Skip to content

Commit

Permalink
Merge pull request #10 from programmigo/feature/add_attributes_to_def…
Browse files Browse the repository at this point in the history
…initions

Add attributes to kmi_definition resource
  • Loading branch information
harrydevnull authored Apr 1, 2024
2 parents ccc2896 + a1524bc commit f1337ae
Show file tree
Hide file tree
Showing 6 changed files with 92 additions and 66 deletions.
3 changes: 3 additions & 0 deletions docs/resources/definitions.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,12 @@ description: |-

### Optional

- `adders` (String) The group name of the admins who will manage the definition permissions. This can be set to the KMI account admin group.
- `azure_sp` (Attributes) The Azure Service Principal to create. (see [below for nested schema](#nestedatt--azure_sp))
- `b64encoded` (Boolean) Should the secret be Base64-encoded? If it's not set, then is "false"
- `modifiers` (String) The group name of the admins who will manage the definition permissions. This can be set to the KMI account admin group.
- `opaque` (String) The Opaque definition to create.
- `readers` (String) The group name of the admins who will read the definition
- `ssl_cert` (Attributes) The SSL certificate to create. (see [below for nested schema](#nestedatt--ssl_cert))
- `symmetric_key` (Attributes) (see [below for nested schema](#nestedatt--symmetric_key))
- `transparent` (String) The Transparent definition to create.
Expand Down
5 changes: 5 additions & 0 deletions examples/resources/kmi/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ output "collection_output" {
}

resource "kmi_definitions" "defn" {
readers = local.reader_groupname
adders = local.adder_groupname
modifiers = local.modifier_groupname
name = local.definition_name
collection_name = local.collection_name
opaque = jsonencode({
Expand All @@ -66,6 +69,7 @@ resource "kmi_definitions" "defn" {
}

resource "kmi_definitions" "ssl_defn" {
adders = local.adder_groupname
name = local.ssl_cert_definition_name
collection_name = local.collection_name
ssl_cert = {
Expand All @@ -74,6 +78,7 @@ resource "kmi_definitions" "ssl_defn" {
depends_on = [kmi_collections.collection]
}
resource "kmi_definitions" "az_defn" {
modifiers = local.modifier_groupname
name = local.azure_sp_definition_name
collection_name = local.collection_name
azure_sp = {
Expand Down
5 changes: 2 additions & 3 deletions internal/kmi/definitionclient.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,10 @@ import (
"net/http"
)

func (client *KMIRestClient) CreateDefinition(collectionName string, definitionName string, kmigenerator kmigenerator) error {
func (client *KMIRestClient) CreateDefinition(collectionName string, definitionName string, definition KMIDefinition) error {
idenityengineurl := fmt.Sprintf("%s/definition/Col=%s/Def=%s", client.Host, collectionName, definitionName)
fmt.Println(idenityengineurl)
out, err := kmigenerator.RequestPayload()
fmt.Printf("CreateDefinition payload %v\n", string(out))
out, err := xml.MarshalIndent(definition, " ", " ")
if err != nil {
return err
}
Expand Down
10 changes: 6 additions & 4 deletions internal/kmi/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,9 @@ type KMIGroup struct {
type KMIDefinition struct {
XMLName xml.Name `xml:"definition"`
Text string `xml:",chardata"`
Adders string `xml:"adders,omitempty"`
Modifiers string `xml:"modifiers,omitempty"`
Readers string `xml:"readers,omitempty"`
Type string `xml:"type,attr"`
ExpirePeriod string `xml:"expire_period,omitempty"`
RefreshPeriod string `xml:"refresh_period,omitempty"`
Expand All @@ -168,6 +171,9 @@ type KMIDefinition struct {
type KMIDefinitionResponse struct {
XMLName xml.Name `xml:"definition"`
Text string `xml:",chardata"`
Adders string `xml:"adders"`
Modifiers string `xml:"modifiers"`
Readers string `xml:"readers"`
Name string `xml:"name,attr"`
Source string `xml:"source,attr"`
Type string `xml:"type,attr"`
Expand All @@ -186,10 +192,6 @@ type KMIDefinitionResponse struct {
} `xml:"secret"`
}

