diff --git a/.gitignore b/.gitignore index 621f1e8..a67b695 100644 --- a/.gitignore +++ b/.gitignore @@ -7,5 +7,5 @@ vendor *.tfvars akeyless/resource_producer1_test.go akeyless/resource_auth_methods1_test.go -akeyless/resource_item1_test.go akeyless/resource_target1_test.go +akeyless/resource_item1_test.go diff --git a/akeyless/provider.go b/akeyless/provider.go index b961925..2d3360d 100644 --- a/akeyless/provider.go +++ b/akeyless/provider.go @@ -121,6 +121,7 @@ func Provider() *schema.Provider { //ConfigureFunc: configureProvider, ConfigureContextFunc: configureProvider, ResourcesMap: map[string]*schema.Resource{ + "akeyless_classic_key": resourceClassicKey(), "akeyless_dfc_key": resourceDfcKey(), "akeyless_static_secret": resourceStaticSecret(), "akeyless_pki_cert_issuer": resourcePKICertIssuer(), @@ -132,33 +133,40 @@ func Provider() *schema.Provider { "akeyless_auth_method_cert": resourceAuthMethodCert(), "akeyless_auth_method_gcp": resourceAuthMethodGcp(), "akeyless_auth_method_k8s": resourceAuthMethodK8s(), + "akeyless_auth_method_ldap": resourceAuthMethodLdap(), "akeyless_auth_method_oauth2": resourceAuthMethodOauth2(), "akeyless_auth_method_oidc": resourceAuthMethodOidc(), "akeyless_auth_method_saml": resourceAuthMethodSaml(), "akeyless_auth_method_universal_identity": resourceAuthMethodUniversalIdentity(), "akeyless_role": resourceRole(), + "akeyless_producer_artifactory": resourceProducerArtifactory(), "akeyless_producer_aws": resourceProducerAws(), + "akeyless_producer_azure": resourceProducerAzure(), + "akeyless_producer_cassandra": resourceProducerCassandra(), "akeyless_producer_custom": resourceProducerCustom(), - "akeyless_producer_rdp": resourceProducerRdp(), + "akeyless_producer_dockerhub": resourceProducerDockerhub(), + "akeyless_producer_eks": resourceProducerEks(), + "akeyless_producer_gcp": resourceProducerGcp(), + "akeyless_producer_github": resourceProducerGithub(), + "akeyless_producer_gke": resourceProducerGke(), + "akeyless_producer_hanadb": resourceProducerHanadb(), + "akeyless_producer_k8s": resourceProducerK8s(), + "akeyless_producer_ldap": resourceProducerLdap(), "akeyless_producer_mongo": resourceProducerMongo(), "akeyless_producer_mssql": resourceProducerMssql(), "akeyless_producer_mysql": resourceProducerMysql(), "akeyless_producer_oracle": resourceProducerOracle(), "akeyless_producer_postgres": resourceProducerPostgresql(), + "akeyless_producer_rabbitmq": resourceProducerRabbitmq(), + "akeyless_producer_rdp": resourceProducerRdp(), "akeyless_producer_redshift": resourceProducerRedshift(), - "akeyless_producer_gcp": resourceProducerGcp(), - "akeyless_producer_gke": resourceProducerGke(), - "akeyless_producer_github": resourceProducerGithub(), - "akeyless_producer_eks": resourceProducerEks(), - "akeyless_producer_cassandra": resourceProducerCassandra(), - "akeyless_producer_azure": resourceProducerAzure(), - "akeyless_producer_artifactory": resourceProducerArtifactory(), - "akeyless_producer_k8s": resourceProducerK8s(), + "akeyless_producer_snowflake": resourceProducerSnowflake(), "akeyless_rotated_secret": resourceRotatedSecret(), "akeyless_target_artifactory": resourceArtifactoryTarget(), "akeyless_target_aws": resourceAwsTarget(), "akeyless_target_azure": resourceAzureTarget(), "akeyless_target_db": resourceDbTarget(), + "akeyless_target_dockerhub": resourceDockerhubTarget(), "akeyless_target_eks": resourceEksTarget(), "akeyless_target_github": resourceGithubTarget(), "akeyless_target_gke": resourceGkeTarget(), diff --git a/akeyless/resource_auth_method_ldap.go b/akeyless/resource_auth_method_ldap.go new file mode 100644 index 0000000..b8e49cb --- /dev/null +++ b/akeyless/resource_auth_method_ldap.go @@ -0,0 +1,298 @@ +// generated fule +package akeyless + +import ( + "context" + "errors" + "fmt" + "net/http" + "strings" + + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceAuthMethodLdap() *schema.Resource { + return &schema.Resource{ + Description: "LDAP Auth Method Resource", + Create: resourceAuthMethodLdapCreate, + Read: resourceAuthMethodLdapRead, + Update: resourceAuthMethodLdapUpdate, + Delete: resourceAuthMethodLdapDelete, + Importer: &schema.ResourceImporter{ + State: resourceAuthMethodLdapImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Auth Method name", + ForceNew: true, + }, + "access_expires": { + Type: schema.TypeInt, + Required: false, + Optional: true, + Description: "Access expiration date in Unix timestamp (select 0 for access without expiry date)", + Default: "0", + }, + "bound_ips": { + Type: schema.TypeSet, + Required: false, + Optional: true, + Description: "A CIDR whitelist with the IPs that the access is restricted to", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "force_sub_claims": { + Type: schema.TypeBool, + Required: false, + Optional: true, + Description: "enforce role-association must include sub claims", + }, + "jwt_ttl": { + Type: schema.TypeInt, + Required: false, + Optional: true, + Description: "creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)", + }, + "public_key_data": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "A public key generated for LDAP authentication method on Akeyless [RSA2048] in encoded in base 64 format", + }, + "unique_identifier": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "A unique identifier (ID) value should be configured for LDAP, OAuth2 and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.", + Default: "users", + }, + }, + } +} + +func resourceAuthMethodLdapCreate(d *schema.ResourceData, m interface{}) error { + + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + accessExpires := d.Get("access_expires").(int) + boundIpsSet := d.Get("bound_ips").(*schema.Set) + boundIps := common.ExpandStringList(boundIpsSet.List()) + forceSubClaims := d.Get("force_sub_claims").(bool) + jwtTtl := d.Get("jwt_ttl").(int) + publicKeyData := d.Get("public_key_data").(string) + uniqueIdentifier := d.Get("unique_identifier").(string) + + body := akeyless.CreateAuthMethodLDAP{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.AccessExpires, accessExpires) + common.GetAkeylessPtr(&body.BoundIps, boundIps) + common.GetAkeylessPtr(&body.ForceSubClaims, forceSubClaims) + common.GetAkeylessPtr(&body.JwtTtl, jwtTtl) + common.GetAkeylessPtr(&body.PublicKeyData, publicKeyData) + common.GetAkeylessPtr(&body.UniqueIdentifier, uniqueIdentifier) + + _, _, err := client.CreateAuthMethodLDAP(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't create Secret: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't create Secret: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceAuthMethodLdapRead(d *schema.ResourceData, m interface{}) error { + + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + path := d.Id() + + body := akeyless.GetAuthMethod{ + Name: path, + Token: &token, + } + + rOut, res, err := client.GetAuthMethod(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't value: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get value: %v", err) + } + + if rOut.AccessInfo != nil { + accessInfo := *rOut.AccessInfo + if accessInfo.AccessExpires != nil { + err = d.Set("access_expires", *accessInfo.AccessExpires) + if err != nil { + return err + } + } + if accessInfo.ForceSubClaims != nil { + err = d.Set("force_sub_claims", *accessInfo.ForceSubClaims) + if err != nil { + return err + } + } + bodyAcc := akeyless.GetAccountSettings{ + Token: &token, + } + rOutAcc, _, err := client.GetAccountSettings(ctx).Body(bodyAcc).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't get account settings: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get account settings: %v", err) + } + jwtDefault := *rOutAcc.SystemAccessCredsSettings.JwtTtlDefault + if accessInfo.JwtTtl != nil { + if *accessInfo.JwtTtl != jwtDefault || d.Get("jwt_ttl").(int) != 0 { + err = d.Set("jwt_ttl", *accessInfo.JwtTtl) + if err != nil { + return err + } + } + } + if accessInfo.LdapAccessRules.UniqueIdentifier != nil { + err = d.Set("unique_identifier", *accessInfo.LdapAccessRules.UniqueIdentifier) + if err != nil { + return err + } + } + + if accessInfo.CidrWhitelist != nil && *accessInfo.CidrWhitelist != "" { + err = d.Set("bound_ips", strings.Split(*accessInfo.CidrWhitelist, ",")) + if err != nil { + return err + } + } + if accessInfo.ApiKeyAccessRules != nil { + err = d.Set("public_key_data", *accessInfo.ApiKeyAccessRules) + if err != nil { + return err + } + } + } + + d.SetId(path) + + return nil +} + +func resourceAuthMethodLdapUpdate(d *schema.ResourceData, m interface{}) error { + + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + name := d.Get("name").(string) + accessExpires := d.Get("access_expires").(int) + boundIpsSet := d.Get("bound_ips").(*schema.Set) + boundIps := common.ExpandStringList(boundIpsSet.List()) + forceSubClaims := d.Get("force_sub_claims").(bool) + jwtTtl := d.Get("jwt_ttl").(int) + publicKeyData := d.Get("public_key_data").(string) + uniqueIdentifier := d.Get("unique_identifier").(string) + + body := akeyless.UpdateAuthMethodLDAP{ + Name: name, + UniqueIdentifier: &uniqueIdentifier, + Token: &token, + } + common.GetAkeylessPtr(&body.AccessExpires, accessExpires) + common.GetAkeylessPtr(&body.BoundIps, boundIps) + common.GetAkeylessPtr(&body.ForceSubClaims, forceSubClaims) + common.GetAkeylessPtr(&body.JwtTtl, jwtTtl) + common.GetAkeylessPtr(&body.PublicKeyData, publicKeyData) + + _, _, err := client.UpdateAuthMethodLDAP(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't update : %v", string(apiErr.Body())) + } + return fmt.Errorf("can't update : %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceAuthMethodLdapDelete(d *schema.ResourceData, m interface{}) error { + + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + deleteItem := akeyless.DeleteAuthMethod{ + Token: &token, + Name: path, + } + + ctx := context.Background() + _, _, err := client.DeleteAuthMethod(ctx).Body(deleteItem).Execute() + if err != nil { + return err + } + + return nil +} + +func resourceAuthMethodLdapImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + item := akeyless.GetAuthMethod{ + Name: path, + Token: &token, + } + + ctx := context.Background() + _, _, err := client.GetAuthMethod(ctx).Body(item).Execute() + if err != nil { + return nil, err + } + + err = d.Set("name", path) + if err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil +} diff --git a/akeyless/resource_auth_method_test.go b/akeyless/resource_auth_method_test.go index 25176a4..4f7b766 100644 --- a/akeyless/resource_auth_method_test.go +++ b/akeyless/resource_auth_method_test.go @@ -12,8 +12,9 @@ import ( ) func TestAuthMethodApiKeyResourceCreate(t *testing.T) { - name := "test_auth_method" - path := testPath("path_auth_method") + t.Parallel() + name := "test_auth_method_old" + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method" "%v" { path = "%v" @@ -36,8 +37,9 @@ func TestAuthMethodApiKeyResourceCreate(t *testing.T) { } func TestAuthMethodAWSResourceCreate(t *testing.T) { - name := "test_auth_method_aws_iam" - path := testPath("path_auth_method_aws_iam") + t.Parallel() + name := "test_auth_method_aws_iam_old" + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method" "%v" { path = "%v" @@ -61,8 +63,9 @@ func TestAuthMethodAWSResourceCreate(t *testing.T) { } func TestAuthMethodSAMLResourceCreate(t *testing.T) { - name := "test_auth_method_saml" - path := testPath("path_auth_method_saml") + t.Parallel() + name := "test_auth_method_saml_old" + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method" "%v" { path = "%v" @@ -87,8 +90,9 @@ func TestAuthMethodSAMLResourceCreate(t *testing.T) { } func TestAuthMethodAzureResourceCreate(t *testing.T) { - name := "test_auth_method_azure_ad" - path := testPath("path_auth_method_azure_ad") + t.Parallel() + name := "test_auth_method_azure_ad_old" + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method" "%v" { path = "%v" @@ -116,8 +120,9 @@ func TestAuthMethodGCPResourceCreate(t *testing.T) { return } - name := "test_auth_method_gcp" - path := testPath("path_auth_method_gcp") + t.Parallel() + name := "test_auth_method_gcp_old" + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method" "%v" { path = "%v" diff --git a/akeyless/resource_auth_methods_test.go b/akeyless/resource_auth_methods_test.go index d02a456..ec9671e 100644 --- a/akeyless/resource_auth_methods_test.go +++ b/akeyless/resource_auth_methods_test.go @@ -21,6 +21,33 @@ import ( "github.com/stretchr/testify/require" ) +const PUB_KEY = `MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXwIDAQAB` + +func TestAuthMethodLDAPResource(t *testing.T) { + t.Parallel() + name := "test_auth_method_ldap" + path := testPath(name) + deleteAuthMethod(path) + + config := fmt.Sprintf(` + resource "akeyless_auth_method_ldap" "%v" { + name = "%v" + public_key_data = "%v" + } + `, name, path, PUB_KEY) + + configUpdate := fmt.Sprintf(` + resource "akeyless_auth_method_ldap" "%v" { + name = "%v" + public_key_data = "%v" + unique_identifier = "email" + bound_ips = ["1.1.1.0/32"] + } + `, name, path, PUB_KEY) + + testAuthMethodResource(t, config, configUpdate, path) +} + func TestAuthMethodCertResource(t *testing.T) { t.Parallel() name := "test_auth_method_cert" @@ -50,8 +77,9 @@ func TestAuthMethodCertResource(t *testing.T) { } func TestAuthMethodApiKeyResourceCreateNew(t *testing.T) { + t.Parallel() name := "test_auth_method" - path := testPath("path_auth_method") + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method_api_key" "%v" { name = "%v" @@ -64,28 +92,13 @@ func TestAuthMethodApiKeyResourceCreateNew(t *testing.T) { } `, name, path) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } func TestAuthMethodAWSResourceCreateNew(t *testing.T) { + t.Parallel() name := "test_auth_method_aws_iam" - path := testPath("path_auth_method_aws_iam") + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method_aws_iam" "%v" { name = "%v" @@ -100,26 +113,11 @@ func TestAuthMethodAWSResourceCreateNew(t *testing.T) { } `, name, path) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } func TestAuthMethodSAMLResourceCreateNew(t *testing.T) { + t.Parallel() name := "test_auth_method_saml2" path := testPath(name) deleteAuthMethod(path) @@ -141,23 +139,7 @@ func TestAuthMethodSAMLResourceCreateNew(t *testing.T) { } `, name, path) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } func TestAuthMethodSAMLWithXmlResourceCreateNew(t *testing.T) { @@ -202,8 +184,9 @@ func TestAuthMethodSAMLWithXmlResourceCreateNew(t *testing.T) { } func TestAuthMethodAzureResourceCreateNew(t *testing.T) { + t.Parallel() name := "test_auth_method_azure_ad" - path := testPath("path_auth_method_azure_ad") + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method_azure_ad" "%v" { name = "%v" @@ -220,23 +203,7 @@ func TestAuthMethodAzureResourceCreateNew(t *testing.T) { } `, name, path) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } func TestAuthMethodGCPResourceCreateNew(t *testing.T) { @@ -244,8 +211,9 @@ func TestAuthMethodGCPResourceCreateNew(t *testing.T) { return } + t.Parallel() name := "test_auth_method_gcp" - path := testPath("path_auth_method_gcp") + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method_gcp" "%v" { name = "%v" @@ -265,28 +233,13 @@ func TestAuthMethodGCPResourceCreateNew(t *testing.T) { } `, name, path, os.Getenv("TF_ACC_GCP_SERVICE_ACCOUNT"), os.Getenv("TF_ACC_GCP_BOUND_SERVICE_ACC")) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } -func TestAuthMethodUIDResourceCreateNew(t *testing.T) { +func TestAuthMethodUIDResource(t *testing.T) { + t.Parallel() name := "test_auth_method_universal_identity" - path := testPath("auth_method_universal_identity") + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method_universal_identity" "%v" { name = "%v" @@ -302,28 +255,15 @@ func TestAuthMethodUIDResourceCreateNew(t *testing.T) { } `, name, path) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } func TestAuthMethodOidcResourceCreateNew(t *testing.T) { + + t.Parallel() + name := "test_auth_method_oidc" - path := testPath("auth_method_oidc") + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method_oidc" "%v" { name = "%v" @@ -349,28 +289,13 @@ func TestAuthMethodOidcResourceCreateNew(t *testing.T) { } `, name, path) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } -func TestAuthMethodOauth2ResourceCreateNew(t *testing.T) { +func TestAuthMethodOauth2Resource(t *testing.T) { + t.Parallel() name := "tes_akeyless_auth_method_oauth2" - path := testPath("auth_method_oauth2") + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method_oauth2" "%v" { name = "%v" @@ -389,28 +314,13 @@ func TestAuthMethodOauth2ResourceCreateNew(t *testing.T) { } `, name, path) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } -func TestAuthMethodK8sResourceCreateNew(t *testing.T) { +func TestAuthMethodK8sResource(t *testing.T) { + t.Parallel() name := "test_auth_method_K8s_3" - path := testPath("auth_method_K8s_test") + path := testPath(name) config := fmt.Sprintf(` resource "akeyless_auth_method_k8s" "%v" { name = "%v" @@ -428,23 +338,7 @@ func TestAuthMethodK8sResourceCreateNew(t *testing.T) { } `, name, path) - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: config, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - { - Config: configUpdate, - Check: resource.ComposeTestCheckFunc( - checkMethodExistsRemotelyNew(path), - ), - }, - }, - }) + testAuthMethodResource(t, config, configUpdate, path) } func checkMethodExistsRemotelyNew(path string) resource.TestCheckFunc { diff --git a/akeyless/resource_classic_key.go b/akeyless/resource_classic_key.go new file mode 100644 index 0000000..38c99ca --- /dev/null +++ b/akeyless/resource_classic_key.go @@ -0,0 +1,284 @@ +// generated fule +package akeyless + +import ( + "context" + "errors" + "fmt" + "net/http" + "strings" + + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceClassicKey() *schema.Resource { + return &schema.Resource{ + Description: "Classic Key resource", + Create: resourceClassicKeyCreate, + Read: resourceClassicKeyRead, + Update: resourceClassicKeyUpdate, + Delete: resourceClassicKeyDelete, + Importer: &schema.ResourceImporter{ + State: resourceClassicKeyImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Classic key name", + ForceNew: true, + }, + "alg": { + Type: schema.TypeString, + Required: true, + Description: "Key type; options: [AES128GCM, AES256GCM, AES128SIV, AES256SIV, RSA1024, RSA2048, RSA3072, RSA4096, EC256, EC384]", + }, + "key_data": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Base64-encoded classic key value provided by user", + }, + "cert_file_data": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "PEM Certificate in a Base64 format.", + }, + "metadata": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Metadata about the classic key", + }, + "tags": { + Type: schema.TypeSet, + Required: false, + Optional: true, + Description: "List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "protection_key_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "The name of the key that protects the classic key value (if empty, the account default key will be used)", + }, + }, + } +} + +func resourceClassicKeyCreate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + alg := d.Get("alg").(string) + keyData := d.Get("key_data").(string) + certFileData := d.Get("cert_file_data").(string) + metadata := d.Get("metadata").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + protectionKeyName := d.Get("protection_key_name").(string) + + body := akeyless.CreateClassicKey{ + Name: name, + Alg: alg, + Token: &token, + } + common.GetAkeylessPtr(&body.KeyData, keyData) + common.GetAkeylessPtr(&body.CertFileData, certFileData) + common.GetAkeylessPtr(&body.Metadata, metadata) + common.GetAkeylessPtr(&body.Tags, tags) + common.GetAkeylessPtr(&body.ProtectionKeyName, protectionKeyName) + + _, _, err := client.CreateClassicKey(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't create classic key: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't create classic key: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceClassicKeyRead(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + path := d.Id() + + body := akeyless.DescribeItem{ + Name: path, + Token: &token, + } + + rOut, res, err := client.DescribeItem(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't get value: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get value: %v", err) + } + + if rOut.ItemGeneralInfo.ClassicKeyDetails != nil { + keyAlgorithm := rOut.ItemGeneralInfo.ClassicKeyDetails.KeyType + if keyAlgorithm != nil { + err = d.Set("alg", *keyAlgorithm) + if err != nil { + return err + } + } + } + if rOut.PublicValue != nil { + err = d.Set("key_data", *rOut.PublicValue) + if err != nil { + return err + } + } + if rOut.Certificates != nil { + err = d.Set("cert_file_data", *rOut.Certificates) + if err != nil { + return err + } + } + if rOut.ItemMetadata != nil { + err = d.Set("metadata", *rOut.ItemMetadata) + if err != nil { + return err + } + } + if rOut.ItemTags != nil { + err = d.Set("tags", *rOut.ItemTags) + if err != nil { + return err + } + } + if rOut.ProtectionKeyName != nil { + protectionKeyName := *rOut.ProtectionKeyName + // ignore default protection key name + if !strings.Contains(protectionKeyName, "__account-def-secrets-key__") { + err = d.Set("protection_key_name", protectionKeyName) + if err != nil { + return err + } + } + } + if rOut.ItemTargetsAssoc != nil { + targetName := common.GetTargetName(rOut.ItemTargetsAssoc) + err = d.Set("target_name", targetName) + if err != nil { + return err + } + } + + d.SetId(path) + + return nil +} + +func resourceClassicKeyUpdate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + metadata := d.Get("metadata").