add insecure attribute to provider block

frankgreco · Jan 6, 2022 · 817bca8 · 817bca8
1 parent 40a9714
commit 817bca8
Show file tree

Hide file tree

Showing 10 changed files with 77 additions and 89 deletions.
diff --git a/Makefile b/Makefile
@@ -38,7 +38,7 @@ fmt:
 define docs-generate-sum
 	rm -f $@; \
 	( \
-		find docs -type f -print0 | xargs -0 sha256sum; \
+		find internal/provider examples -type f -not -ipath '*terraform*' -print0 | xargs -0 sha256sum; \
 	) | sort -k 2 > $@
 endef
 

diff --git a/docs-generate.sum b/docs-generate.sum
@@ -1,7 +1,14 @@
-ee05104d015d6a1437643375d7b64f77d9c11d70fc644cc2499ed6da1f6e4344  docs/data-sources/interface_ethernet.md
-2d18e7b12d28bfec440cc10f6bfd0b4a919f5ee71f12cfc98ba01ce1f0c856c6  docs/guides/firewall.md
-17bc354f563cff1f4e177117b70b1d9c3d7f2de71ff7e872ed057216b2a998ae  docs/index.md
-775b2745cac96297b8255699044ea3943c205cd6f9e3e900d79f4fb96f52670d  docs/resources/firewall_address_group.md
-37c545b6a422bdfbd23743fa03f341b4a21a8b17142a5b8e94c33403ba0637d8  docs/resources/firewall_port_group.md
-36e27475bf249dd9a5935032e530bdd0bf4e6f812f59715c7b2a66cdf8b10256  docs/resources/firewall_ruleset.md
-8792f3c59a98301b12ac0683d49695b2a322e4b24f1cc834c9c25cbb3b588601  docs/resources/firewall_ruleset_attachment.md
+f741a688e5973f20960b5de956c20a096d66cd50281f0261c59beb8826b419d3  examples/guides/firewall/main.tf
+eab1a030f9c109d699a611e154f311dbf86809cb8183f030f7461b317817885f  examples/guides/firewall/provider.tf
+eda7df5a60670b66c70593ed249e00c2fa8c5689b1c4f968b4f4935e698b4a4e  examples/provider/provider.tf
+b4adaf9436fc082f07eff9034c2c2724690f878dede27f67ea9cee2670f9c781  examples/provider/variables.tf
+7a5b822b354000fc42a33422d9cb1a5876c48e85ba8cae1b1c7634aeda2a90a8  examples/resources/edge_firewall_address_group/resource.tf
+9504ac84127e30cf43b7d70f778cd2381f9a50e4f5e5af738a6cc3c723be994b  examples/resources/edge_firewall_port_group/resource.tf
+b1f2408d091ce25db324114e0f39d31e2c6d3951224b40ad36c8a95fec0f96bb  examples/resources/edge_firewall_ruleset/resource.tf
+8d60606a0462636c3aee7b4124b512b2b508fbb64cc7ffcbceaed096c69b4891  examples/resources/edge_firewall_ruleset_attachment/resource.tf
+b2420f099cf97751d48792aba9eb1100af5b96004f9d1a89c09f66878fc5cf88  internal/provider/data_interface_ethernet.go
+7b2a75eebbabb42c7c882cfdc52df88dd7ce584f882633e3438b965f3808f628  internal/provider/provider.go
+0bc5533d48fcc9ea468717a7fdf9315452a1cb1fcffcbedb199c991d0b09dd09  internal/provider/resource_firewall_address_group.go
+b37b3f5d2f78559d49bf87b17f017f0ac6a1efd2dc94e5b06f61d424bc91d74a  internal/provider/resource_firewall_port_group.go
+8d5cce735e7fe51a4e806b4342db39d59c599e95120ea25d94f29b805eaef2b2  internal/provider/resource_firewall_ruleset.go
+0d6acb6d48a3def6e2fd18e11998264895a395eb6d754be1184d36a28506d72f  internal/provider/resource_firewall_ruleset_attachment.go
diff --git a/docs/guides/firewall.md b/docs/guides/firewall.md
@@ -69,7 +69,7 @@ resource "edge_firewall_ruleset" "router" {
     destination = {
       address_group = edge_firewall_address_group.router.name
       port = {
-          from = 22
+          from = 23
           to   = 22
       }
     }
@@ -80,11 +80,6 @@ resource "edge_firewall_ruleset" "router" {
   }
 }
 