type kmigenerator interface {
RequestPayload() ([]byte, error)
}

type BlockSecret struct {
XMLName xml.Name `xml:"secret"`
Text string `xml:",chardata"`
Expand Down
123 changes: 74 additions & 49 deletions internal/provider/definitions_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package provider
import (
"bytes"
"context"
"encoding/xml"
"fmt"
"regexp"
"terraform-provider-kmi/internal/kmi"
Expand Down Expand Up @@ -43,6 +42,18 @@ func (r *definitionsResource) Metadata(_ context.Context, req resource.MetadataR
func (r *definitionsResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
resp.Schema = schema.Schema{
Attributes: map[string]schema.Attribute{
"adders": schema.StringAttribute{
Optional: true,
Description: "The group name of the admins who will manage the definition permissions. This can be set to the KMI account admin group. ",
},
"modifiers": schema.StringAttribute{
Optional: true,
Description: "The group name of the admins who will manage the definition permissions. This can be set to the KMI account admin group. ",
},
"readers": schema.StringAttribute{
Optional: true,
Description: "The group name of the admins who will read the definition ",
},
"name": schema.StringAttribute{
Required: true,
Description: "The name of the definition to create. ",
Expand Down Expand Up @@ -171,6 +182,12 @@ func (r *definitionsResource) Create(ctx context.Context, req resource.CreateReq
return
}

definition := kmi.KMIDefinition{
Adders: plan.Adders.ValueString(),
Modifiers: plan.Modifiers.ValueString(),
Readers: plan.Readers.ValueString(),
}

var err error
if plan.SSLCert != nil {
tflog.Info(ctx, "SSl cert is not nil")
Expand All @@ -183,11 +200,11 @@ func (r *definitionsResource) Create(ctx context.Context, req resource.CreateReq

}

err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), plan.SSLCert)
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, plan.SSLCert)
}
if plan.SymetricKey != nil {
tflog.Info(ctx, "Symetric key is not nil")
err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), plan.SymetricKey)
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, plan.SymetricKey)
}
if plan.AzureSP != nil {
tflog.Info(ctx, "Azure SP is not nil")
Expand All @@ -206,12 +223,12 @@ func (r *definitionsResource) Create(ctx context.Context, req resource.CreateReq
)
return
}
err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), plan.AzureSP)
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, plan.AzureSP)
}

if !plan.Opaque.IsNull() {
tflog.Info(ctx, "Opaque is not nil")
err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), Opaque{})
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, Opaque{})
if err != nil {
resp.Diagnostics.AddError(
"Error creating Definition",
Expand Down Expand Up @@ -242,7 +259,7 @@ func (r *definitionsResource) Create(ctx context.Context, req resource.CreateReq
tflog.Info(ctx, "Transparent is not nil")
transparent := Transparent{}

err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), transparent)
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, transparent)
if err != nil {
resp.Diagnostics.AddError(
"Error creating Definition",
Expand Down Expand Up @@ -364,19 +381,25 @@ func (r *definitionsResource) Update(ctx context.Context, req resource.UpdateReq
return
}

definition := kmi.KMIDefinition{
Adders: plan.Adders.ValueString(),
Modifiers: plan.Modifiers.ValueString(),
Readers: plan.Readers.ValueString(),
}

var err error
if plan.SSLCert != nil {
err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), plan.SSLCert)
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, plan.SSLCert)
}
if plan.SymetricKey != nil {
err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), plan.SymetricKey)
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, plan.SymetricKey)
}
if plan.AzureSP != nil {
err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), plan.AzureSP)
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, plan.AzureSP)
}

if !plan.Opaque.IsNull() {
err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), Opaque{})
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, Opaque{})
if err != nil {
resp.Diagnostics.AddError(
"Error creating Definition",
Expand Down Expand Up @@ -408,7 +431,7 @@ func (r *definitionsResource) Update(ctx context.Context, req resource.UpdateReq
tflog.Info(ctx, "Transparent is not nil")
transparent := Transparent{}

err = r.client.CreateDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), transparent)
err = r.createDefinition(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), definition, transparent)
if err != nil {
resp.Diagnostics.AddError(
"Error creating Definition",
Expand Down Expand Up @@ -528,6 +551,9 @@ func boolStr(s bool) string {
}

type definitionResourceModel struct {
Adders types.String `tfsdk:"adders"`
Modifiers types.String `tfsdk:"modifiers"`
Readers types.String `tfsdk:"readers"`
DefinitionName types.String `tfsdk:"name"`
CollectionName types.String `tfsdk:"collection_name"`
LastUpdated types.String `tfsdk:"last_updated"`
Expand Down Expand Up @@ -559,25 +585,33 @@ func keySliceToList(ctx context.Context, keysSliceIn []DefinitionOption, diags *
return keys
}