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + + body := akeyless.UpdateItem{ + Name: name, + Token: &token, + NewName: akeyless.PtrString(name), + NewMetadata: akeyless.PtrString(metadata), + } + + add, remove, err := common.GetTagsForUpdate(d, name, token, tags, client) + if err == nil { + if len(add) > 0 { + common.GetAkeylessPtr(&body.AddTag, add) + } + if len(remove) > 0 { + common.GetAkeylessPtr(&body.RmTag, remove) + } + } + + _, _, err = client.UpdateItem(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't update : %v", string(apiErr.Body())) + } + return fmt.Errorf("can't update : %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceClassicKeyDelete(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + deleteItem := akeyless.DeleteItem{ + Token: &token, + Name: path, + } + + ctx := context.Background() + _, _, err := client.DeleteItem(ctx).Body(deleteItem).Execute() + if err != nil { + return err + } + + return nil +} + +func resourceClassicKeyImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + item := akeyless.DescribeItem{ + Name: path, + Token: &token, + } + + ctx := context.Background() + _, _, err := client.DescribeItem(ctx).Body(item).Execute() + if err != nil { + return nil, err + } + + err = d.Set("name", path) + if err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil +} diff --git a/akeyless/resource_dockerhub_target.go b/akeyless/resource_dockerhub_target.go new file mode 100644 index 0000000..be085e7 --- /dev/null +++ b/akeyless/resource_dockerhub_target.go @@ -0,0 +1,231 @@ +// generated fule +package akeyless + +import ( + "context" + "errors" + "fmt" + "net/http" + + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceDockerhubTarget() *schema.Resource { + return &schema.Resource{ + Description: "Dockerhub Target resource", + Create: resourceDockerhubTargetCreate, + Read: resourceDockerhubTargetRead, + Update: resourceDockerhubTargetUpdate, + Delete: resourceDockerhubTargetDelete, + Importer: &schema.ResourceImporter{ + State: resourceDockerhubTargetImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Target name", + ForceNew: true, + }, + "dockerhub_username": { + Type: schema.TypeString, + Required: true, + Description: "Username for docker repository", + }, + "dockerhub_password": { + Type: schema.TypeString, + Required: true, + Description: "Password for docker repository", + }, + "key": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used", + }, + "comment": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Comment about the target", + }, + }, + } +} + +func resourceDockerhubTargetCreate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + dockerhubUsername := d.Get("dockerhub_username").(string) + dockerhubPassword := d.Get("dockerhub_password").(string) + key := d.Get("key").(string) + comment := d.Get("comment").(string) + + body := akeyless.CreateDockerhubTarget{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.DockerhubUsername, dockerhubUsername) + common.GetAkeylessPtr(&body.DockerhubPassword, dockerhubPassword) + common.GetAkeylessPtr(&body.Key, key) + common.GetAkeylessPtr(&body.Comment, comment) + + _, _, err := client.CreateDockerhubTarget(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't create Secret: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't create Secret: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceDockerhubTargetRead(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + path := d.Id() + + body := akeyless.GetTargetDetails{ + Name: path, + Token: &token, + } + + rOut, res, err := client.GetTargetDetails(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't value: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get value: %v", err) + } + + if rOut.Value.UserName != nil { + err = d.Set("dockerhub_username", *rOut.Value.UserName) + if err != nil { + return err + } + } + if rOut.Value.Password != nil { + err = d.Set("dockerhub_password", *rOut.Value.Password) + if err != nil { + return err + } + } + if rOut.Target.ProtectionKeyName != nil { + err = d.Set("key", *rOut.Target.ProtectionKeyName) + if err != nil { + return err + } + } + if rOut.Target.Comment != nil { + err = d.Set("comment", *rOut.Target.Comment) + if err != nil { + return err + } + } + + d.SetId(path) + + return nil +} + +func resourceDockerhubTargetUpdate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + dockerhubUsername := d.Get("dockerhub_username").(string) + dockerhubPassword := d.Get("dockerhub_password").(string) + key := d.Get("key").(string) + comment := d.Get("comment").(string) + + body := akeyless.UpdateDockerhubTarget{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.DockerhubUsername, dockerhubUsername) + common.GetAkeylessPtr(&body.DockerhubPassword, dockerhubPassword) + common.GetAkeylessPtr(&body.Key, key) + common.GetAkeylessPtr(&body.Comment, comment) + + _, _, err := client.UpdateDockerhubTarget(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't update : %v", string(apiErr.Body())) + } + return fmt.Errorf("can't update : %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceDockerhubTargetDelete(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + deleteItem := akeyless.DeleteTarget{ + Token: &token, + Name: path, + } + + ctx := context.Background() + _, _, err := client.DeleteTarget(ctx).Body(deleteItem).Execute() + if err != nil { + return err + } + + return nil +} + +func resourceDockerhubTargetImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + item := akeyless.GetTarget{ + Name: path, + Token: &token, + } + + ctx := context.Background() + _, _, err := client.GetTarget(ctx).Body(item).Execute() + if err != nil { + return nil, err + } + + err = d.Set("name", path) + if err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil +} diff --git a/akeyless/resource_gateway_producer_dockerhub.go b/akeyless/resource_gateway_producer_dockerhub.go new file mode 100644 index 0000000..c5edc33 --- /dev/null +++ b/akeyless/resource_gateway_producer_dockerhub.go @@ -0,0 +1,294 @@ +// generated fule +package akeyless + +import ( + "context" + "errors" + "fmt" + "net/http" + + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceProducerDockerhub() *schema.Resource { + return &schema.Resource{ + Description: "Creates a Dockerhub producer", + Create: resourceProducerDockerhubCreate, + Read: resourceProducerDockerhubRead, + Update: resourceProducerDockerhubUpdate, + Delete: resourceProducerDockerhubDelete, + Importer: &schema.ResourceImporter{ + State: resourceProducerDockerhubImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Producer name", + ForceNew: true, + }, + "target_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Name of existing target to use in producer creation", + }, + "dockerhub_username": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Username for docker repository", + }, + "dockerhub_password": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Password for docker repository", + }, + "dockerhub_token_scopes": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Comma seperated access token scopes list to give the created dynamic secret. Valid options are in 'repo:admin', 'repo:write', 'repo:read', 'repo:public_read'", + }, + "user_ttl": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User TTL (<=60m for access token)", + Default: "60m", + }, + "tags": { + Type: schema.TypeSet, + Required: false, + Optional: true, + Description: "List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "producer_encryption_key_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Dynamic producer encryption key", + }, + }, + } +} + +func resourceProducerDockerhubCreate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + dockerhubUsername := d.Get("dockerhub_username").(string) + dockerhubPassword := d.Get("dockerhub_password").(string) + dockerhubTokenScopes := d.Get("dockerhub_token_scopes").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + producerEncryptionKeyName := d.Get("producer_encryption_key_name").(string) + + body := akeyless.GatewayCreateProducerDockerhub{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.DockerhubUsername, dockerhubUsername) + common.GetAkeylessPtr(&body.DockerhubPassword, dockerhubPassword) + common.GetAkeylessPtr(&body.DockerhubTokenScopes, dockerhubTokenScopes) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + common.GetAkeylessPtr(&body.ProducerEncryptionKeyName, producerEncryptionKeyName) + + _, _, err := client.GatewayCreateProducerDockerhub(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't create Secret: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't create Secret: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerDockerhubRead(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + path := d.Id() + + body := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + rOut, res, err := client.GatewayGetProducer(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't value: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get value: %v", err) + } + if rOut.UserTtl != nil { + err = d.Set("user_ttl", *rOut.UserTtl) + if err != nil { + return err + } + } + if rOut.Tags != nil { + err = d.Set("tags", *rOut.Tags) + if err != nil { + return err + } + } + + if rOut.ItemTargetsAssoc != nil { + targetName := common.GetTargetName(rOut.ItemTargetsAssoc) + err = d.Set("target_name", targetName) + if err != nil { + return err + } + } + if rOut.UserName != nil { + err = d.Set("dockerhub_username", *rOut.UserName) + if err != nil { + return err + } + } + if rOut.Password != nil { + err = d.Set("dockerhub_password", *rOut.Password) + if err != nil { + return err + } + } + + if rOut.Scopes != nil { + scopes := *rOut.Scopes + var scopeString = "" + for _, scope := range scopes { + scopeString = scopeString + scope + " , " + } + // remove the last ` , ` from end of string + scopeString = scopeString[:len(scopeString)-3] + err = d.Set("dockerhub_token_scopes", scopeString) + if err != nil { + return err + } + } + if rOut.DynamicSecretKey != nil { + err = d.Set("producer_encryption_key_name", *rOut.DynamicSecretKey) + if err != nil { + return err + } + } + + d.SetId(path) + + return nil +} + +func resourceProducerDockerhubUpdate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + dockerhubUsername := d.Get("dockerhub_username").(string) + dockerhubPassword := d.Get("dockerhub_password").(string) + dockerhubTokenScopes := d.Get("dockerhub_token_scopes").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + producerEncryptionKeyName := d.Get("producer_encryption_key_name").