-// resource "edge_firewall_ruleset_attachment" "eth1" {
-//   interface = data.edge_interface_ethernet.eth1.id 
-//   in        = edge_firewall_ruleset.router.name
-// }
-
 resource "edge_firewall_ruleset_attachment" "eth2" {
   interface = data.edge_interface_ethernet.eth2.id 
   in        = edge_firewall_ruleset.router.name

diff --git a/docs/index.md b/docs/index.md
@@ -20,6 +20,7 @@ provider "edge" {
 	username = var.username # optionally use EDGE_USERNAME env var
 	password = var.password # optionally use EDGE_PASSWORD env var
 	host  	 = var.host     # optionally use EDGE_HOST env var
+	insecure = var.insecure # optionally use EDGE_INSECURE env var
 }
 ```
 
@@ -29,5 +30,6 @@ provider "edge" {
 ### Optional
 
 - **host** (String) Edge router URL. Can be set with `EDGE_HOST`.
+- **insecure** (Boolean) Specify if the connection to the Edge configuration API should be insecure. Can be set with `EDGE_INSECURE`.
 - **password** (String, Sensitive) Admin password. Can be set with `EDGE_PASSWORD`.
 - **username** (String) Admin username. Can be set with `EDGE_USERNAME`.
diff --git a/examples/guides/firewall/main.tf b/examples/guides/firewall/main.tf
@@ -70,11 +70,6 @@ resource "edge_firewall_ruleset" "router" {
   }
 }
 
-// resource "edge_firewall_ruleset_attachment" "eth1" {
-//   interface = data.edge_interface_ethernet.eth1.id 
-//   in        = edge_firewall_ruleset.router.name
-// }
-
 resource "edge_firewall_ruleset_attachment" "eth2" {
   interface = data.edge_interface_ethernet.eth2.id 
   in        = edge_firewall_ruleset.router.name

diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf
@@ -2,4 +2,5 @@ provider "edge" {
 	username = var.username # optionally use EDGE_USERNAME env var
 	password = var.password # optionally use EDGE_PASSWORD env var
 	host  	 = var.host     # optionally use EDGE_HOST env var
+	insecure = var.insecure # optionally use EDGE_INSECURE env var
 }
diff --git a/examples/provider/variables.tf b/examples/provider/variables.tf
@@ -6,3 +6,6 @@ variable "password" {
 
 variable "host" {
 }
+
+variable "insecure" {
+}
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module terraform-provider-edge
 go 1.17
 
 require (
-	github.com/frankgreco/edge-sdk-go v0.0.2-pre
+	github.com/frankgreco/edge-sdk-go v0.0.3-pre
 	github.com/frankgreco/terraform-helpers v0.0.3
 	github.com/hashicorp/terraform-plugin-docs v0.5.1
 	github.com/hashicorp/terraform-plugin-framework v0.5.0

diff --git a/go.sum b/go.sum
@@ -90,8 +90,8 @@ github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMi
 github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/frankgreco/edge-sdk-go v0.0.2-pre h1:2PjG3IyHqKfjblZa4Gzn85gqHgaYO7Q+1fvP/NWQBVY=
-github.com/frankgreco/edge-sdk-go v0.0.2-pre/go.mod h1:6dXH12TAP9AOlXclxvW07g6iPNCKzXgu/P24gnLEJG4=
+github.com/frankgreco/edge-sdk-go v0.0.3-pre h1:b+gNKjwf/IatsOG90AesKUJqg2TvNWemKkXipckPMe0=
+github.com/frankgreco/edge-sdk-go v0.0.3-pre/go.mod h1:h80Cd6jYEernY5npZ61MfTkOVYbb+ZpESHORiSW8Hrk=
 github.com/frankgreco/terraform-helpers v0.0.3 h1:lEioSyQbNceHtbMVhvtXHKOsic/AFQBiLnO+xzwF30Q=
 github.com/frankgreco/terraform-helpers v0.0.3/go.mod h1:79y65pMEZynGziywfr2Okre0y66TAEy65nydLE4rMzs=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -2,7 +2,9 @@ package provider
 
 import (
 	"context"
+	"fmt"
 	"os"
+	"strings"
 
 	"github.com/frankgreco/edge-sdk-go"
 
@@ -46,6 +48,11 @@ The Edge provider provides the ability to configure a Ubiquiti Edge device.
 				Sensitive:   true,
 				Description: "Admin password. Can be set with `EDGE_PASSWORD`.",
 			},
+			"insecure": {
+				Type:        types.BoolType,
+				Optional:    true,
+				Description: "Specify if the connection to the Edge configuration API should be insecure. Can be set with `EDGE_INSECURE`.",
+			},
 		},
 	}, nil
 }
@@ -54,99 +61,59 @@ type providerData struct {
 	Username types.String `tfsdk:"username"`
