Merge commit

GitOrigin-RevId: db442721580ae5b99d08aac0645522730bb8ec84
strongdm · Apr 26, 2021 · db58219 · db58219
1 parent 5583854
commit db58219
Show file tree

Hide file tree

Showing 19 changed files with 3,759 additions and 4,156 deletions.
diff --git a/docs/resources/resource.md b/docs/resources/resource.md
@@ -587,15 +587,19 @@ The following arguments are supported by the Resource resource:
 	* `name` - (Required) Unique human-readable name of the Resource.
 	* `secret_store_id` - (Optional) ID of the secret store containing credentials for this resource, if any.
 	* `hostname` - (Required) 
-	* `username` - (Required) 
+	* `username` - (Optional) 
+	* `secret_store_username_path` - (Optional)
+	* `secret_store_username_key` - (Optional)
 	* `port` - (Required) 
 	* `port_forwarding` - (Optional) 
 	* `allow_deprecated_key_exchanges` - (Optional) 
 * ssh_cert:
 	* `name` - (Required) Unique human-readable name of the Resource.
 	* `secret_store_id` - (Optional) ID of the secret store containing credentials for this resource, if any.
 	* `hostname` - (Required) 
-	* `username` - (Required) 
+	* `username` - (Optional) 
+	* `secret_store_username_path` - (Optional)
+	* `secret_store_username_key` - (Optional)
 	* `port` - (Required) 
 	* `port_forwarding` - (Optional) 
 	* `allow_deprecated_key_exchanges` - (Optional) 

diff --git a/go.mod b/go.mod
@@ -7,6 +7,6 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway v1.13.0 // indirect
 	github.com/hashicorp/terraform-plugin-sdk v1.16.0
 	github.com/hashicorp/terraform-plugin-test v1.2.0 // indirect
-	github.com/strongdm/strongdm-sdk-go v0.9.24
+	github.com/strongdm/strongdm-sdk-go v0.9.25
 	google.golang.org/protobuf v1.25.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -317,8 +317,8 @@ github.com/strongdm/strongdm-sdk-go v0.9.20 h1:yHKBiKze0Q/NuykL3TLfvk2AR9FG2scZg
 github.com/strongdm/strongdm-sdk-go v0.9.20/go.mod h1:X5SMmakW9iBWArxTXrSh0gmUmkMP3HLaYSTCnu9/WKA=
 github.com/strongdm/strongdm-sdk-go v0.9.21 h1:x09Fd2s0sGP4avjh/aWwk7Wk6jdfhbHHfHrVxtgLmuE=
 github.com/strongdm/strongdm-sdk-go v0.9.21/go.mod h1:rXX9x9j6IgGYyjWjAzMjh2PTMRZsH0/eKCuzUi10xok=
-github.com/strongdm/strongdm-sdk-go v0.9.24 h1:ZlIc76+ej3TbBIyktAV3X4CtbEnYx/LHTI/9Id82jyQ=
-github.com/strongdm/strongdm-sdk-go v0.9.24/go.mod h1:rXX9x9j6IgGYyjWjAzMjh2PTMRZsH0/eKCuzUi10xok=
+github.com/strongdm/strongdm-sdk-go v0.9.25 h1:fjIW+EVEzkteg7IwvW7DN20lw0x4ndgMK1vacO3nes0=
+github.com/strongdm/strongdm-sdk-go v0.9.25/go.mod h1:rXX9x9j6IgGYyjWjAzMjh2PTMRZsH0/eKCuzUi10xok=
 github.com/ulikunitz/xz v0.5.5 h1:pFrO0lVpTBXLpYw+pnLj6TbvHuyjXMfjGeCwSqCVwok=
 github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
 github.com/ulikunitz/xz v0.5.7 h1:YvTNdFzX6+W5m9msiYg/zpkSURPPtOlzbqYjrFn7Yt4=

diff --git a/sdm/resource_resource.go b/sdm/resource_resource.go
@@ -3410,9 +3410,17 @@ func resourceResource() *schema.Resource {
 						},
 						"username": {
 							Type:        schema.TypeString,
-							Required:    true,
+							Optional:    true,
 							Description: "",
 						},
+						"secret_store_username_path": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"secret_store_username_key": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
 						"port": {
 							Type:        schema.TypeInt,
 							Required:    true,
@@ -3468,9 +3476,17 @@ func resourceResource() *schema.Resource {
 						},
 						"username": {
 							Type:        schema.TypeString,
-							Required:    true,
+							Optional:    true,
 							Description: "",
 						},
+						"secret_store_username_path": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"secret_store_username_key": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
 						"port": {
 							Type:        schema.TypeInt,
 							Required:    true,
@@ -5363,10 +5379,23 @@ func secretStoreValuesForResource(d *schema.ResourceData) (map[string]string, er
 		}
 		_ = raw
 		if seID := raw["secret_store_id"]; seID != nil && seID.(string) != "" {
+			if v := raw["username"]; v != nil && v.(string) != "" {
+				return nil, fmt.Errorf("raw credential username cannot be combined with secret_store_id")
+			}
 		} else {
+			if v := raw["secret_store_username_path"]; v != nil && v.(string) != "" {
+				return nil, fmt.Errorf("secret store credential secret_store_username_path must be combined with secret_store_id")
+			}
+			if v := raw["secret_store_username_key"]; v != nil && v.(string) != "" {
+				return nil, fmt.Errorf("secret store credential secret_store_username_key must be combined with secret_store_id")
+			}
 		}
 