type Opaque struct {
type kmigenerator interface {
RequestPayload(kmi.KMIDefinition) (kmi.KMIDefinition, error)
}

func (op Opaque) RequestPayload() ([]byte, error) {
defn := kmi.KMIDefinition{
Type: "opaque",
func (r *definitionsResource) createDefinition(collectionName string, definitionName string, definition kmi.KMIDefinition, kmigenerator kmigenerator) error {
out, err := kmigenerator.RequestPayload(definition)
fmt.Printf("CreateDefinition payload %v\n", out)
if err != nil {
return err
}
return xml.MarshalIndent(defn, "", "")
return r.client.CreateDefinition(collectionName, definitionName, out)
}

type Opaque struct {
}

func (op Opaque) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition, error) {
definition.Type = "opaque"
return definition, nil
}

type Transparent struct {
}

func (op Transparent) RequestPayload() ([]byte, error) {
defn := kmi.KMIDefinition{
Type: "transparent",
}
return xml.MarshalIndent(defn, "", "")
func (op Transparent) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition, error) {
definition.Type = "transparent"
return definition, nil
}

type SSLCert struct {
Expand All @@ -592,10 +626,10 @@ type SSLCert struct {
SignACLGroup types.String `tfsdk:"signaclgroup"`
}

func (s SSLCert) RequestPayload() ([]byte, error) {
func (s SSLCert) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition, error) {

if !s.Issuer.IsNull() && !s.IsCA.IsNull() {
return nil, fmt.Errorf("IsCA should not be set if Issuer is set ")
return kmi.KMIDefinition{}, fmt.Errorf("IsCA should not be set if Issuer is set ")
}

var options []*kmi.KMIOption
Expand Down Expand Up @@ -642,28 +676,22 @@ func (s SSLCert) RequestPayload() ([]byte, error) {
options = append(options, option)
}

defn := kmi.KMIDefinition{
AutoGenerate: boolStr(s.AutoGenerate.ValueBool()),
Type: "ssl_cert",
ExpirePeriod: s.ExpiryPeriod.ValueString(),
RefreshPeriod: s.RefreshPeriod.ValueString(),
Options: options,
}
return xml.MarshalIndent(defn, " ", " ")

definition.AutoGenerate = boolStr(s.AutoGenerate.ValueBool())
definition.Type = "ssl_cert"
definition.ExpirePeriod = s.ExpiryPeriod.ValueString()
definition.RefreshPeriod = s.RefreshPeriod.ValueString()
definition.Options = options
return definition, nil
}

type AzureSP struct {
AutoGenerate types.Bool `tfsdk:"auto_generate"`
}

func (sp AzureSP) RequestPayload() ([]byte, error) {
defn := kmi.KMIDefinition{
AutoGenerate: boolStr(sp.AutoGenerate.ValueBool()),
Type: "azure_sp",
}
return xml.MarshalIndent(defn, " ", " ")

func (sp AzureSP) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition, error) {
definition.AutoGenerate = boolStr(sp.AutoGenerate.ValueBool())
definition.Type = "azure_sp"
return definition, nil
}

type SymetricKey struct {
Expand All @@ -673,7 +701,7 @@ type SymetricKey struct {
KeySizeBytes types.Int64 `tfsdk:"key_size_bytes"`
}

func (sk SymetricKey) RequestPayload() ([]byte, error) {
func (sk SymetricKey) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition, error) {
var options []*kmi.KMIOption
if !sk.KeySizeBytes.IsNull() {
option := &kmi.KMIOption{
Expand All @@ -683,13 +711,10 @@ func (sk SymetricKey) RequestPayload() ([]byte, error) {
options = append(options, option)
}

defn := kmi.KMIDefinition{
AutoGenerate: boolStr(sk.AutoGenerate.ValueBool()),
Type: "symmetric_key",
ExpirePeriod: sk.ExpiryPeriod.ValueString(),
RefreshPeriod: sk.RefreshPeriod.ValueString(),
Options: options,
}
return xml.MarshalIndent(defn, " ", " ")

definition.AutoGenerate = boolStr(sk.AutoGenerate.ValueBool())
definition.Type = "symmetric_key"
definition.ExpirePeriod = sk.ExpiryPeriod.ValueString()
definition.RefreshPeriod = sk.RefreshPeriod.ValueString()
definition.Options = options
return definition, nil
}
Loading

0 comments on commit f1337ae

Please sign in to comment.