(string) + + body := akeyless.GatewayUpdateProducerDockerhub{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.DockerhubUsername, dockerhubUsername) + common.GetAkeylessPtr(&body.DockerhubPassword, dockerhubPassword) + common.GetAkeylessPtr(&body.DockerhubTokenScopes, dockerhubTokenScopes) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + common.GetAkeylessPtr(&body.ProducerEncryptionKeyName, producerEncryptionKeyName) + + _, _, err := client.GatewayUpdateProducerDockerhub(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't update : %v", string(apiErr.Body())) + } + return fmt.Errorf("can't update : %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerDockerhubDelete(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + deleteItem := akeyless.GatewayDeleteProducer{ + Token: &token, + Name: path, + } + + ctx := context.Background() + _, _, err := client.GatewayDeleteProducer(ctx).Body(deleteItem).Execute() + if err != nil { + return err + } + + return nil +} + +func resourceProducerDockerhubImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + item := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + ctx := context.Background() + _, _, err := client.GatewayGetProducer(ctx).Body(item).Execute() + if err != nil { + return nil, err + } + + err = d.Set("name", path) + if err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil +} diff --git a/akeyless/resource_gateway_producer_hanadb.go b/akeyless/resource_gateway_producer_hanadb.go new file mode 100644 index 0000000..a69fbc9 --- /dev/null +++ b/akeyless/resource_gateway_producer_hanadb.go @@ -0,0 +1,409 @@ +package akeyless + +import ( + "context" + "errors" + "fmt" + "net/http" + + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceProducerHanadb() *schema.Resource { + return &schema.Resource{ + Description: "HanaDB producer resource", + Create: resourceProducerHanadbCreate, + Read: resourceProducerHanadbRead, + Update: resourceProducerHanadbUpdate, + Delete: resourceProducerHanadbDelete, + Importer: &schema.ResourceImporter{ + State: resourceProducerHanadbImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Producer name", + ForceNew: true, + }, + "target_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Name of existing target to use in producer creation", + }, + "hana_dbname": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Hana DB Name", + }, + "hanadb_username": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "HanaDB user", + }, + "hanadb_password": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "HanaDB password", + }, + "hanadb_host": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "HanaDB host name", + Default: "127.0.0.1", + }, + "hanadb_port": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "HanaDB port", + Default: "443", + }, + "hanadb_create_statements": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "HanaDB Creation Statements", + Default: `CREATE USER {{name}} PASSWORD "{{password}}"; GRANT "MONITOR ADMIN" TO {{name}};`, + }, + "hanadb_revocation_statements": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "HanaDB Revocation Statements", + Default: "DROP USER {{name}};", + }, + "producer_encryption_key_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Encrypt producer with following key", + }, + "user_ttl": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User TTL", + Default: "60m", + }, + "tags": { + Type: schema.TypeSet, + Required: false, + Optional: true, + Description: "List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "secure_access_enable": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Enable/Disable secure remote access, [true/false]", + }, + "secure_access_bastion_issuer": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Path to the SSH Certificate Issuer for your Akeyless Bastion", + }, + "secure_access_host": { + Type: schema.TypeSet, + Required: false, + Optional: true, + Description: "Target DB servers for connections., For multiple values repeat this flag.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "secure_access_db_schema": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "The db schema", + }, + "secure_access_web": { + Type: schema.TypeBool, + Required: false, + Optional: true, + Description: "Enable Web Secure Remote Access ", + Default: "false", + }, + }, + } +} + +func resourceProducerHanadbCreate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + hanaDbname := d.Get("hana_dbname").(string) + hanadbUsername := d.Get("hanadb_username").(string) + hanadbPassword := d.Get("hanadb_password").(string) + hanadbHost := d.Get("hanadb_host").(string) + hanadbPort := d.Get("hanadb_port").(string) + hanadbCreateStatements := d.Get("hanadb_create_statements").(string) + hanadbRevocationStatements := d.Get("hanadb_revocation_statements").(string) + producerEncryptionKeyName := d.Get("producer_encryption_key_name").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + secureAccessEnable := d.Get("secure_access_enable").(string) + secureAccessBastionIssuer := d.Get("secure_access_bastion_issuer").(string) + secureAccessHostSet := d.Get("secure_access_host").(*schema.Set) + secureAccessHost := common.ExpandStringList(secureAccessHostSet.List()) + secureAccessDbSchema := d.Get("secure_access_db_schema").(string) + secureAccessWeb := d.Get("secure_access_web").(bool) + + body := akeyless.GatewayCreateProducerHanaDb{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.HanaDbname, hanaDbname) + common.GetAkeylessPtr(&body.HanadbUsername, hanadbUsername) + common.GetAkeylessPtr(&body.HanadbPassword, hanadbPassword) + common.GetAkeylessPtr(&body.HanadbHost, hanadbHost) + common.GetAkeylessPtr(&body.HanadbPort, hanadbPort) + common.GetAkeylessPtr(&body.HanadbCreateStatements, hanadbCreateStatements) + common.GetAkeylessPtr(&body.HanadbRevocationStatements, hanadbRevocationStatements) + common.GetAkeylessPtr(&body.ProducerEncryptionKeyName, producerEncryptionKeyName) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + common.GetAkeylessPtr(&body.SecureAccessEnable, secureAccessEnable) + common.GetAkeylessPtr(&body.SecureAccessBastionIssuer, secureAccessBastionIssuer) + common.GetAkeylessPtr(&body.SecureAccessHost, secureAccessHost) + common.GetAkeylessPtr(&body.SecureAccessDbSchema, secureAccessDbSchema) + common.GetAkeylessPtr(&body.SecureAccessWeb, secureAccessWeb) + + _, _, err := client.GatewayCreateProducerHanaDb(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't create Secret: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't create Secret: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerHanadbRead(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + path := d.Id() + + body := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + rOut, res, err := client.GatewayGetProducer(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't value: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get value: %v", err) + } + if rOut.HanadbRevocationStatements != nil { + err = d.Set("hanadb_revocation_statements", *rOut.HanadbRevocationStatements) + if err != nil { + return err + } + } + if rOut.UserTtl != nil { + err = d.Set("user_ttl", *rOut.UserTtl) + if err != nil { + return err + } + } + if rOut.Tags != nil { + err = d.Set("tags", *rOut.Tags) + if err != nil { + return err + } + } + + if rOut.ItemTargetsAssoc != nil { + targetName := common.GetTargetName(rOut.ItemTargetsAssoc) + err = d.Set("target_name", targetName) + if err != nil { + return err + } + } + if rOut.DbName != nil { + err = d.Set("hana_dbname", *rOut.DbName) + if err != nil { + return err + } + } + if rOut.DbUserName != nil { + err = d.Set("hanadb_username", *rOut.DbUserName) + if err != nil { + return err + } + } + if rOut.DbPwd != nil { + err = d.Set("hanadb_password", *rOut.DbPwd) + if err != nil { + return err + } + } + if rOut.DbHostName != nil { + err = d.Set("hanadb_host", *rOut.DbHostName) + if err != nil { + return err + } + } + if rOut.DbPort != nil { + err = d.Set("hanadb_port", *rOut.DbPort) + if err != nil { + return err + } + } + if rOut.HanadbCreationStatements != nil { + err = d.Set("hanadb_create_statements", *rOut.HanadbCreationStatements) + if err != nil { + return err + } + } + if rOut.DynamicSecretKey != nil { + err = d.Set("producer_encryption_key_name", *rOut.DynamicSecretKey) + if err != nil { + return err + } + } + + common.GetSra(d, rOut.SecureRemoteAccessDetails, "DYNAMIC_SECERT") + + d.SetId(path) + + return nil +} + +func resourceProducerHanadbUpdate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + hanaDbname := d.Get("hana_dbname").(string) + hanadbUsername := d.Get("hanadb_username").(string) + hanadbPassword := d.Get("hanadb_password").(string) + hanadbHost := d.Get("hanadb_host").(string) + hanadbPort := d.Get("hanadb_port").(string) + hanadbCreateStatements := d.Get("hanadb_create_statements").(string) + hanadbRevocationStatements := d.Get("hanadb_revocation_statements").(string) + producerEncryptionKeyName := d.Get("producer_encryption_key_name").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + secureAccessEnable := d.Get("secure_access_enable").(string) + secureAccessBastionIssuer := d.Get("secure_access_bastion_issuer").(string) + secureAccessHostSet := d.Get("secure_access_host").(*schema.Set) + secureAccessHost := common.ExpandStringList(secureAccessHostSet.List()) + secureAccessDbSchema := d.Get("secure_access_db_schema").(string) + secureAccessWeb := d.Get("secure_access_web").