 	Host     types.String `tfsdk:"host"`
 	Password types.String `tfsdk:"password"`
+	Insecure types.Bool   `tfsdk:"insecure"`
 }
 
 func (p *provider) Configure(ctx context.Context, req tfsdk.ConfigureProviderRequest, resp *tfsdk.ConfigureProviderResponse) {
 	var config providerData
 	{
-		diags := req.Config.Get(ctx, &config)
-		resp.Diagnostics.Append(diags...)
+		resp.Diagnostics.Append(req.Config.Get(ctx, &config)...)
 		if resp.Diagnostics.HasError() {
 			return
 		}
 	}
 
-	var username string
-	{
-		if config.Username.Unknown {
-			resp.Diagnostics.AddWarning(
-				"Unable to create client",
-				"Cannot use unknown value as username",
-			)
-			return
-		}
-		if config.Username.Null {
-			username = os.Getenv("EDGE_USERNAME")
-		} else {
-			username = config.Username.Value
-		}
-
-		if username == "" {
-			resp.Diagnostics.AddError(
-				"Unable to find username",
-				"Username cannot be an empty string",
-			)
-			return
-		}
-	}
-
-	// User must provide a password to the provider
-	var password string
-	if config.Password.Unknown {
-		// Cannot connect to client with an unknown value
+	username, err := requiredString(config.Username, "username", "EDGE_USERNAME")
+	if err != nil {
 		resp.Diagnostics.AddError(
-			"Unable to create client",
-			"Cannot use unknown value as password",
+			"Unable to configure provider",
+			err.Error(),
 		)
-		return
 	}
 
-	if config.Password.Null {
-		password = os.Getenv("EDGE_PASSWORD")
-	} else {
-		password = config.Password.Value
-	}
-
-	if password == "" {
-		// Error vs warning - empty value must stop execution
+	password, err := requiredString(config.Password, "password", "EDGE_PASSWORD")
+	if err != nil {
 		resp.Diagnostics.AddError(
-			"Unable to find password",
-			"password cannot be an empty string",
+			"Unable to configure provider",
+			err.Error(),
 		)
-		return
 	}
 
-	// User must specify a host
-	var host string
-	if config.Host.Unknown {
-		// Cannot connect to client with an unknown value
+	host, err := requiredString(config.Host, "host", "EDGE_HOST")
+	if err != nil {
 		resp.Diagnostics.AddError(
-			"Unable to create client",
-			"Cannot use unknown value as host",
+			"Unable to configure provider",
+			err.Error(),
 		)
-		return
-	}
-
-	if config.Host.Null {
-		host = os.Getenv("EDGE_HOST")
-	} else {
-		host = config.Host.Value
 	}
 
-	if host == "" {
-		// Error vs warning - empty value must stop execution
-		resp.Diagnostics.AddError(
-			"Unable to find host",
-			"Host cannot be an empty string",
-		)
-		return
+	var insecure bool
+	{
+		if !config.Insecure.Null && !config.Insecure.Unknown {
+			insecure = config.Insecure.Value
+		}
+		if strings.ToUpper(os.Getenv("EDGE_INSECURE")) == "TRUE" {
+			insecure = true
+		} else if strings.ToUpper(os.Getenv("EDGE_INSECURE")) == "FALSE" {
+			insecure = false
+		}
 	}
 
-	c, err := edge.Login(host, username, password)
+	c, err := edge.Login(host, insecure, username, password)
 	if err != nil {
 		resp.Diagnostics.AddError(
-			"Unable to create client",
-			"Unable to create edge client:\n\n"+err.Error(),
+			"Unable to configure provider",
+			"Unable to create edge client: "+err.Error(),
 		)
 		return
 	}
@@ -169,3 +136,21 @@ func (p *provider) GetDataSources(_ context.Context) (map[string]tfsdk.DataSourc
 		"edge_interface_ethernet": dataSourceInterfaceEthernetType{},
 	}, nil
 }
+
+func requiredString(str types.String, name, env string) (string, error) {
+	if str.Unknown {
+		return "", fmt.Errorf("Cannot use unknown value for %s.", name)
+	}
+
+	val := str.Value
+
+	if str.Null {
+		val = os.Getenv(env)
+	}
+
+	if val == "" {
+		return "", fmt.Errorf("The provider attribute %s must be defined.", name)
+	}
+
+	return val, nil
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,3 +6,6 @@ variable "password" { @@
     variable "host" {
     }
+    variable "insecure" {
+    }