set plugins for data source & do validation on plugin names for terra…

…form updates
hashicorp · Aug 10, 2023 · a060291 · a060291
1 parent ced527e
commit a060291
Show file tree

Hide file tree

Showing 5 changed files with 132 additions and 21 deletions.
diff --git a/internal/clients/vault_cluster.go b/internal/clients/vault_cluster.go
@@ -325,17 +325,40 @@ func DeletePlugin(ctx context.Context, client *Client, loc *sharedmodels.Hashico
 	}
 	request.Location = locInternal
 	request.ClusterID = clusterID
-	delPluginPluginParams := vault_service.NewDeletePluginParams()
-	delPluginPluginParams.Context = ctx
-	delPluginPluginParams.ClusterID = clusterID
-	delPluginPluginParams.LocationProjectID = loc.ProjectID
-	delPluginPluginParams.LocationOrganizationID = loc.OrganizationID
-	delPluginPluginParams.Body = request
-
-	delPluginResp, err := client.Vault.DeletePlugin(delPluginPluginParams, nil)
+	delPluginParams := vault_service.NewDeletePluginParams()
+	delPluginParams.Context = ctx
+	delPluginParams.ClusterID = clusterID
+	delPluginParams.LocationProjectID = loc.ProjectID
+	delPluginParams.LocationOrganizationID = loc.OrganizationID
+	delPluginParams.Body = request
+
+	delPluginResp, err := client.Vault.DeletePlugin(delPluginParams, nil)
 	if err != nil {
 		return nil, err
 	}
 
 	return delPluginResp.Payload, nil
 }
+
+// ListPlugins will make a call to the Vault service plugin status api to get names of valid plugins
+func ListPlugins(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, clusterID string) (*vaultmodels.HashicorpCloudVault20201125PluginRegistrationStatusResponse, error) {
+	region := &sharedmodels.HashicorpCloudLocationRegion{}
+	if loc.Region != nil {
+		region = loc.Region
+	}
+
+	listPluginsParams := vault_service.NewPluginRegistrationStatusParams()
+	listPluginsParams.Context = ctx
+	listPluginsParams.ClusterID = clusterID
+	listPluginsParams.LocationProjectID = loc.ProjectID
+	listPluginsParams.LocationOrganizationID = loc.OrganizationID
+	listPluginsParams.LocationRegionProvider = &region.Provider
+	listPluginsParams.LocationRegionRegion = &region.Region
+
+	listPluginsResp, err := client.Vault.PluginRegistrationStatus(listPluginsParams, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return listPluginsResp.Payload, nil
+}
diff --git a/internal/provider/data_source_vault_cluster.go b/internal/provider/data_source_vault_cluster.go
@@ -208,6 +208,26 @@ If a project is not configured in the HCP Provider config block, the oldest proj
 					},
 				},
 			},
+			"vault_plugin": {
+				Description: "The external plugins to install on the vault cluster",
+				Type:        schema.TypeList,
+				Optional:    true,
+				Computed:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"plugin_name": {
+							Description: "The name of the plugin",
+							Type:        schema.TypeString,
+							Required:    true,
+						},
+						"plugin_type": {
+							Description: "The type of the plugin",
+							Type:        schema.TypeString,
+							Required:    true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -242,8 +262,14 @@ func dataSourceVaultClusterRead(ctx context.Context, d *schema.ResourceData, met
 
 	d.SetId(url)
 
+	plugins, err := clients.ListPlugins(ctx, client, loc, clusterID)
+	if err != nil {
+		log.Printf("[ERROR] Vault cluster (%s) failed to list plugins", clusterID)
+		return diag.FromErr(err)
+	}
+
 	// Cluster found, update resource data.
-	if err := setVaultClusterResourceData(d, cluster); err != nil {
+	if err := setVaultClusterResourceData(d, cluster, plugins.Plugins); err != nil {
 		return diag.FromErr(err)
 	}
 

diff --git a/internal/provider/resource_vault_cluster.go b/internal/provider/resource_vault_cluster.go
@@ -277,7 +277,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj
 				},
 			},
 			"vault_plugin": {
-				Description: "The external plugins that are to be installed on the vault cluster",
+				Description: "The external plugins to install on the vault cluster",
 				Type:        schema.TypeList,
 				Optional:    true,
 				Computed:    true,
@@ -333,7 +333,6 @@ If a project is not configured in the HCP Provider config block, the oldest proj
 }
 
 func resourceVaultClusterCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
-
 	client := meta.(*clients.Client)
 
 	clusterID := d.Get("cluster_id").(string)
@@ -361,7 +360,8 @@ func resourceVaultClusterCreate(ctx context.Context, d *schema.ResourceData, met
 	if diagErr != nil {
 		return diagErr
 	}
-	pluginConfig, diagErr := getPluginConfig(d)
+
+	pluginConfig, diagErr := getPluginConfig(d, nil)
 	if diagErr != nil {
 		return diagErr
 	}
@@ -557,7 +557,13 @@ func resourceVaultClusterCreate(ctx context.Context, d *schema.ResourceData, met
 		}
 	}
 
-	if err := setVaultClusterResourceData(d, cluster); err != nil {
+	plugins, err := clients.ListPlugins(ctx, client, loc, clusterID)
+	if err != nil {
+		log.Printf("[ERROR] Vault cluster (%s) failed to list plugins", clusterID)
+		return diag.FromErr(err)
+	}
+
+	if err := setVaultClusterResourceData(d, cluster, plugins.Plugins); err != nil {
 		return diag.FromErr(err)
 	}
 
@@ -595,8 +601,14 @@ func resourceVaultClusterRead(ctx context.Context, d *schema.ResourceData, meta
 		return nil
 	}
 