(bool) + + body := akeyless.GatewayUpdateProducerHanaDb{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.HanaDbname, hanaDbname) + common.GetAkeylessPtr(&body.HanadbUsername, hanadbUsername) + common.GetAkeylessPtr(&body.HanadbPassword, hanadbPassword) + common.GetAkeylessPtr(&body.HanadbHost, hanadbHost) + common.GetAkeylessPtr(&body.HanadbPort, hanadbPort) + common.GetAkeylessPtr(&body.HanadbCreateStatements, hanadbCreateStatements) + common.GetAkeylessPtr(&body.HanadbRevocationStatements, hanadbRevocationStatements) + common.GetAkeylessPtr(&body.ProducerEncryptionKeyName, producerEncryptionKeyName) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + common.GetAkeylessPtr(&body.SecureAccessEnable, secureAccessEnable) + common.GetAkeylessPtr(&body.SecureAccessBastionIssuer, secureAccessBastionIssuer) + common.GetAkeylessPtr(&body.SecureAccessHost, secureAccessHost) + common.GetAkeylessPtr(&body.SecureAccessDbSchema, secureAccessDbSchema) + common.GetAkeylessPtr(&body.SecureAccessWeb, secureAccessWeb) + + _, _, err := client.GatewayUpdateProducerHanaDb(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't update producer: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't update producer: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerHanadbDelete(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + deleteItem := akeyless.GatewayDeleteProducer{ + Token: &token, + Name: path, + } + + ctx := context.Background() + _, _, err := client.GatewayDeleteProducer(ctx).Body(deleteItem).Execute() + if err != nil { + return err + } + + return nil +} + +func resourceProducerHanadbImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + item := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + ctx := context.Background() + _, _, err := client.GatewayGetProducer(ctx).Body(item).Execute() + if err != nil { + return nil, err + } + + err = d.Set("name", path) + if err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil +} diff --git a/akeyless/resource_gateway_producer_ldap.go b/akeyless/resource_gateway_producer_ldap.go new file mode 100644 index 0000000..6301d0d --- /dev/null +++ b/akeyless/resource_gateway_producer_ldap.go @@ -0,0 +1,371 @@ +// generated fule +package akeyless + +import ( + "context" + "encoding/base64" + "errors" + "fmt" + "net/http" + + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceProducerLdap() *schema.Resource { + return &schema.Resource{ + Description: "LDAP producer resource", + Create: resourceProducerLdapCreate, + Read: resourceProducerLdapRead, + Update: resourceProducerLdapUpdate, + Delete: resourceProducerLdapDelete, + Importer: &schema.ResourceImporter{ + State: resourceProducerLdapImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Producer name", + ForceNew: true, + }, + "target_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Name of existing target to use in producer creation", + }, + "ldap_url": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "LDAP Server URL", + }, + "user_dn": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User Base DN", + }, + "user_attribute": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "LDAP User Attribute", + }, + "ldap_ca_cert": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "LDAP base-64 encoded CA Certificate", + }, + "bind_dn": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "LDAP Bind DN", + }, + "bind_dn_password": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Password for LDAP Bind DN", + }, + "external_username": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Externally provided username", + Default: "false", + }, + "token_expiration": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "LDAP token expiration in seconds", + Default: "60", + }, + "producer_encryption_key_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Encrypt producer with following key", + }, + "user_ttl": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User TTL", + Default: "60m", + }, + "tags": { + Type: schema.TypeSet, + Required: false, + Optional: true, + Description: "List of the tags attached to this secret. To specify multiple tags use argument multiple times: --tag Tag1 --tag Tag2", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + } +} + +func resourceProducerLdapCreate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + ldapUrl := d.Get("ldap_url").(string) + userDn := d.Get("user_dn").(string) + userAttribute := d.Get("user_attribute").(string) + ldapCaCert := d.Get("ldap_ca_cert").(string) + bindDn := d.Get("bind_dn").(string) + bindDnPassword := d.Get("bind_dn_password").(string) + externalUsername := d.Get("external_username").(string) + tokenExpiration := d.Get("token_expiration").(string) + producerEncryptionKeyName := d.Get("producer_encryption_key_name").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + + body := akeyless.GatewayCreateProducerLdap{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.LdapUrl, ldapUrl) + common.GetAkeylessPtr(&body.UserDn, userDn) + common.GetAkeylessPtr(&body.UserAttribute, userAttribute) + common.GetAkeylessPtr(&body.LdapCaCert, ldapCaCert) + common.GetAkeylessPtr(&body.BindDn, bindDn) + common.GetAkeylessPtr(&body.BindDnPassword, bindDnPassword) + common.GetAkeylessPtr(&body.ExternalUsername, externalUsername) + common.GetAkeylessPtr(&body.TokenExpiration, tokenExpiration) + common.GetAkeylessPtr(&body.ProducerEncryptionKeyName, producerEncryptionKeyName) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + + _, _, err := client.GatewayCreateProducerLdap(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't create Secret: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't create Secret: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerLdapRead(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + path := d.Id() + + body := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + rOut, res, err := client.GatewayGetProducer(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't value: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get value: %v", err) + } + if rOut.LdapUrl != nil { + err = d.Set("ldap_url", *rOut.LdapUrl) + if err != nil { + return err + } + } + if rOut.UserTtl != nil { + err = d.Set("user_ttl", *rOut.UserTtl) + if err != nil { + return err + } + } + if rOut.Tags != nil { + err = d.Set("tags", *rOut.Tags) + if err != nil { + return err + } + } + + if rOut.ItemTargetsAssoc != nil { + targetName := common.GetTargetName(rOut.ItemTargetsAssoc) + err = d.Set("target_name", targetName) + if err != nil { + return err + } + } + + if rOut.LdapUserDn != nil { + err = d.Set("user_dn", *rOut.LdapUserDn) + if err != nil { + return err + } + } + if rOut.LdapUserAttr != nil { + err = d.Set("user_attribute", *rOut.LdapUserAttr) + if err != nil { + return err + } + } + if rOut.LdapCertificate != nil { + certEncodedData := base64.StdEncoding.EncodeToString([]byte(*rOut.LdapCertificate)) + err = d.Set("ldap_ca_cert", certEncodedData) + if err != nil { + return err + } + } + if rOut.LdapBindDn != nil { + err = d.Set("bind_dn", *rOut.LdapBindDn) + if err != nil { + return err + } + } + if rOut.LdapBindPassword != nil { + err = d.Set("bind_dn_password", *rOut.LdapBindPassword) + if err != nil { + return err + } + } + if rOut.FixedUserOnly != nil { + err = d.Set("external_username", *rOut.FixedUserOnly) + if err != nil { + return err + } + } + if rOut.LdapTokenExpiration != nil { + err = d.Set("token_expiration", *rOut.LdapTokenExpiration) + if err != nil { + return err + } + } + if rOut.DynamicSecretKey != nil { + err = d.Set("producer_encryption_key_name", *rOut.DynamicSecretKey) + if err != nil { + return err + } + } + + d.SetId(path) + + return nil +} + +func resourceProducerLdapUpdate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + ldapUrl := d.Get("ldap_url").(string) + userDn := d.Get("user_dn").(string) + userAttribute := d.Get("user_attribute").(string) + ldapCaCert := d.Get("ldap_ca_cert").(string) + bindDn := d.Get("bind_dn").(string) + bindDnPassword := d.Get("bind_dn_password").(string) + externalUsername := d.Get("external_username").(string) + tokenExpiration := d.Get("token_expiration").(string) + producerEncryptionKeyName := d.Get("producer_encryption_key_name").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + + body := akeyless.GatewayUpdateProducerLdap{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.LdapUrl, ldapUrl) + common.GetAkeylessPtr(&body.UserDn, userDn) + common.GetAkeylessPtr(&body.UserAttribute, userAttribute) + common.GetAkeylessPtr(&body.LdapCaCert, ldapCaCert) + common.GetAkeylessPtr(&body.BindDn, bindDn) + common.GetAkeylessPtr(&body.BindDnPassword, bindDnPassword) + common.GetAkeylessPtr(&body.ExternalUsername, externalUsername) + common.GetAkeylessPtr(&body.TokenExpiration, tokenExpiration) + common.GetAkeylessPtr(&body.ProducerEncryptionKeyName, producerEncryptionKeyName) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + + _, _, err := client.GatewayUpdateProducerLdap(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't update : %v", string(apiErr.Body())) + } + return fmt.Errorf("can't update : %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerLdapDelete(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + deleteItem := akeyless.GatewayDeleteProducer{ + Token: &token, + Name: path, + } + + ctx := context.Background() + _, _, err := client.GatewayDeleteProducer(ctx).Body(deleteItem).Execute() + if err != nil { + return err + } + + return nil +} + +func resourceProducerLdapImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + item := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + ctx := context.Background() + _, _, err := client.GatewayGetProducer(ctx).Body(item).Execute() + if err != nil { + return nil, err + } + + err = d.Set("name", path) + if err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil +} diff --git a/akeyless/resource_gateway_producer_rabbitmq.go b/akeyless/resource_gateway_producer_rabbitmq.go new file mode 100644 index 0000000..5ffe3c1 --- /dev/null +++ b/akeyless/resource_gateway_producer_rabbitmq.go @@ -0,0 +1,410 @@ +// generated fule +package akeyless + +import ( + "context" + "errors" + "fmt" + "net/http" + + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceProducerRabbitmq() *schema.Resource { + return &schema.Resource{ + Description: "RabbitMQ producer resource", + Create: resourceProducerRabbitmqCreate, + Read: resourceProducerRabbitmqRead, + Update: resourceProducerRabbitmqUpdate, + Delete: resourceProducerRabbitmqDelete, + Importer: &schema.ResourceImporter{ + State: resourceProducerRabbitmqImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Producer name", + ForceNew: true, + }, + "target_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Name of existing target to use in producer creation", + }, + "rabbitmq_server_uri": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "RabbitMQ server URI", + }, + "rabbitmq_user_conf_permission": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User configuration permission, for example:[.*,queue-name]", + }, + "rabbitmq_user_write_permission": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User write permission, for example:[.*,queue-name]", + }, + "rabbitmq_user_read_permission": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User read permission, for example:[.*,queue-name]", + }, + "rabbitmq_admin_user": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "RabbitMQ server user", + }, + "rabbitmq_admin_pwd": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "RabbitMQ server password", + }, + "rabbitmq_user_vhost": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User Virtual Host", + }, + "rabbitmq_user_tags": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Comma separated list of tags to apply to user", + }, + "producer_encryption_key_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Encrypt producer with following key", + }, + "user_ttl": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User TTL", + Default: "60m", + }, + "tags": { + Type: schema.TypeSet, + Required: false, + Optional: true, + Description: "List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "secure_access_enable": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Enable/Disable secure remote access, [true/false]", + }, + "secure_access_web_browsing": { + Type: schema.TypeBool, + Required: false, + Optional: true, + Description: "Secure browser via Akeyless Web Access Bastion", + Default: "false", + }, + "secure_access_web": { + Type: schema.TypeBool, + Required: false, + Optional: true, + Description: "Enable Web Secure Remote Access", + Default: "true", + }, + "secure_access_url": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Destination URL to inject secrets.", + }, + }, + } +} + +func resourceProducerRabbitmqCreate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + rabbitmqServerUri := d.Get("rabbitmq_server_uri").