From a43ff48aea7813d2c55746f725c395ebdd075edb Mon Sep 17 00:00:00 2001 From: abheda-crest <105624942+abheda-crest@users.noreply.github.com> Date: Sat, 9 Nov 2024 03:58:23 +0530 Subject: [PATCH] Make type assertions more defensive on the secret manager datasources (#11990) --- ...ta_source_secret_manager_secret_version.go | 49 +++++++++------ ...ce_secret_manager_secret_version_access.go | 41 ++++++++----- ..._secret_manager_regional_secret_version.go | 61 +++++++++++-------- ..._manager_regional_secret_version_access.go | 2 +- 4 files changed, 96 insertions(+), 57 deletions(-) diff --git a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version.go b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version.go index 70156caf6fc3..d656eae35b07 100644 --- a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version.go +++ b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version.go @@ -68,19 +68,27 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter return err } - fv, err := tpgresource.ParseProjectFieldValue("secrets", d.Get("secret").(string), "project", d, config, false) + dSecret, ok := d.Get("secret").(string) + if !ok { + return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret")) + } + + fv, err := tpgresource.ParseProjectFieldValue("secrets", dSecret, "project", d, config, false) if err != nil { return err } - if d.Get("project").(string) != "" && d.Get("project").(string) != fv.Project { - return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), fv.Project) - } project := fv.Project + if dProject, ok := d.Get("project").(string); !ok { + return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project")) + } else if dProject != "" && dProject != project { + return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project) + } + if err := d.Set("project", project); err != nil { - return fmt.Errorf("Error setting project: %s", err) + return fmt.Errorf("error setting project: %s", err) } if err := d.Set("secret", fv.Name); err != nil { - return fmt.Errorf("Error setting secret: %s", err) + return fmt.Errorf("error setting secret: %s", err) } var url string @@ -107,21 +115,26 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter UserAgent: userAgent, }) if err != nil { - return fmt.Errorf("Error retrieving available secret manager secret versions: %s", err.Error()) + return fmt.Errorf("error retrieving available secret manager secret versions: %s", err.Error()) } secretVersionRegex := regexp.MustCompile("projects/(.+)/secrets/(.+)/versions/(.+)$") - parts := secretVersionRegex.FindStringSubmatch(version["name"].(string)) + nameValue, ok := version["name"] + if !ok { + return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.") + } + + parts := secretVersionRegex.FindStringSubmatch(nameValue.(string)) // should return [full string, project number, secret name, version number] if len(parts) != 4 { - panic(fmt.Sprintf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", version["name"].(string))) + return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string)) } log.Printf("[DEBUG] Received Google SecretManager Version: %q", version) if err := d.Set("version", parts[3]); err != nil { - return fmt.Errorf("Error setting version: %s", err) + return fmt.Errorf("error setting version: %s", err) } url = fmt.Sprintf("%s:access", url) @@ -133,22 +146,22 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter UserAgent: userAgent, }) if err != nil { - return fmt.Errorf("Error retrieving available secret manager secret version access: %s", err.Error()) + return fmt.Errorf("error retrieving available secret manager secret version access: %s", err.Error()) } if err := d.Set("create_time", version["createTime"].(string)); err != nil { - return fmt.Errorf("Error setting create_time: %s", err) + return fmt.Errorf("error setting create_time: %s", err) } if version["destroyTime"] != nil { if err := d.Set("destroy_time", version["destroyTime"].(string)); err != nil { - return fmt.Errorf("Error setting destroy_time: %s", err) + return fmt.Errorf("error setting destroy_time: %s", err) } } - if err := d.Set("name", version["name"].(string)); err != nil { - return fmt.Errorf("Error setting name: %s", err) + if err := d.Set("name", nameValue.(string)); err != nil { + return fmt.Errorf("error setting name: %s", err) } if err := d.Set("enabled", true); err != nil { - return fmt.Errorf("Error setting enabled: %s", err) + return fmt.Errorf("error setting enabled: %s", err) } data := resp["payload"].(map[string]interface{}) @@ -163,9 +176,9 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter secretData = string(payloadData) } if err := d.Set("secret_data", secretData); err != nil { - return fmt.Errorf("Error setting secret_data: %s", err) + return fmt.Errorf("error setting secret_data: %s", err) } - d.SetId(version["name"].(string)) + d.SetId(nameValue.