From 817bca8403a02bddb863e87e22e947a38c655ae6 Mon Sep 17 00:00:00 2001 From: "GRECO, FRANK" Date: Wed, 5 Jan 2022 18:20:16 -0600 Subject: [PATCH] add insecure attribute to provider block --- Makefile | 2 +- docs-generate.sum | 21 ++++-- docs/guides/firewall.md | 7 +- docs/index.md | 2 + examples/guides/firewall/main.tf | 5 -- examples/provider/provider.tf | 1 + examples/provider/variables.tf | 3 + go.mod | 2 +- go.sum | 4 +- internal/provider/provider.go | 119 ++++++++++++++----------------- 10 files changed, 77 insertions(+), 89 deletions(-) diff --git a/Makefile b/Makefile index 8becc20..cea272f 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ fmt: define docs-generate-sum rm -f $@; \ ( \ - find docs -type f -print0 | xargs -0 sha256sum; \ + find internal/provider examples -type f -not -ipath '*terraform*' -print0 | xargs -0 sha256sum; \ ) | sort -k 2 > $@ endef diff --git a/docs-generate.sum b/docs-generate.sum index adc188f..3433922 100644 --- a/docs-generate.sum +++ b/docs-generate.sum @@ -1,7 +1,14 @@ -ee05104d015d6a1437643375d7b64f77d9c11d70fc644cc2499ed6da1f6e4344 docs/data-sources/interface_ethernet.md -2d18e7b12d28bfec440cc10f6bfd0b4a919f5ee71f12cfc98ba01ce1f0c856c6 docs/guides/firewall.md -17bc354f563cff1f4e177117b70b1d9c3d7f2de71ff7e872ed057216b2a998ae docs/index.md -775b2745cac96297b8255699044ea3943c205cd6f9e3e900d79f4fb96f52670d docs/resources/firewall_address_group.md -37c545b6a422bdfbd23743fa03f341b4a21a8b17142a5b8e94c33403ba0637d8 docs/resources/firewall_port_group.md -36e27475bf249dd9a5935032e530bdd0bf4e6f812f59715c7b2a66cdf8b10256 docs/resources/firewall_ruleset.md -8792f3c59a98301b12ac0683d49695b2a322e4b24f1cc834c9c25cbb3b588601 docs/resources/firewall_ruleset_attachment.md +f741a688e5973f20960b5de956c20a096d66cd50281f0261c59beb8826b419d3 examples/guides/firewall/main.tf +eab1a030f9c109d699a611e154f311dbf86809cb8183f030f7461b317817885f examples/guides/firewall/provider.tf +eda7df5a60670b66c70593ed249e00c2fa8c5689b1c4f968b4f4935e698b4a4e examples/provider/provider.tf +b4adaf9436fc082f07eff9034c2c2724690f878dede27f67ea9cee2670f9c781 examples/provider/variables.tf +7a5b822b354000fc42a33422d9cb1a5876c48e85ba8cae1b1c7634aeda2a90a8 examples/resources/edge_firewall_address_group/resource.tf +9504ac84127e30cf43b7d70f778cd2381f9a50e4f5e5af738a6cc3c723be994b examples/resources/edge_firewall_port_group/resource.tf +b1f2408d091ce25db324114e0f39d31e2c6d3951224b40ad36c8a95fec0f96bb examples/resources/edge_firewall_ruleset/resource.tf +8d60606a0462636c3aee7b4124b512b2b508fbb64cc7ffcbceaed096c69b4891 examples/resources/edge_firewall_ruleset_attachment/resource.tf +b2420f099cf97751d48792aba9eb1100af5b96004f9d1a89c09f66878fc5cf88 internal/provider/data_interface_ethernet.go +7b2a75eebbabb42c7c882cfdc52df88dd7ce584f882633e3438b965f3808f628 internal/provider/provider.go +0bc5533d48fcc9ea468717a7fdf9315452a1cb1fcffcbedb199c991d0b09dd09 internal/provider/resource_firewall_address_group.go +b37b3f5d2f78559d49bf87b17f017f0ac6a1efd2dc94e5b06f61d424bc91d74a internal/provider/resource_firewall_port_group.go +8d5cce735e7fe51a4e806b4342db39d59c599e95120ea25d94f29b805eaef2b2 internal/provider/resource_firewall_ruleset.go +0d6acb6d48a3def6e2fd18e11998264895a395eb6d754be1184d36a28506d72f internal/provider/resource_firewall_ruleset_attachment.go diff --git a/docs/guides/firewall.md b/docs/guides/firewall.md index 17a81ea..dd89b5c 100644 --- a/docs/guides/firewall.md +++ b/docs/guides/firewall.md @@ -69,7 +69,7 @@ resource "edge_firewall_ruleset" "router" { destination = { address_group = edge_firewall_address_group.router.name port = { - from = 22 + from = 23 to = 22 } } @@ -80,11 +80,6 @@ resource "edge_firewall_ruleset" "router" { } } -// resource "edge_firewall_ruleset_attachment" "eth1" { -// interface = data.edge_interface_ethernet.eth1.id -// in = edge_firewall_ruleset.router.name -// } - resource "edge_firewall_ruleset_attachment" "eth2" { interface = data.edge_interface_ethernet.eth2.id in = edge_firewall_ruleset.router.name diff --git a/docs/index.md b/docs/index.md index 6532aa7..bc5b6ae 100644 --- a/docs/index.md +++ b/docs/index.md @@ -20,6 +20,7 @@ provider "edge" { username = var.username # optionally use EDGE_USERNAME env var password = var.password # optionally use EDGE_PASSWORD env var host = var.host # optionally use EDGE_HOST env var + insecure = var.insecure # optionally use EDGE_INSECURE env var } ``` @@ -29,5 +30,6 @@ provider "edge" { ### Optional - **host** (String) Edge router URL. Can be set with `EDGE_HOST`. +- **insecure** (Boolean) Specify if the connection to the Edge configuration API should be insecure. Can be set with `EDGE_INSECURE`. - **password** (String, Sensitive) Admin password. Can be set with `EDGE_PASSWORD`. - **username** (String) Admin username. Can be set with `EDGE_USERNAME`. diff --git a/examples/guides/firewall/main.tf b/examples/guides/firewall/main.tf index 79accb2..84e35cd 100644 --- a/examples/guides/firewall/main.tf +++ b/examples/guides/firewall/main.tf @@ -70,11 +70,6 @@ resource "edge_firewall_ruleset" "router" { } } -// resource "edge_firewall_ruleset_attachment" "eth1" { -// interface = data.edge_interface_ethernet.eth1.id -// in = edge_firewall_ruleset.router.name -// } - resource "edge_firewall_ruleset_attachment" "eth2" { interface = data.edge_interface_ethernet.eth2.id in = edge_firewall_ruleset.router.name diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf index 307c603..247345b 100644 --- a/examples/provider/provider.tf +++ b/examples/provider/provider.tf @@ -2,4 +2,5 @@ provider "edge" { username = var.username # optionally use EDGE_USERNAME env var password = var.password # optionally use EDGE_PASSWORD env var host = var.host # optionally use EDGE_HOST env var + insecure = var.insecure # optionally use EDGE_INSECURE env var } \ No newline at end of file diff --git a/examples/provider/variables.tf b/examples/provider/variables.tf index 8cb5573..d3c4f8b 100644 --- a/examples/provider/variables.tf +++ b/examples/provider/variables.tf @@ -6,3 +6,6 @@ variable "password" { variable "host" { } + +variable "insecure" { +} diff --git a/go.mod b/go.mod index 7e2cdb0..e42df21 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module terraform-provider-edge go 1.17 require ( - github.com/frankgreco/edge-sdk-go v0.0.2-pre + github.com/frankgreco/edge-sdk-go v0.0.3-pre github.com/frankgreco/terraform-helpers v0.0.3 github.com/hashicorp/terraform-plugin-docs v0.5.1 github.com/hashicorp/terraform-plugin-framework v0.5.0 diff --git a/go.sum b/go.sum index 21149fe..5d9a787 100644 --- a/go.sum +++ b/go.sum @@ -90,8 +90,8 @@ github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMi github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/frankgreco/edge-sdk-go v0.0.2-pre h1:2PjG3IyHqKfjblZa4Gzn85gqHgaYO7Q+1fvP/NWQBVY= -github.com/frankgreco/edge-sdk-go v0.0.2-pre/go.mod h1:6dXH12TAP9AOlXclxvW07g6iPNCKzXgu/P24gnLEJG4= +github.com/frankgreco/edge-sdk-go v0.0.3-pre h1:b+gNKjwf/IatsOG90AesKUJqg2TvNWemKkXipckPMe0= +github.com/frankgreco/edge-sdk-go v0.0.3-pre/go.mod h1:h80Cd6jYEernY5npZ61MfTkOVYbb+ZpESHORiSW8Hrk= github.com/frankgreco/terraform-helpers v0.0.3 h1:lEioSyQbNceHtbMVhvtXHKOsic/AFQBiLnO+xzwF30Q= github.com/frankgreco/terraform-helpers v0.0.3/go.mod h1:79y65pMEZynGziywfr2Okre0y66TAEy65nydLE4rMzs= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 0195ad1..8c9107c 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -2,7 +2,9 @@ package provider import ( "context" + "fmt" "os" + "strings" "github.com/frankgreco/edge-sdk-go" @@ -46,6 +48,11 @@ The Edge provider provides the ability to configure a Ubiquiti Edge device. Sensitive: true, Description: "Admin password. Can be set with `EDGE_PASSWORD`.", }, + "insecure": { + Type: types.BoolType, + Optional: true, + Description: "Specify if the connection to the Edge configuration API should be insecure. Can be set with `EDGE_INSECURE`.", + }, }, }, nil } @@ -54,99 +61,59 @@ type providerData struct { Username types.String `tfsdk:"username"` Host types.String `tfsdk:"host"` Password types.String `tfsdk:"password"` + Insecure types.Bool `tfsdk:"insecure"` } func (p *provider) Configure(ctx context.Context, req tfsdk.ConfigureProviderRequest, resp *tfsdk.ConfigureProviderResponse) { var config providerData { - diags := req.Config.Get(ctx, &config) - resp.Diagnostics.Append(diags...) + resp.Diagnostics.Append(req.Config.Get(ctx, &config)...) if resp.Diagnostics.HasError() { return } } - var username string - { - if config.Username.Unknown { - resp.Diagnostics.AddWarning( - "Unable to create client", - "Cannot use unknown value as username", - ) - return - } - if config.Username.Null { - username = os.Getenv("EDGE_USERNAME") - } else { - username = config.Username.Value - } - - if username == "" { - resp.Diagnostics.AddError( - "Unable to find username", - "Username cannot be an empty string", - ) - return - } - } - - // User must provide a password to the provider - var password string - if config.Password.Unknown { - // Cannot connect to client with an unknown value + username, err := requiredString(config.Username, "username", "EDGE_USERNAME") + if err != nil { resp.Diagnostics.AddError( - "Unable to create client", - "Cannot use unknown value as password", + "Unable to configure provider", + err.Error(), ) - return } - if config.Password.Null { - password = os.Getenv("EDGE_PASSWORD") - } else { - password = config.Password.Value - } - - if password == "" { - // Error vs warning - empty value must stop execution + password, err := requiredString(config.Password, "password", "EDGE_PASSWORD") + if err != nil { resp.Diagnostics.AddError( - "Unable to find password", - "password cannot be an empty string", + "Unable to configure provider", + err.Error(), ) - return } - // User must specify a host - var host string - if config.Host.Unknown { - // Cannot connect to client with an unknown value + host, err := requiredString(config.Host, "host", "EDGE_HOST") + if err != nil { resp.Diagnostics.AddError( - "Unable to create client", - "Cannot use unknown value as host", + "Unable to configure provider", + err.Error(), ) - return - } - - if config.Host.Null { - host = os.Getenv("EDGE_HOST") - } else { - host = config.Host.Value } - if host == "" { - // Error vs warning - empty value must stop execution - resp.Diagnostics.AddError( - "Unable to find host", - "Host cannot be an empty string", - ) - return + var insecure bool + { + if !config.Insecure.Null && !config.Insecure.Unknown { + insecure = config.Insecure.Value + } + if strings.ToUpper(os.Getenv("EDGE_INSECURE")) == "TRUE" { + insecure = true + } else if strings.ToUpper(os.Getenv("EDGE_INSECURE")) == "FALSE" { + insecure = false + } } - c, err := edge.Login(host, username, password) + c, err := edge.Login(host, insecure, username, password) if err != nil { resp.Diagnostics.AddError( - "Unable to create client", - "Unable to create edge client:\n\n"+err.Error(), + "Unable to configure provider", + "Unable to create edge client: "+err.Error(), ) return } @@ -169,3 +136,21 @@ func (p *provider) GetDataSources(_ context.Context) (map[string]tfsdk.DataSourc "edge_interface_ethernet": dataSourceInterfaceEthernetType{}, }, nil } + +func requiredString(str types.String, name, env string) (string, error) { + if str.Unknown { + return "", fmt.Errorf("Cannot use unknown value for %s.", name) + } + + val := str.Value + + if str.Null { + val = os.Getenv(env) + } + + if val == "" { + return "", fmt.Errorf("The provider attribute %s must be defined.", name) + } + + return val, nil +}