(string) + rabbitmqUserConfPermission := d.Get("rabbitmq_user_conf_permission").(string) + rabbitmqUserWritePermission := d.Get("rabbitmq_user_write_permission").(string) + rabbitmqUserReadPermission := d.Get("rabbitmq_user_read_permission").(string) + rabbitmqAdminUser := d.Get("rabbitmq_admin_user").(string) + rabbitmqAdminPwd := d.Get("rabbitmq_admin_pwd").(string) + rabbitmqUserVhost := d.Get("rabbitmq_user_vhost").(string) + rabbitmqUserTags := d.Get("rabbitmq_user_tags").(string) + producerEncryptionKeyName := d.Get("producer_encryption_key_name").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + secureAccessEnable := d.Get("secure_access_enable").(string) + secureAccessWebBrowsing := d.Get("secure_access_web_browsing").(bool) + secureAccessWeb := d.Get("secure_access_web").(bool) + secureAccessUrl := d.Get("secure_access_url").(string) + + body := akeyless.GatewayCreateProducerRabbitMQ{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.RabbitmqServerUri, rabbitmqServerUri) + common.GetAkeylessPtr(&body.RabbitmqUserConfPermission, rabbitmqUserConfPermission) + common.GetAkeylessPtr(&body.RabbitmqUserWritePermission, rabbitmqUserWritePermission) + common.GetAkeylessPtr(&body.RabbitmqUserReadPermission, rabbitmqUserReadPermission) + common.GetAkeylessPtr(&body.RabbitmqAdminUser, rabbitmqAdminUser) + common.GetAkeylessPtr(&body.RabbitmqAdminPwd, rabbitmqAdminPwd) + common.GetAkeylessPtr(&body.RabbitmqUserVhost, rabbitmqUserVhost) + common.GetAkeylessPtr(&body.RabbitmqUserTags, rabbitmqUserTags) + common.GetAkeylessPtr(&body.ProducerEncryptionKeyName, producerEncryptionKeyName) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + common.GetAkeylessPtr(&body.SecureAccessEnable, secureAccessEnable) + common.GetAkeylessPtr(&body.SecureAccessWebBrowsing, secureAccessWebBrowsing) + common.GetAkeylessPtr(&body.SecureAccessWeb, secureAccessWeb) + common.GetAkeylessPtr(&body.SecureAccessUrl, secureAccessUrl) + + _, _, err := client.GatewayCreateProducerRabbitMQ(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't create Secret: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't create Secret: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerRabbitmqRead(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + path := d.Id() + + body := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + rOut, res, err := client.GatewayGetProducer(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't value: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get value: %v", err) + } + if rOut.RabbitmqServerUri != nil { + err = d.Set("rabbitmq_server_uri", *rOut.RabbitmqServerUri) + if err != nil { + return err + } + } + if rOut.RabbitmqUserConfPermission != nil { + err = d.Set("rabbitmq_user_conf_permission", *rOut.RabbitmqUserConfPermission) + if err != nil { + return err + } + } + if rOut.RabbitmqUserWritePermission != nil { + err = d.Set("rabbitmq_user_write_permission", *rOut.RabbitmqUserWritePermission) + if err != nil { + return err + } + } + if rOut.RabbitmqUserReadPermission != nil { + err = d.Set("rabbitmq_user_read_permission", *rOut.RabbitmqUserReadPermission) + if err != nil { + return err + } + } + if rOut.RabbitmqUserVhost != nil { + err = d.Set("rabbitmq_user_vhost", *rOut.RabbitmqUserVhost) + if err != nil { + return err + } + } + if rOut.RabbitmqUserTags != nil { + err = d.Set("rabbitmq_user_tags", *rOut.RabbitmqUserTags) + if err != nil { + return err + } + } + if rOut.UserTtl != nil { + err = d.Set("user_ttl", *rOut.UserTtl) + if err != nil { + return err + } + } + if rOut.Tags != nil { + err = d.Set("tags", *rOut.Tags) + if err != nil { + return err + } + } + + if rOut.ItemTargetsAssoc != nil { + targetName := common.GetTargetName(rOut.ItemTargetsAssoc) + err = d.Set("target_name", targetName) + if err != nil { + return err + } + } + if rOut.AdminName != nil { + err = d.Set("rabbitmq_admin_user", *rOut.AdminName) + if err != nil { + return err + } + } + if rOut.AdminPwd != nil { + err = d.Set("rabbitmq_admin_pwd", *rOut.AdminPwd) + if err != nil { + return err + } + } + if rOut.DynamicSecretKey != nil { + err = d.Set("producer_encryption_key_name", *rOut.DynamicSecretKey) + if err != nil { + return err + } + } + + common.GetSra(d, rOut.SecureRemoteAccessDetails, "DYNAMIC_SECERT") + + d.SetId(path) + + return nil +} + +func resourceProducerRabbitmqUpdate(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + rabbitmqServerUri := d.Get("rabbitmq_server_uri").(string) + rabbitmqUserConfPermission := d.Get("rabbitmq_user_conf_permission").(string) + rabbitmqUserWritePermission := d.Get("rabbitmq_user_write_permission").(string) + rabbitmqUserReadPermission := d.Get("rabbitmq_user_read_permission").(string) + rabbitmqAdminUser := d.Get("rabbitmq_admin_user").(string) + rabbitmqAdminPwd := d.Get("rabbitmq_admin_pwd").(string) + rabbitmqUserVhost := d.Get("rabbitmq_user_vhost").(string) + rabbitmqUserTags := d.Get("rabbitmq_user_tags").(string) + producerEncryptionKeyName := d.Get("producer_encryption_key_name").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + secureAccessEnable := d.Get("secure_access_enable").(string) + secureAccessWebBrowsing := d.Get("secure_access_web_browsing").(bool) + secureAccessWeb := d.Get("secure_access_web").(bool) + secureAccessUrl := d.Get("secure_access_url").(string) + + body := akeyless.GatewayUpdateProducerRabbitMQ{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.RabbitmqServerUri, rabbitmqServerUri) + common.GetAkeylessPtr(&body.RabbitmqUserConfPermission, rabbitmqUserConfPermission) + common.GetAkeylessPtr(&body.RabbitmqUserWritePermission, rabbitmqUserWritePermission) + common.GetAkeylessPtr(&body.RabbitmqUserReadPermission, rabbitmqUserReadPermission) + common.GetAkeylessPtr(&body.RabbitmqAdminUser, rabbitmqAdminUser) + common.GetAkeylessPtr(&body.RabbitmqAdminPwd, rabbitmqAdminPwd) + common.GetAkeylessPtr(&body.RabbitmqUserVhost, rabbitmqUserVhost) + common.GetAkeylessPtr(&body.RabbitmqUserTags, rabbitmqUserTags) + common.GetAkeylessPtr(&body.ProducerEncryptionKeyName, producerEncryptionKeyName) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + common.GetAkeylessPtr(&body.SecureAccessEnable, secureAccessEnable) + common.GetAkeylessPtr(&body.SecureAccessWebBrowsing, secureAccessWebBrowsing) + common.GetAkeylessPtr(&body.SecureAccessWeb, secureAccessWeb) + common.GetAkeylessPtr(&body.SecureAccessUrl, secureAccessUrl) + + _, _, err := client.GatewayUpdateProducerRabbitMQ(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't update : %v", string(apiErr.Body())) + } + return fmt.Errorf("can't update : %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerRabbitmqDelete(d *schema.ResourceData, m interface{}) error { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + deleteItem := akeyless.GatewayDeleteProducer{ + Token: &token, + Name: path, + } + + ctx := context.Background() + _, _, err := client.GatewayDeleteProducer(ctx).Body(deleteItem).Execute() + if err != nil { + return err + } + + return nil +} + +func resourceProducerRabbitmqImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + item := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + ctx := context.Background() + _, _, err := client.GatewayGetProducer(ctx).Body(item).Execute() + if err != nil { + return nil, err + } + + err = d.Set("name", path) + if err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil +} diff --git a/akeyless/resource_gateway_producer_snowflake.go b/akeyless/resource_gateway_producer_snowflake.go new file mode 100644 index 0000000..fe0cc77 --- /dev/null +++ b/akeyless/resource_gateway_producer_snowflake.go @@ -0,0 +1,321 @@ +// generated fule +package akeyless + +import ( + "context" + "errors" + "fmt" + "net/http" + + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceProducerSnowflake() *schema.Resource { + return &schema.Resource{ + Description: "Snowflake producer resource", + Create: resourceProducerSnowflakeCreate, + Read: resourceProducerSnowflakeRead, + Update: resourceProducerSnowflakeUpdate, + Delete: resourceProducerSnowflakeDelete, + Importer: &schema.ResourceImporter{ + State: resourceProducerSnowflakeImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Producer name", + ForceNew: true, + }, + "target_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Name of existing target to use in producer creation", + }, + "account": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Snowflake account name", + }, + "account_username": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Snowflake account user name", + }, + "account_password": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Snowflake account password", + }, + "db_name": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "The DB the generated credentials are restricted to", + }, + "role": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "Role to be assigned to the generated credentials", + }, + "warehouse": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "The warehouse the generated credentials are restricted to", + }, + "user_ttl": { + Type: schema.TypeString, + Required: false, + Optional: true, + Description: "User TTL", + Default: "24h", + }, + "tags": { + Type: schema.TypeSet, + Required: false, + Optional: true, + Description: "List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + } +} + +func resourceProducerSnowflakeCreate(d *schema.ResourceData, m interface{}) error { + + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + account := d.Get("account").(string) + accountUsername := d.Get("account_username").(string) + accountPassword := d.Get("account_password").(string) + dbName := d.Get("db_name").(string) + role := d.Get("role").(string) + warehouse := d.Get("warehouse").