Add OIDC auth method and account resource #105
Conversation
* bump deps and tidy up * use a test provider for discovery, make sure the test auth method is complete, and a few other bits * fix a few type casts which caused panics and fix ChangeState(...)
…imary scope or change state calls fail
|
|
||
| func resourceAccountOidc() *schema.Resource { | ||
| return &schema.Resource{ | ||
| Description: "The account resource allows you to configure a Boundary account.", |
There was a problem hiding this comment.
I might suggest: "a Boundary OIDC account"
There was a problem hiding this comment.
I want to keep this, and account, as-is until we do a refactor across all resources so the descriptions have consistent language.
|
|
||
| func resourceAccountPassword() *schema.Resource { | ||
| return &schema.Resource{ | ||
| Description: "The account resource allows you to configure a Boundary account.", |
There was a problem hiding this comment.
suggestion: "a Boundary password account"
| } | ||
|
|
||
| func resourceAccountPasswordUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
| md := meta.(*metaData) |
There was a problem hiding this comment.
Can you update the account's password?
| testAccCheckAccountPasswordResourceExists(provider, "boundary_account_password.foo"), | ||
| ), | ||
| }, | ||
| importStep("boundary_account_password.foo", "password"), |
There was a problem hiding this comment.
We don't want to save it in state.
| }`, fooAuthMethodDescUpdate) | ||
| ) | ||
|
|
||
| func TestAccAuthMethodPassword(t *testing.T) { |
There was a problem hiding this comment.
can we add min login name and min password len to these tested attributes?
| d.Set(authmethodOidcClientIdKey, attrs[authmethodOidcClientIdKey].(string)) | ||
| d.Set(authmethodOidcClientSecretHmacKey, attrs[authmethodOidcClientSecretHmacKey].(string)) | ||
|
|
||
| if certs, ok := attrs[authmethodOidcIdpCaCertsKey]; ok { |
There was a problem hiding this comment.
nit: consider refactoring these if statements to happen inside a for loop that ranges over all the attribute keys. For example (not a complete list of keys, but just an idea)
for _, k := range []string{authmethodOidcIdpCaCertsKey, authmethodOidcAllowedAudiencesKey } {
if obj, ok := attrs[k]; ok {
switch obj.(type) {
case []interface{}:
d.Set(k, obj.([]interface{}))
case bool:
d.Set(k, obj.(bool))
case string:
d.Set(k, obj.(string))
default:
// raise some error
}
}
}
There was a problem hiding this comment.
using a for loop like this, makes it easier to check that you didn't miss any fields.
There was a problem hiding this comment.
I'm happy to make this change in a future PR.
There was a problem hiding this comment.
You could have key clashes that way, you'd probably want to format it as attributes.%s and use k there.
There was a problem hiding this comment.
In fact arguably this is already a problem here.
There was a problem hiding this comment.
I'm not sure if it's easy to range over values coming from TF. If it is, then naming these with an attributes. prefix and ranging is likely the way to go. Even if it isn't, you should probably ensure things are disambiguated by having the keys that are referencing attributes be prefixed as such.
There was a problem hiding this comment.
I guess since this is the OIDC specific provider maybe it's not a big deal. I'm not really sure.
| return setFromOidcAuthMethodResponseMap(d, amrr.GetResponse().Map) | ||
| } | ||
|
|
||
| func resourceAuthMethodOidcUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { |
There was a problem hiding this comment.
future PR idea for both Create/Update: use a common func to build the opts. Not complete but something like:
func buildOpts(d *schema.ResourceData, fields []string) []authmethods.Option {
opts := []authmethods.Option{}
m := map[string]func() authmethods.Option{
NameKey: func() authmethods.Option {
val, ok := d.GetOk(NameKey)
if ok {
return authmethods.WithName(val.(string))
}
return authmethods.DefaultName()
},
DescriptionKey: func() authmethods.Option {
val, ok := d.GetOk(DescriptionKey)
if ok {
return authmethods.WithName(val.(string))
}
return nil
},
}
for _, fieldName := range fields {
if o := m[fieldName](); o != nil {
opts = append(opts, o)
}
}
return opts
}
| d.Set(authmethodOidcStateKey, attrs[authmethodOidcStateKey].(string)) | ||
| d.Set(authmethodOidcIssuerKey, attrs[authmethodOidcIssuerKey].(string)) | ||
| d.Set(authmethodOidcClientIdKey, attrs[authmethodOidcClientIdKey].(string)) | ||
| d.Set(authmethodOidcClientSecretHmacKey, attrs[authmethodOidcClientSecretHmacKey].(string)) |
There was a problem hiding this comment.
Will this in fact be set if the user hasn't provided it yet?
No description provided.