From 37baf59947f84209c19677367c02cf06ede55173 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Mon, 30 Oct 2023 14:21:16 -0700 Subject: [PATCH 01/19] Added fields and validation for http observability provider --- .../data_source_vault_cluster.go | 100 +++++++++ .../providersdkv2/resource_vault_cluster.go | 199 ++++++++++++++++++ 2 files changed, 299 insertions(+) diff --git a/internal/providersdkv2/data_source_vault_cluster.go b/internal/providersdkv2/data_source_vault_cluster.go index e7a9fa51e..21309aa16 100644 --- a/internal/providersdkv2/data_source_vault_cluster.go +++ b/internal/providersdkv2/data_source_vault_cluster.go @@ -201,6 +201,56 @@ If a project is not configured in the HCP Provider config block, the oldest proj Type: schema.TypeString, Computed: true, }, + "http_basic_user": { + Description: "HTTP basic authentication username for streaming metrics", + Type: schema.TypeString, + Computed: true, + }, + "http_basic_password": { + Description: "HTTP basic authentication password for streaming metrics", + Type: schema.TypeString, + Computed: true, + }, + "http_bearer_token": { + Description: "HTTP bearer authentication token for streaming metrics", + Type: schema.TypeString, + Computed: true, + }, + "http_headers": { + Description: "HTTP headers for streaming metrics", + Type: schema.TypeMap, + Computed: true, + }, + "http_codec": { + Description: "HTTP codec for streaming metrics", + Type: schema.TypeString, + Computed: true, + }, + "http_compression": { + Description: "HTTP compression flag for streaming metrics", + Type: schema.TypeBool, + Computed: true, + }, + "http_method": { + Description: "HTTP payload method for streaming metrics", + Type: schema.TypeString, + Computed: true, + }, + "http_payload_prefix": { + Description: "HTTP payload prefix for streaming metrics", + Type: schema.TypeString, + Computed: true, + }, + "http_payload_suffix": { + Description: "HTTP payload suffix for streaming metrics", + Type: schema.TypeString, + Computed: true, + }, + "http_uri": { + Description: "HTTP URI for streaming metrics", + Type: schema.TypeString, + Computed: true, + }, }, }, }, @@ -276,6 +326,56 @@ If a project is not configured in the HCP Provider config block, the oldest proj Type: schema.TypeString, Computed: true, }, + "http_basic_user": { + Description: "HTTP basic authentication username for streaming audit logs", + Type: schema.TypeString, + Computed: true, + }, + "http_basic_password": { + Description: "HTTP basic authentication password for streaming audit logs", + Type: schema.TypeString, + Computed: true, + }, + "http_bearer_token": { + Description: "HTTP bearer authentication token for streaming audit logs", + Type: schema.TypeString, + Computed: true, + }, + "http_headers": { + Description: "HTTP headers for streaming audit logs", + Type: schema.TypeMap, + Computed: true, + }, + "http_codec": { + Description: "HTTP codec for streaming audit logs", + Type: schema.TypeString, + Computed: true, + }, + "http_compression": { + Description: "HTTP compression flag for streaming audit logs", + Type: schema.TypeBool, + Computed: true, + }, + "http_method": { + Description: "HTTP payload method for streaming audit logs", + Type: schema.TypeString, + Computed: true, + }, + "http_payload_prefix": { + Description: "HTTP payload prefix for streaming audit logs", + Type: schema.TypeString, + Computed: true, + }, + "http_payload_suffix": { + Description: "HTTP payload suffix for streaming audit logs", + Type: schema.TypeString, + Computed: true, + }, + "http_uri": { + Description: "HTTP URI for streaming audit logs", + Type: schema.TypeString, + Computed: true, + }, }, }, }, diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index 6d702fe58..b7ff9eec3 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -232,6 +232,58 @@ If a project is not configured in the HCP Provider config block, the oldest proj Optional: true, Sensitive: true, }, + "http_basic_user": { + Description: "HTTP basic authentication username for streaming metrics", + Type: schema.TypeString, + Optional: true, + }, + "http_basic_password": { + Description: "HTTP basic authentication