err.(gophercloud.ErrDefault404); ok {
return "", "DELETED", nil
}
return nil, "ACTIVE", err
}
}
func keyManagerSecretV1SecretType(v string) secrets.SecretType {
var stype secrets.SecretType
switch v {
case "symmetric":
stype = secrets.SymmetricSecret
case "public":
stype = secrets.PublicSecret
case "private":
stype = secrets.PrivateSecret
case "passphrase":
stype = secrets.PassphraseSecret
case "certificate":
stype = secrets.CertificateSecret
case "opaque":
stype = secrets.OpaqueSecret
}
return stype
}
func keyManagerSecretV1WaitForSecretCreation(kmClient *gophercloud.ServiceClient, id string) resource.StateRefreshFunc {
return func() (interface{}, string, error) {
secret, err := secrets.Get(kmClient, id).Extract()
if err != nil {
if _, ok := err.(gophercloud.ErrDefault404); ok {
return "", "NOT_CREATED", nil
}
return "", "NOT_CREATED", err
}
if secret.Status == "ERROR" {
return "", secret.Status, fmt.Errorf("Error creating secret")
}
return secret, secret.Status, nil
}
}
func keyManagerSecretV1GetUUIDfromSecretRef(ref string) string {
// secret ref has form https://{barbican_host}/v1/secrets/{secret_uuid}
// so we are only interested in the last part
ref_split := strings.Split(ref, "/")
uuid := ref_split[len(ref_split)-1]
return uuid
}
func flattenKeyManagerSecretV1Metadata(d *schema.ResourceData) map[string]string {
m := make(map[string]string)
for key, val := range d.Get("metadata").(map[string]interface{}) {
m[key] = val.(string)
}
return m
}
func keyManagerSecretMetadataV1WaitForSecretMetadataCreation(kmClient *gophercloud.ServiceClient, id string) resource.StateRefreshFunc {
return func() (interface{}, string, error) {
metadata, err := secrets.GetMetadata(kmClient, id).Extract()
if err != nil {
if _, ok := err.(gophercloud.ErrDefault404); ok {
return "", "NOT_CREATED", nil
}
return "", "NOT_CREATED", err
}
return metadata, "ACTIVE", nil
}
}
func keyManagerSecretV1GetPayload(kmClient *gophercloud.ServiceClient, id string) string {
payload, err := secrets.GetPayload(kmClient, id, nil).Extract()
if err != nil {
fmt.Errorf("Could not retrieve payload for secret with id %s: %s", id, err)
}
return string(payload)
}
func resourceSecretV1PayloadBase64CustomizeDiff(diff *schema.ResourceDiff) error {
encoding := diff.Get("payload_content_encoding").(string)
if diff.Id() != "" && diff.HasChange("payload") && encoding == "base64" {
o, n := diff.GetChange("payload")
oldPayload := o.(string)
newPayload := n.(string)
v, err := base64.StdEncoding.DecodeString(newPayload)
if err != nil {
return fmt.Errorf("The Payload is not in the defined base64 format: %s", err)
}
newPayloadDecoded := string(v)
if oldPayload == newPayloadDecoded {
log.Printf("[DEBUG] payload has not changed. clearing diff")
return diff.Clear("payload")
}
}
return nil
}