(string)) return nil } diff --git a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access.go b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access.go index f60707b5ce89..705914a532cf 100644 --- a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access.go +++ b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access.go @@ -56,19 +56,28 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta return err } - fv, err := tpgresource.ParseProjectFieldValue("secrets", d.Get("secret").(string), "project", d, config, false) + dSecret, ok := d.Get("secret").(string) + if !ok { + return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret")) + } + + fv, err := tpgresource.ParseProjectFieldValue("secrets", dSecret, "project", d, config, false) if err != nil { return err } - if d.Get("project").(string) != "" && d.Get("project").(string) != fv.Project { - return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), fv.Project) - } + project := fv.Project + if dProject, ok := d.Get("project").(string); !ok { + return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project")) + } else if dProject != "" && dProject != project { + return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project) + } + if err := d.Set("project", project); err != nil { - return fmt.Errorf("Error setting project: %s", err) + return fmt.Errorf("error setting project: %s", err) } if err := d.Set("secret", fv.Name); err != nil { - return fmt.Errorf("Error setting secret: %s", err) + return fmt.Errorf("error setting secret: %s", err) } var url string @@ -95,25 +104,29 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta UserAgent: userAgent, }) if err != nil { - return fmt.Errorf("Error retrieving available secret manager secret version access: %s", err.Error()) + return fmt.Errorf("error retrieving available secret manager secret version access: %s", err.Error()) } - if err := d.Set("name", resp["name"].(string)); err != nil { - return fmt.Errorf("Error setting name: %s", err) + nameValue, ok := resp["name"] + if !ok { + return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.") + } + if err := d.Set("name", nameValue.(string)); err != nil { + return fmt.Errorf("error setting name: %s", err) } secretVersionRegex := regexp.MustCompile("projects/(.+)/secrets/(.+)/versions/(.+)$") - parts := secretVersionRegex.FindStringSubmatch(resp["name"].(string)) + parts := secretVersionRegex.FindStringSubmatch(nameValue.(string)) // should return [full string, project number, secret name, version number] if len(parts) != 4 { - panic(fmt.Sprintf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", resp["name"].(string))) + return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string)) } log.Printf("[DEBUG] Received Google SecretManager Version: %q", parts[3]) if err := d.Set("version", parts[3]); err != nil { - return fmt.Errorf("Error setting version: %s", err) + return fmt.Errorf("error setting version: %s", err) } data := resp["payload"].(map[string]interface{}) @@ -128,9 +141,9 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta secretData = string(payloadData) } if err := d.Set("secret_data", secretData); err != nil { - return fmt.Errorf("Error setting secret_data: %s", err) + return fmt.Errorf("error setting secret_data: %s", err) } - d.SetId(resp["name"].(string)) + d.SetId(nameValue.(string)) return nil } diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go index 0f7889b54736..a6b47dc58a22 100644 --- a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go +++ b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go @@ -86,7 +86,11 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource } secretRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)$") - parts := secretRegex.FindStringSubmatch(d.Get("secret").(string)) + dSecret, ok := d.Get("secret").(string) + if !ok { + return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret")) + } + parts := secretRegex.FindStringSubmatch(dSecret) var project string @@ -94,30 +98,34 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource if len(parts) == 4 { // Store values of project to set in state project = parts[1] - if d.Get("project").(string) != "" && d.Get("project").(string) != parts[1] { - return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), parts[1]) + if dProject, ok := d.Get("project").(string); !ok { + return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project")) + } else if dProject != "" && dProject != project { + return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project) } - if d.Get("location").(string) != "" && d.Get("location").(string) != parts[2] { - return fmt.Errorf("The location set on this secret version (%s) is not equal to the location where this secret exists (%s).", d.Get("location").(string), parts[2]) + if dLocation, ok := d.Get("location").