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + + body := akeyless.GatewayCreateProducerSnowflake{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.Account, account) + common.GetAkeylessPtr(&body.AccountUsername, accountUsername) + common.GetAkeylessPtr(&body.AccountPassword, accountPassword) + common.GetAkeylessPtr(&body.DbName, dbName) + common.GetAkeylessPtr(&body.Role, role) + common.GetAkeylessPtr(&body.Warehouse, warehouse) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + + _, _, err := client.GatewayCreateProducerSnowflake(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't create Snowflake Producer: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't create Snowflake Producer: %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerSnowflakeRead(d *schema.ResourceData, m interface{}) error { + + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + + path := d.Id() + + body := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + rOut, res, err := client.GatewayGetProducer(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + if res.StatusCode == http.StatusNotFound { + // The resource was deleted outside of the current Terraform workspace, so invalidate this resource + d.SetId("") + return nil + } + return fmt.Errorf("can't value: %v", string(apiErr.Body())) + } + return fmt.Errorf("can't get value: %v", err) + } + if rOut.DbName != nil { + err = d.Set("db_name", *rOut.DbName) + if err != nil { + return err + } + } + if rOut.UserTtl != nil { + err = d.Set("user_ttl", *rOut.UserTtl) + if err != nil { + return err + } + } + if rOut.Tags != nil { + err = d.Set("tags", *rOut.Tags) + if err != nil { + return err + } + } + if rOut.ItemTargetsAssoc != nil { + targetName := common.GetTargetName(rOut.ItemTargetsAssoc) + err = d.Set("target_name", targetName) + if err != nil { + return err + } + } + if rOut.SfAccount != nil { + err = d.Set("account", *rOut.SfAccount) + if err != nil { + return err + } + } + if rOut.DbUserName != nil { + err = d.Set("account_username", *rOut.DbUserName) + if err != nil { + return err + } + } + if rOut.DbPwd != nil { + err = d.Set("account_password", *rOut.DbPwd) + if err != nil { + return err + } + } + if rOut.SfUserRole != nil { + err = d.Set("role", *rOut.SfUserRole) + if err != nil { + return err + } + } + if rOut.SfWarehouseName != nil { + err = d.Set("warehouse", *rOut.SfWarehouseName) + if err != nil { + return err + } + } + + d.SetId(path) + + return nil +} + +func resourceProducerSnowflakeUpdate(d *schema.ResourceData, m interface{}) error { + + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + var apiErr akeyless.GenericOpenAPIError + ctx := context.Background() + name := d.Get("name").(string) + targetName := d.Get("target_name").(string) + account := d.Get("account").(string) + accountUsername := d.Get("account_username").(string) + accountPassword := d.Get("account_password").(string) + dbName := d.Get("db_name").(string) + role := d.Get("role").(string) + warehouse := d.Get("warehouse").(string) + userTtl := d.Get("user_ttl").(string) + tagsSet := d.Get("tags").(*schema.Set) + tags := common.ExpandStringList(tagsSet.List()) + + body := akeyless.GatewayUpdateProducerSnowflake{ + Name: name, + Token: &token, + } + common.GetAkeylessPtr(&body.TargetName, targetName) + common.GetAkeylessPtr(&body.Account, account) + common.GetAkeylessPtr(&body.AccountUsername, accountUsername) + common.GetAkeylessPtr(&body.AccountPassword, accountPassword) + common.GetAkeylessPtr(&body.DbName, dbName) + common.GetAkeylessPtr(&body.Role, role) + common.GetAkeylessPtr(&body.Warehouse, warehouse) + common.GetAkeylessPtr(&body.UserTtl, userTtl) + common.GetAkeylessPtr(&body.Tags, tags) + + _, _, err := client.GatewayUpdateProducerSnowflake(ctx).Body(body).Execute() + if err != nil { + if errors.As(err, &apiErr) { + return fmt.Errorf("can't update : %v", string(apiErr.Body())) + } + return fmt.Errorf("can't update : %v", err) + } + + d.SetId(name) + + return nil +} + +func resourceProducerSnowflakeDelete(d *schema.ResourceData, m interface{}) error { + + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + deleteItem := akeyless.GatewayDeleteProducer{ + Token: &token, + Name: path, + } + + ctx := context.Background() + _, _, err := client.GatewayDeleteProducer(ctx).Body(deleteItem).Execute() + if err != nil { + return err + } + + return nil +} + +func resourceProducerSnowflakeImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + provider := m.(providerMeta) + client := *provider.client + token := *provider.token + + path := d.Id() + + item := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + ctx := context.Background() + _, _, err := client.GatewayGetProducer(ctx).Body(item).Execute() + if err != nil { + return nil, err + } + + err = d.Set("name", path) + if err != nil { + return nil, err + } + + return []*schema.ResourceData{d}, nil +} diff --git a/akeyless/resource_item_test.go b/akeyless/resource_item_test.go index 0a532b2..295e536 100644 --- a/akeyless/resource_item_test.go +++ b/akeyless/resource_item_test.go @@ -301,7 +301,6 @@ func TestSshCertResource(t *testing.T) { alg = "RSA1024" tags = ["t1", "t2"] } - resource "akeyless_ssh_cert_issuer" "%v" { name = "%v" ttl = "290" diff --git a/akeyless/resource_producer_test.go b/akeyless/resource_producer_test.go index 9a433b2..e4df607 100644 --- a/akeyless/resource_producer_test.go +++ b/akeyless/resource_producer_test.go @@ -7,24 +7,36 @@ import ( "testing" "github.com/akeylesslabs/akeyless-go/v3" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/stretchr/testify/assert" ) const ( - GITHUB_INSTALL_ID = 1234 - GITHUB_INSTALL_REPO = "XXXXXXXX" - GITHUB_APP_ID = 1234 - GITHUB_APP_KEY = "XXXXXXXX" - GCP_KEY = "XXXXXXXX" - GCP_SA_EMAIL = "XXXXXXXX" - GCP_TOKEN_SCOPES = "XXXXXXXX" - KEY = "XXXXXXXX" - PRODUCER_NAME = "terraform-tests/mysql_for_rs_test" - MYSQL_USERNAME = "XXXXXXXX" - MYSQL_PASSWORD = "XXXXXXXX" - MYSQL_HOST = "127.0.0.1" - MYSQL_PORT = "3306" - MYSQL_DBNAME = "XXXXXXXX" - K8S_HOST = "https://kubernetes.docker.internal:6443" + GCP_KEY = "XXXXXXXX" + GCP_SA_EMAIL = "XXXXXXXX" + GCP_TOKEN_SCOPES = "XXXXXXXX" + KEY = "XXXXXXXX" + PRODUCER_NAME = "terraform-tests/mysql_for_rs_test" + MYSQL_USERNAME = "XXXXXXXX" + MYSQL_PASSWORD = "XXXXXXXX" + MYSQL_HOST = "127.0.0.1" + MYSQL_PORT = "3306" + MYSQL_DBNAME = "XXXXXXXX" + K8S_HOST = "https://kubernetes.docker.internal:6443" + GITHUB_INSTALL_ID = 1234 + GITHUB_INSTALL_REPO = "XXXXXXXX" + GITHUB_APP_ID = 1234 + GITHUB_APP_KEY = "XXXXXXXX" + DOCKERHUB_USERNAME = "XXXXXXXX" + DOCKERHUB_PASSWORD = "XXXXXXXX" + DOCKERHUB_TOKEN_SCOPES = `"repo:read , repo:write"` + SF_ACCOUNT = "xx11111.us-east-2.aws" + SF_USERNAME = "xxxxxxxx" + SF_PASSWORD = "yyyyyyyy" + SF_DBNAME = "XXXXXXXX" + LDAP_PASS = "XXXXXXXX" + LDAP_CERT = "XXXXXXXX=" ) var ( @@ -49,6 +61,174 @@ var db_attr = fmt.Sprintf(` db_name = "%v" `, MYSQL_HOST, MYSQL_PORT, MYSQL_DBNAME) +func TestLdapProducerResource(t *testing.T) { + + t.Skip("for now the requested values are fictive") + + name := "ldap_test" + itemPath := testPath(name) + config := fmt.Sprintf(` + resource "akeyless_producer_ldap" "%v" { + name = "%v" + ldap_url = "ldap://127.0.0.1:10389" + bind_dn = "cn=admin,dc=planetexpress,dc=com" + bind_dn_password = "%v" + ldap_ca_cert = "%v" + user_dn = "ou=people,dc=planetexpress,dc=com" + } + data "akeyless_dynamic_secret" "secret" { + path = "%v" + depends_on = [ + akeyless_producer_ldap.%v, + ] + } + `, name, itemPath, LDAP_PASS, LDAP_CERT, itemPath, name) + + configUpdate := fmt.Sprintf(` + resource "akeyless_producer_ldap" "%v" { + name = "%v" + ldap_url = "ldap://127.0.0.1:10389" + bind_dn = "cn=admin,dc=planetexpress,dc=com" + bind_dn_password = "%v" + ldap_ca_cert = "%v" + user_dn = "ou=people,dc=planetexpress,dc=com" + user_attribute = "uid" + token_expiration = "10" + user_ttl = "10m" + tags = ["abc", "def"] + } + data "akeyless_dynamic_secret" "secret" { + path = "%v" + depends_on = [ + akeyless_producer_ldap.%v, + ] + } + `, name, itemPath, LDAP_PASS, LDAP_CERT, itemPath, name) + + tesItemResource(t, config, configUpdate, itemPath) +} + +func TestSnowflakeProducerResource(t *testing.T) { + + t.Skip("for now the requested values are fictive") + + name := "snowflake_test" + itemPath := testPath(name) + config := fmt.Sprintf(` + resource "akeyless_producer_snowflake" "%v" { + name = "%v" + account = "%v" + account_username = "%v" + account_password = "%v" + db_name = "%v" + warehouse = "aaaa" + role = "bbbb" + } + data "akeyless_dynamic_secret" "secret" { + path = "%v" + depends_on = [ + akeyless_producer_snowflake.%v, + ] + } + `, name, itemPath, SF_ACCOUNT, SF_USERNAME, SF_PASSWORD, SF_DBNAME, itemPath, name) + + configUpdate := fmt.Sprintf(` + resource "akeyless_producer_snowflake" "%v" { + name = "%v" + account = "%v" + account_username = "%v" + account_password = "%v" + db_name = "%v" + warehouse = "aaaaaa" + role = "bbbbbb" + user_ttl = "12h" + tags = ["aaa" , "bbb"] + } + data "akeyless_dynamic_secret" "secret" { + path = "%v" + depends_on = [ + akeyless_producer_snowflake.%v, + ] + } + `, name, itemPath, SF_ACCOUNT, SF_USERNAME, SF_PASSWORD, SF_DBNAME, itemPath, name) + + tesItemResource(t, config, configUpdate, itemPath) +} + +func TestRabbitMQProducerResource(t *testing.T) { + + t.Skip("not authorized to create producer on public gateway") + + name := "rabbitmq_test" + itemPath := testPath(name) + serverUrl := "http://127.0.0.1:15672" + + config := fmt.Sprintf(` + resource "akeyless_producer_rabbitmq" "%v" { + name = "%v" + rabbitmq_server_uri = "%v" + rabbitmq_user_conf_permission = ".*" + rabbitmq_user_write_permission = ".*" + rabbitmq_user_read_permission = ".*" + rabbitmq_admin_user = "guest" + rabbitmq_admin_pwd = "guest" + } + `, name, itemPath, serverUrl) + + configUpdate := fmt.Sprintf(` + resource "akeyless_producer_rabbitmq" "%v" { + name = "%v" + rabbitmq_server_uri = "%v" + rabbitmq_user_conf_permission = ".*" + rabbitmq_user_write_permission = ".*" + rabbitmq_user_read_permission = ".*" + rabbitmq_admin_user = "guest" + rabbitmq_admin_pwd = "guest" + tags = ["abc", "def"] + user_ttl = 80 + secure_access_enable = "true" + secure_access_web_browsing = "true" + secure_access_url = "http://blabla.com" + } + `, name, itemPath, serverUrl) + + tesItemResource(t, config, configUpdate, itemPath) +} + +func TestHanadbProducerResource(t *testing.T) { + + t.Skip("for now the requested values are fictive") + + name := "hanadb_test" + itemPath := testPath(name) + config := fmt.Sprintf(` + resource "akeyless_producer_hanadb" "%v" { + name = "%v" + hana_dbname = "XXXXXX" + hanadb_username = "YYYYYY" + hanadb_password = "12345678" + hanadb_host = "127.0.0.1" + hanadb_port = "30013" + } + `, name, itemPath) + + configUpdate := fmt.Sprintf(` + resource "akeyless_producer_hanadb" "%v" { + name = "%v" + hana_dbname = "XXXXXX" + hanadb_username = "YYYYYY" + hanadb_password = "12345678" + hanadb_host = "127.0.0.1" + hanadb_port = "30013" + secure_access_enable = "true" + secure_access_web = "true" + secure_access_host = ["http://abcdef.com"] + tags = ["aaa", "bbb"] + } + `, name, itemPath) + + tesItemResource(t, config, configUpdate, itemPath) +} func TestK8sProducerResource(t *testing.T) { t.Skip("for now the requested values are fictive") @@ -117,6 +297,33 @@ func TestGithubProducerResource(t *testing.T) { tesItemResource(t, config, configUpdate, itemPath) } +func TestDockerhubProducerResource(t *testing.T) { + + t.Skip("for now the requested values are fictive") + + name := "dockerhub_test" + itemPath := testPath(name) + config := fmt.Sprintf(` + resource "akeyless_producer_dockerhub" "%v" { + name = "%v" + dockerhub_username = "%v" + dockerhub_password = "%v" + } + `, name, itemPath, DOCKERHUB_USERNAME, DOCKERHUB_PASSWORD) + + configUpdate := fmt.Sprintf(` + resource "akeyless_producer_dockerhub" "%v" { + name = "%v" + dockerhub_username = "%v" + dockerhub_password = "%v" + tags = ["abc", "def"] + dockerhub_token_scopes = %v + } + `, name, itemPath, DOCKERHUB_USERNAME, DOCKERHUB_PASSWORD, DOCKERHUB_TOKEN_SCOPES) + + tesItemResource(t, config, configUpdate, itemPath) +} + func TestCustomProducerResource(t *testing.T) { t.Skip("must run with server listen the following addresses") @@ -320,3 +527,26 @@ func deleteProducer(client *akeyless.V2ApiService, token string) { fmt.Println("deleted", PRODUCER_NAME) } } + +func checkActiveStatusRemotely(t *testing.T, path string, isActive bool) resource.TestCheckFunc { + return func(s *terraform.State) error { + client := *testAccProvider.Meta().