-		return map[string]string{}, nil
+		return map[string]string{
+			"username":                   convertStringFromMap(raw, "username"),
+			"secret_store_username_path": convertStringFromMap(raw, "secret_store_username_path"),
+			"secret_store_username_key":  convertStringFromMap(raw, "secret_store_username_key"),
+		}, nil
 	}
 	if list := d.Get("ssh_cert").([]interface{}); len(list) > 0 {
 		raw, ok := list[0].(map[string]interface{})
@@ -5375,10 +5404,23 @@ func secretStoreValuesForResource(d *schema.ResourceData) (map[string]string, er
 		}
 		_ = raw
 		if seID := raw["secret_store_id"]; seID != nil && seID.(string) != "" {
+			if v := raw["username"]; v != nil && v.(string) != "" {
+				return nil, fmt.Errorf("raw credential username cannot be combined with secret_store_id")
+			}
 		} else {
+			if v := raw["secret_store_username_path"]; v != nil && v.(string) != "" {
+				return nil, fmt.Errorf("secret store credential secret_store_username_path must be combined with secret_store_id")
+			}
+			if v := raw["secret_store_username_key"]; v != nil && v.(string) != "" {
+				return nil, fmt.Errorf("secret store credential secret_store_username_key must be combined with secret_store_id")
+			}
 		}
 
-		return map[string]string{}, nil
+		return map[string]string{
+			"username":                   convertStringFromMap(raw, "username"),
+			"secret_store_username_path": convertStringFromMap(raw, "secret_store_username_path"),
+			"secret_store_username_key":  convertStringFromMap(raw, "secret_store_username_key"),
+		}, nil
 	}
 	if list := d.Get("sybase").([]interface{}); len(list) > 0 {
 		raw, ok := list[0].(map[string]interface{})
@@ -6751,6 +6793,9 @@ func convertResourceFromResourceData(d *schema.ResourceData) sdm.Resource {
 			PortForwarding:              convertBoolFromMap(raw, "port_forwarding"),
 			AllowDeprecatedKeyExchanges: convertBoolFromMap(raw, "allow_deprecated_key_exchanges"),
 		}
+		if out.Username == "" {
+			out.Username = fullSecretStorePath(raw, "username")
+		}
 		return out
 	}
 	if list := d.Get("ssh_cert").([]interface{}); len(list) > 0 {
@@ -6769,6 +6814,9 @@ func convertResourceFromResourceData(d *schema.ResourceData) sdm.Resource {
 			PortForwarding:              convertBoolFromMap(raw, "port_forwarding"),
 			AllowDeprecatedKeyExchanges: convertBoolFromMap(raw, "allow_deprecated_key_exchanges"),
 		}
+		if out.Username == "" {
+			out.Username = fullSecretStorePath(raw, "username")
+		}
 		return out
 	}
 	if list := d.Get("sybase").([]interface{}); len(list) > 0 {
@@ -7773,7 +7821,9 @@ func resourceResourceCreate(d *schema.ResourceData, cc *sdm.Client) error {
 				"tags":                           convertTagsToMap(v.Tags),
 				"secret_store_id":                (v.SecretStoreID),
 				"hostname":                       (v.Hostname),
-				"username":                       (v.Username),
+				"username":                       seValues["username"],
+				"secret_store_username_path":     seValues["secret_store_username_path"],
+				"secret_store_username_key":      seValues["secret_store_username_key"],
 				"port":                           (v.Port),
 				"public_key":                     (v.PublicKey),
 				"port_forwarding":                (v.PortForwarding),
@@ -7789,7 +7839,9 @@ func resourceResourceCreate(d *schema.ResourceData, cc *sdm.Client) error {
 				"tags":                           convertTagsToMap(v.Tags),
 				"secret_store_id":                (v.SecretStoreID),
 				"hostname":                       (v.Hostname),
-				"username":                       (v.Username),
+				"username":                       seValues["username"],
+				"secret_store_username_path":     seValues["secret_store_username_path"],
+				"secret_store_username_key":      seValues["secret_store_username_key"],
 				"port":                           (v.Port),
 				"port_forwarding":                (v.PortForwarding),
 				"allow_deprecated_key_exchanges": (v.AllowDeprecatedKeyExchanges),
@@ -8910,7 +8962,9 @@ func resourceResourceRead(d *schema.ResourceData, cc *sdm.Client) error {
 				"tags":                           convertTagsToMap(v.Tags),
 				"secret_store_id":                (v.SecretStoreID),
 				"hostname":                       (v.Hostname),
-				"username":                       (v.Username),
+				"username":                       seValues["username"],
+				"secret_store_username_path":     seValues["secret_store_username_path"],
+				"secret_store_username_key":      seValues["secret_store_username_key"],
 				"port":                           (v.Port),
 				"public_key":                     (v.PublicKey),
 				"port_forwarding":                (v.PortForwarding),
@@ -8929,7 +8983,9 @@ func resourceResourceRead(d *schema.ResourceData, cc *sdm.Client) error {
 				"tags":                           convertTagsToMap(v.Tags),
 				"secret_store_id":                (v.SecretStoreID),
 				"hostname":                       (v.Hostname),
-				"username":                       (v.Username),
+				"username":                       seValues["username"],
+				"secret_store_username_path":     seValues["secret_store_username_path"],
+				"secret_store_username_key":      seValues["secret_store_username_key"],
 				"port":                           (v.Port),
 				"port_forwarding":                (v.PortForwarding),
 				"allow_deprecated_key_exchanges": (v.AllowDeprecatedKeyExchanges),