+	plugins, err := clients.ListPlugins(ctx, client, loc, clusterID)
+	if err != nil {
+		log.Printf("[ERROR] Vault cluster (%s) failed to list plugins", clusterID)
+		return diag.FromErr(err)
+	}
+
 	// Cluster found, update resource data.
-	if err := setVaultClusterResourceData(d, cluster); err != nil {
+	if err := setVaultClusterResourceData(d, cluster, plugins.Plugins); err != nil {
 		return diag.FromErr(err)
 	}
 
@@ -648,7 +660,14 @@ func resourceVaultClusterUpdate(ctx context.Context, d *schema.ResourceData, met
 		return diagErr
 	}
 
-	newPluginConfig, diagErr := getPluginConfig(d)
+	// get plugins for plugin-name validation in getPluginConfig
+	plugins, err := clients.ListPlugins(ctx, client, loc, clusterID)
+	if err != nil {
+		log.Printf("[ERROR] Vault cluster (%s) failed to list plugins", clusterID)
+		return diag.FromErr(err)
+	}
+
+	newPluginConfig, diagErr := getPluginConfig(d, plugins.Plugins)
 	if diagErr != nil {
 		return diagErr
 	}
@@ -765,7 +784,13 @@ func resourceVaultClusterUpdate(ctx context.Context, d *schema.ResourceData, met
 		}
 	}
 
-	if err := setVaultClusterResourceData(d, cluster); err != nil {
+	plugins, err = clients.ListPlugins(ctx, client, loc, clusterID)
+	if err != nil {
+		log.Printf("[ERROR] Vault cluster (%s) failed to list plugins", clusterID)
+		return diag.FromErr(err)
+	}
+
+	if err := setVaultClusterResourceData(d, cluster, plugins.Plugins); err != nil {
 		return diag.FromErr(err)
 	}
 
@@ -892,8 +917,7 @@ func getClusterTier(d *schema.ResourceData) *string {
 }
 
 // setVaultClusterResourceData sets the KV pairs of the Vault cluster resource schema.
-func setVaultClusterResourceData(d *schema.ResourceData, cluster *vaultmodels.HashicorpCloudVault20201125Cluster) error {
-
+func setVaultClusterResourceData(d *schema.ResourceData, cluster *vaultmodels.HashicorpCloudVault20201125Cluster, plugins []*vaultmodels.HashicorpCloudVault20201125PluginRegistrationStatus) error {
 	if err := d.Set("cluster_id", cluster.ID); err != nil {
 		return err
 	}
@@ -1022,6 +1046,20 @@ func setVaultClusterResourceData(d *schema.ResourceData, cluster *vaultmodels.Ha
 		}
 	}
 
+	var pluginConfig []map[string]any
+	for _, plugin := range plugins {
+		if plugin.IsRegistered {
+			pluginMap := map[string]any{}
+			pluginMap["plugin_name"] = plugin.PluginName
+			pluginMap["plugin_type"] = plugin.PluginType
+			pluginConfig = append(pluginConfig, pluginMap)
+		}
+		if err = d.Set("vault_plugin", pluginConfig); err != nil {
+			return err
+		}
+
+	}
+
 	return nil
 }
 
@@ -1235,7 +1273,7 @@ func flattenMajorVersionUpgradeConfig(config *vaultmodels.HashicorpCloudVault202
 	return []interface{}{configMap}
 }
 
-func getPluginConfig(d *schema.ResourceData) ([]*vaultmodels.HashicorpCloudVault20201125AddPluginRequest, diag.Diagnostics) {
+func getPluginConfig(d *schema.ResourceData, plugins []*vaultmodels.HashicorpCloudVault20201125PluginRegistrationStatus) ([]*vaultmodels.HashicorpCloudVault20201125AddPluginRequest, diag.Diagnostics) {
 	if !d.HasChange("vault_plugin") {
 		return nil, nil
 	}
@@ -1262,12 +1300,20 @@ func getPluginConfig(d *schema.ResourceData) ([]*vaultmodels.HashicorpCloudVault
 		}
 		pluginName := config["plugin_name"].(string)
 		pluginType := config["plugin_type"].(string)
+
+		if plugins != nil {
+			err := validateVaultPluginName(pluginName, pluginType, plugins)
+			if err != nil {
+				return nil, err
+			}
+		}
+
 		pluginConfigs = append(pluginConfigs, &vaultmodels.HashicorpCloudVault20201125AddPluginRequest{
 			PluginName: pluginName,
 			PluginType: pluginType,
 		})
-
 	}
+
 	return pluginConfigs, nil
 }
 

diff --git a/internal/provider/resource_vault_cluster_const_test.go b/internal/provider/resource_vault_cluster_const_test.go
@@ -49,7 +49,7 @@ resource "hcp_vault_cluster" "test" {
 		upgrade_type = "MANUAL"
 	}
 	vault_plugin {
-		plugin_type = "SECRET"
+		plugin_type = "DATABASE"
 		plugin_name = "venafi-pki-backend"
 	}
 }

diff --git a/internal/provider/validators.go b/internal/provider/validators.go
@@ -460,3 +460,19 @@ func validateVaultPluginType(v interface{}, path cty.Path) diag.Diagnostics {
 
 	return diagnostics
 }
+
+func validateVaultPluginName(pluginName string, pluginType string, plugins []*vaultmodels.HashicorpCloudVault20201125PluginRegistrationStatus) diag.Diagnostics {
+	var found bool
+	for _, plugin := range plugins {
+		if strings.EqualFold(pluginName, plugin.PluginName) && strings.EqualFold(pluginType, string(*plugin.PluginType)) {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		return diag.Errorf(fmt.Sprintf("plugin of plugin name: %s and plugin type: %s is not supported for installation by HCP Vault", pluginName, pluginType))
+	}
+
+	return nil
+}