(providerMeta).client + token := *testAccProvider.Meta().(providerMeta).token + + gsvBody := akeyless.GatewayGetProducer{ + Name: path, + Token: &token, + } + + res, _, err := client.GatewayGetProducer(context.Background()).Body(gsvBody).Execute() + if err != nil { + return err + } + + assert.NoError(t, err) + assert.NotNil(t, res, "producer details must not be nil") + assert.NotNil(t, res.Active, "producer Active details must not be nil") + assert.Equal(t, isActive, *res.Active) + return nil + } +} diff --git a/akeyless/resource_target_test.go b/akeyless/resource_target_test.go index bb2529e..58cf24d 100644 --- a/akeyless/resource_target_test.go +++ b/akeyless/resource_target_test.go @@ -12,8 +12,11 @@ import ( ) func TestGithubTargetResource(t *testing.T) { - secretName := "github_test" - secretPath := testPath("terraform_tests") + t.Parallel() + secretName := "github_target_test" + secretPath := testPath(secretName) + deleteTarget(t, secretPath) + config := fmt.Sprintf(` resource "akeyless_target_github" "%v" { name = "%v" @@ -35,9 +38,36 @@ func TestGithubTargetResource(t *testing.T) { tesTargetResource(t, config, configUpdate, secretPath) } +func TestDockerhubTargetResource(t *testing.T) { + t.Parallel() + secretName := "dockerhub_target_test" + secretPath := testPath(secretName) + deleteTarget(t, secretPath) + + config := fmt.Sprintf(` + resource "akeyless_target_dockerhub" "%v" { + name = "%v" + dockerhub_username = "1234" + dockerhub_password = "abcd" + } + `, secretName, secretPath) + + configUpdate := fmt.Sprintf(` + resource "akeyless_target_dockerhub" "%v" { + name = "%v" + dockerhub_username = "5678" + dockerhub_password = "efgh" + comment = "bla bla" + } + `, secretName, secretPath) + + tesTargetResource(t, config, configUpdate, secretPath) +} + func TestAwsTargetResource(t *testing.T) { - secretName := "aws123" - secretPath := testPath("aws_target1") + t.Parallel() + secretName := "aws_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_aws" "%v" { name = "%v" @@ -58,8 +88,9 @@ func TestAwsTargetResource(t *testing.T) { } func TestAzureTargetResource(t *testing.T) { - secretName := "Azure123" - secretPath := testPath("Azure_target1") + t.Parallel() + secretName := "azure_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_azure" "%v" { name = "%v" @@ -84,8 +115,9 @@ func TestAzureTargetResource(t *testing.T) { } func TestWebTargetResource(t *testing.T) { - secretName := "web123" - secretPath := testPath("web_target1") + t.Parallel() + secretName := "web_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_web" "%v" { name = "%v" @@ -106,8 +138,9 @@ func TestWebTargetResource(t *testing.T) { } func TestSSHTargetResource(t *testing.T) { - secretName := "ssh123" - secretPath := testPath("ssh_target1") + t.Parallel() + secretName := "ssh_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_ssh" "%v" { name = "%v" @@ -132,8 +165,9 @@ func TestSSHTargetResource(t *testing.T) { } func TestArtifactoryTargetResource(t *testing.T) { - secretName := "artifactory123" - secretPath := testPath("artifactory_target1") + t.Parallel() + secretName := "artifactory_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_artifactory" "%v" { name = "%v" @@ -157,13 +191,14 @@ func TestArtifactoryTargetResource(t *testing.T) { } func TestGcpTargetResource(t *testing.T) { - secretName := "gcp123" - secretPath := testPath("gcp_target1") + t.Parallel() + secretName := "gcp_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_gcp" "%v" { name = "%v" gcp_sa_email = "XXXXXXX" - gcp_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KmDcjfruwSq6o5M8+Y3uiWpfNIU71KOWp19i/wWvPbmWgH8MzE+OECzI6Kh1Rp+x4ASDDHg3aDyUSUpGJoX9YvldyPISnp76J2HSlgMri+QQnae5JKC4mzTEdsNXbrw3hZceWuge22/yo4YfPbXmRl5S6Xam/etUqmxYCqUVR98gxu8tTPJAON3Ieg10lmw8DqL41V0+rScwAAacHed6RZzCCqegqmuX0Bqtt2zvwxCoQwS9rk62CrsySfsb1U/1CBzjRKULGCxOT1lVHLqX/IjpGPsgQZZAn0BfxNa/snhTgyp7LXFhBY5iVcMD0KwHy6PqVwdRQ1hZGW/xjidXwIDAQAB" + gcp_key = "XXXXXXXX" } `, secretName, secretPath) @@ -171,7 +206,7 @@ func TestGcpTargetResource(t *testing.T) { resource "akeyless_target_gcp" "%v" { name = "%v" gcp_sa_email = "YYYYYYY" - gcp_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KmDcjfruwSq6o5M8+Y3uiWpfNIU71KOWp19i/wWvPbmWgH8MzE+OECzI6Kh1Rp+x4ASDDHg3aDyUSUpGJoX9YvldyPISnp76J2HSlgMri+QQnae5JKC4mzTEdsNXbrw3hZceWuge22/yo4YfPbXmRl5S6Xam/etUqmxYCqUVR98gxu8tTPJAON3Ieg10lmw8DqL41V0+rScwAAacHed6RZzCCqegqmuX0Bqtt2zvwxCoQwS9rk62CrsySfsb1U/1CBzjRKULGCxOT1lVHLqX/IjpGPsgQZZAn0BfxNa/snhTgyp7LXFhBY5iVcMD0KwHy6PqVwdRQ1hZGW/xjidXwIDAQAB" + gcp_key = "XXXXXXXX" } `, secretName, secretPath) @@ -180,14 +215,15 @@ func TestGcpTargetResource(t *testing.T) { } func TestGkeTargetResource(t *testing.T) { - secretName := "gke123" - secretPath := testPath("gke_target1") + t.Parallel() + secretName := "gke_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_gke" "%v" { name = "%v" gke_service_account_email = "XXXXXXX" gke_cluster_endpoint = "https://akaka.com" - gke_cluster_cert = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KmDcjfruwSq6o5M8+Y3uiWpfNIU71KOWp19i/wWvPbmWgH8MzE+OECzI6Kh1Rp+x4ASDDHg3aDyUSUpGJoX9YvldyPISnp76J2HSlgMri+QQnae5JKC4mzTEdsNXbrw3hZceWuge22/yo4YfPbXmRl5S6Xam/etUqmxYCqUVR98gxu8tTPJAON3Ieg10lmw8DqL41V0+rScwAAacHed6RZzCCqegqmuX0Bqtt2zvwxCoQwS9rk62CrsySfsb1U/1CBzjRKULGCxOT1lVHLqX/IjpGPsgQZZAn0BfxNa/snhTgyp7LXFhBY5iVcMD0KwHy6PqVwdRQ1hZGW/xjidXwIDAQAB" + gke_cluster_cert = "XXXXXXXX" gke_account_key = "qwdwd" gke_cluster_name = "dddd" } @@ -198,7 +234,7 @@ func TestGkeTargetResource(t *testing.T) { name = "%v" gke_service_account_email = "XXXXXXX2" gke_cluster_endpoint = "https://akakad.com" - gke_cluster_cert = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KmDcjfruwSq6o5M8+Y3uiWpfNIU71KOWp19i/wWvPbmWgH8MzE+OECzI6Kh1Rp+x4ASDDHg3aDyUSUpGJoX9YvldyPISnp76J2HSlgMri+QQnae5JKC4mzTEdsNXbrw3hZceWuge22/yo4YfPbXmRl5S6Xam/etUqmxYCqUVR98gxu8tTPJAON3Ieg10lmw8DqL41V0+rScwAAacHed6RZzCCqegqmuX0Bqtt2zvwxCoQwS9rk62CrsySfsb1U/1CBzjRKULGCxOT1lVHLqX/IjpGPsgQZZAn0BfxNa/snhTgyp7LXFhBY5iVcMD0KwHy6PqVwdRQ1hZGW/xjidXwIDAQAB" + gke_cluster_cert = "XXXXXXXX" gke_account_key = "qwdwd" gke_cluster_name = "dddd" } @@ -208,13 +244,14 @@ func TestGkeTargetResource(t *testing.T) { } func TestK8sTargetResource(t *testing.T) { - secretName := "k8s123" - secretPath := testPath("k8s_target1") + t.Parallel() + secretName := "k8s_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_k8s" "%v" { name = "%v" k8s_cluster_endpoint = "https://akakad.com" - k8s_cluster_ca_cert = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KmDcjfruwSq6o5M8+Y3uiWpfNIU71KOWp19i/wWvPbmWgH8MzE+OECzI6Kh1Rp+x4ASDDHg3aDyUSUpGJoX9YvldyPISnp76J2HSlgMri+QQnae5JKC4mzTEdsNXbrw3hZceWuge22/yo4YfPbXmRl5S6Xam/etUqmxYCqUVR98gxu8tTPJAON3Ieg10lmw8DqL41V0+rScwAAacHed6RZzCCqegqmuX0Bqtt2zvwxCoQwS9rk62CrsySfsb1U/1CBzjRKULGCxOT1lVHLqX/IjpGPsgQZZAn0BfxNa/snhTgyp7LXFhBY5iVcMD0KwHy6PqVwdRQ1hZGW/xjidXwIDAQAB" + k8s_cluster_ca_cert = "XXXXXXXX" k8s_cluster_token = "djsdkjdkjdhcj" } `, secretName, secretPath) @@ -223,7 +260,7 @@ func TestK8sTargetResource(t *testing.T) { resource "akeyless_target_k8s" "%v" { name = "%v" k8s_cluster_endpoint = "https://akakad.com" - k8s_cluster_ca_cert = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KmDcjfruwSq6o5M8+Y3uiWpfNIU71KOWp19i/wWvPbmWgH8MzE+OECzI6Kh1Rp+x4ASDDHg3aDyUSUpGJoX9YvldyPISnp76J2HSlgMri+QQnae5JKC4mzTEdsNXbrw3hZceWuge22/yo4YfPbXmRl5S6Xam/etUqmxYCqUVR98gxu8tTPJAON3Ieg10lmw8DqL41V0+rScwAAacHed6RZzCCqegqmuX0Bqtt2zvwxCoQwS9rk62CrsySfsb1U/1CBzjRKULGCxOT1lVHLqX/IjpGPsgQZZAn0BfxNa/snhTgyp7LXFhBY5iVcMD0KwHy6PqVwdRQ1hZGW/xjidXwIDAQAB" + k8s_cluster_ca_cert = "XXXXXXXX" k8s_cluster_token = "djsdkjdkjdhcjs" } `, secretName, secretPath) @@ -233,8 +270,9 @@ func TestK8sTargetResource(t *testing.T) { } func TestDbTargetResource(t *testing.T) { - secretName := "Db123" - secretPath := testPath("db_target1") + t.Parallel() + secretName := "mysql_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_db" "%v" { name = "%v" @@ -264,14 +302,15 @@ func TestDbTargetResource(t *testing.T) { } func TestEksTargetResource(t *testing.T) { - secretName := "eks123" - secretPath := testPath("eks_target1") + t.Parallel() + secretName := "eks_target_test" + secretPath := testPath(secretName) config := fmt.Sprintf(` resource "akeyless_target_eks" "%v" { name = "%v" eks_cluster_name = "XXXXXXX" eks_cluster_endpoint = "https://jjjj.com" - eks_cluster_ca_cert = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KmDcjfruwSq6o5M8+Y3uiWpfNIU71KOWp19i/wWvPbmWgH8MzE+OECzI6Kh1Rp+x4ASDDHg3aDyUSUpGJoX9YvldyPISnp76J2HSlgMri+QQnae5JKC4mzTEdsNXbrw3hZceWuge22/yo4YfPbXmRl5S6Xam/etUqmxYCqUVR98gxu8tTPJAON3Ieg10lmw8DqL41V0+rScwAAacHed6RZzCCqegqmuX0Bqtt2zvwxCoQwS9rk62CrsySfsb1U/1CBzjRKULGCxOT1lVHLqX/IjpGPsgQZZAn0BfxNa/snhTgyp7LXFhBY5iVcMD0KwHy6PqVwdRQ1hZGW/xjidXwIDAQAB" + eks_cluster_ca_cert = "XXXXXXXX" eks_access_key_id = "eks_access_key_id" eks_secret_access_key = "ddjdjdj" } @@ -282,7 +321,7 @@ func TestEksTargetResource(t *testing.T) { name = "%v" eks_cluster_name = "XXXXXXX" eks_cluster_endpoint = "https://jjjj.com" - eks_cluster_ca_cert = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KmDcjfruwSq6o5M8+Y3uiWpfNIU71KOWp19i/wWvPbmWgH8MzE+OECzI6Kh1Rp+x4ASDDHg3aDyUSUpGJoX9YvldyPISnp76J2HSlgMri+QQnae5JKC4mzTEdsNXbrw3hZceWuge22/yo4YfPbXmRl5S6Xam/etUqmxYCqUVR98gxu8tTPJAON3Ieg10lmw8DqL41V0+rScwAAacHed6RZzCCqegqmuX0Bqtt2zvwxCoQwS9rk62CrsySfsb1U/1CBzjRKULGCxOT1lVHLqX/IjpGPsgQZZAn0BfxNa/snhTgyp7LXFhBY5iVcMD0KwHy6PqVwdRQ1hZGW/xjidXwIDAQAB" + eks_cluster_ca_cert = "XXXXXXXX" eks_access_key_id = "eks_access_key_id" eks_secret_access_key = "ddjdjdj" }