(string); !ok { + return fmt.Errorf("wrong type for location (%T), expected string", d.Get("location")) + } else if dLocation != "" && dLocation != parts[2] { + return fmt.Errorf("location field value (%s) does not match location of secret (%s).", dLocation, parts[2]) } if err := d.Set("location", parts[2]); err != nil { - return fmt.Errorf("Error setting location: %s", err) + return fmt.Errorf("error setting location: %s", err) } if err := d.Set("secret", parts[3]); err != nil { - return fmt.Errorf("Error setting secret: %s", err) + return fmt.Errorf("error setting secret: %s", err) } } else { // if secret name is provided in the secret field // Store values of project to set in state project, err = tpgresource.GetProject(d, config) if err != nil { - return fmt.Errorf("Error fetching project for Secret: %s", err) + return fmt.Errorf("error fetching project for Secret: %s", err) } - if d.Get("location").(string) == "" { - return fmt.Errorf("Location must be set when providing only secret name") + if dLocation, ok := d.Get("location").(string); ok && dLocation == "" { + return fmt.Errorf("location must be set when providing only secret name") } } if err := d.Set("project", project); err != nil { - return fmt.Errorf("Error setting project: %s", err) + return fmt.Errorf("error setting project: %s", err) } var url string @@ -146,20 +154,25 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource }) if err != nil { - return fmt.Errorf("Error retrieving available secret manager regional secret versions: %s", err.Error()) + return fmt.Errorf("error retrieving available secret manager regional secret versions: %s", err.Error()) + } + + nameValue, ok := secretVersion["name"] + if !ok { + return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.") } secretVersionRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)/versions/(.+)$") - parts = secretVersionRegex.FindStringSubmatch(secretVersion["name"].(string)) + parts = secretVersionRegex.FindStringSubmatch(nameValue.(string)) if len(parts) != 5 { - return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/{{version}}", secretVersion["name"].(string)) + return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string)) } log.Printf("[DEBUG] Received Google Secret Manager Regional Secret Version: %q", secretVersion) if err := d.Set("version", parts[4]); err != nil { - return fmt.Errorf("Error setting version: %s", err) + return fmt.Errorf("error setting version: %s", err) } url = fmt.Sprintf("%s:access", url) @@ -172,29 +185,29 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource }) if err != nil { - return fmt.Errorf("Error retrieving available secret manager regional secret version access: %s", err.Error()) + return fmt.Errorf("error retrieving available secret manager regional secret version access: %s", err.Error()) } if err := d.Set("customer_managed_encryption", flattenSecretManagerRegionalRegionalSecretVersionCustomerManagedEncryption(secretVersion["customerManagedEncryption"], d, config)); err != nil { - return fmt.Errorf("Error setting customer_managed_encryption: %s", err) + return fmt.Errorf("error setting customer_managed_encryption: %s", err) } if err := d.Set("create_time", secretVersion["createTime"].(string)); err != nil { - return fmt.Errorf("Error setting create_time: %s", err) + return fmt.Errorf("error setting create_time: %s", err) } if secretVersion["destroyTime"] != nil { if err := d.Set("destroy_time", secretVersion["destroyTime"].(string)); err != nil { - return fmt.Errorf("Error setting destroy_time: %s", err) + return fmt.Errorf("error setting destroy_time: %s", err) } } - if err := d.Set("name", secretVersion["name"].(string)); err != nil { - return fmt.Errorf("Error setting name: %s", err) + if err := d.Set("name", nameValue.(string)); err != nil { + return fmt.Errorf("error setting name: %s", err) } if err := d.Set("enabled", true); err != nil { - return fmt.Errorf("Error setting enabled: %s", err) + return fmt.Errorf("error setting enabled: %s", err) } data := resp["payload"].(map[string]interface{}) @@ -209,9 +222,9 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource secretData = string(payloadData) } if err := d.Set("secret_data", secretData); err != nil { - return fmt.Errorf("Error setting secret_data: %s", err) + return fmt.Errorf("error setting secret_data: %s", err) } - d.SetId(secretVersion["name"].(string)) + d.SetId(nameValue.(string)) return nil } diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go index 734173a3b145..b90ae069e563 100644 --- a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go +++ b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go @@ -76,7 +76,7 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionAccessRead(d *schema.Re if dProject, ok := d.Get("project").(string); !ok { return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project")) } else if dProject != "" && dProject != project { - return fmt.Errorf("project field value (%s) does not match project of secret (%s).", d.Get("project").(string), project) + return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project) } if dLocation, ok := d.Get("location").(string); !ok { return fmt.Errorf("wrong type for location (%T), expected string", d.Get("location"))