password for streaming metrics", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + }, + "http_bearer_token": { + Description: "HTTP bearer authentication token for streaming metrics", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + }, + "http_headers": { + Description: "HTTP headers for streaming metrics", + Type: schema.TypeMap, + Optional: true, + }, + "http_codec": { + Description: "HTTP codec for streaming metrics", + Type: schema.TypeString, + Optional: true, + }, + "http_compression": { + Description: "HTTP compression flag for streaming metrics", + Type: schema.TypeBool, + Optional: true, + }, + "http_method": { + Description: "HTTP payload method for streaming metrics", + Type: schema.TypeString, + Optional: true, + }, + "http_payload_prefix": { + Description: "HTTP payload prefix for streaming metrics", + Type: schema.TypeString, + Optional: true, + }, + "http_payload_suffix": { + Description: "HTTP payload suffix for streaming metrics", + Type: schema.TypeString, + Optional: true, + }, + "http_uri": { + Description: "HTTP URI for streaming metrics", + Type: schema.TypeString, + Optional: true, + }, }, }, }, @@ -327,6 +379,58 @@ If a project is not configured in the HCP Provider config block, the oldest proj Optional: true, Sensitive: true, }, + "http_basic_user": { + Description: "HTTP basic authentication username for streaming audit logs", + Type: schema.TypeString, + Optional: true, + }, + "http_basic_password": { + Description: "HTTP basic authentication password for streaming audit logs", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + }, + "http_bearer_token": { + Description: "HTTP bearer authentication token for streaming audit logs", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + }, + "http_headers": { + Description: "HTTP headers for streaming audit logs", + Type: schema.TypeMap, + Optional: true, + }, + "http_codec": { + Description: "HTTP codec for streaming audit logs", + Type: schema.TypeString, + Optional: true, + }, + "http_compression": { + Description: "HTTP compression flag for streaming audit logs", + Type: schema.TypeBool, + Optional: true, + }, + "http_method": { + Description: "HTTP payload method for streaming audit logs", + Type: schema.TypeString, + Optional: true, + }, + "http_payload_prefix": { + Description: "HTTP payload prefix for streaming audit logs", + Type: schema.TypeString, + Optional: true, + }, + "http_payload_suffix": { + Description: "HTTP payload suffix for streaming audit logs", + Type: schema.TypeString, + Optional: true, + }, + "http_uri": { + Description: "HTTP URI for streaming audit logs", + Type: schema.TypeString, + Optional: true, + }, }, }, }, @@ -1156,6 +1260,42 @@ func flattenObservabilityConfig(config *vaultmodels.HashicorpCloudVault20201125O } } } + + if http := config.HTTP; http != nil { + configMap["http_headers"] = http.Headers + configMap["http_codec"] = http.Codec + configMap["http_compression"] = http.Compression + configMap["http_method"] = http.Method + configMap["http_payload_prefix"] = http.PayloadPrefix + configMap["http_payload_suffix"] = http.PayloadSuffix + configMap["http_uri"] = http.URI + + if http.Basic != nil { + configMap["http_basic_user"] = http.Basic.User + + // Since the API return this sensitive fields as redacted, we don't update it on the config in this situations + if http.Basic.Password != "redacted" { + configMap["http_basic_password"] = http.Basic.Password + } else { + if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 { + config := configParam.([]interface{})[0].(map[string]interface{}) + configMap["http_basic_password"] = config["http_basic_password"].(string) + } + } + } + + if http.Bearer != nil { + // Since the API return this sensitive fields as redacted, we don't update it on the config in this situations + if http.Bearer.Token != "redacted" { + configMap["http_bearer_token"] = http.Bearer.Token + } else { + if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 { + config := configParam.([]interface{})[0].(map[string]interface{}) + configMap["http_bearer_token"] = config["http_bearer_token"].(string) + } + } + } + } } return []interface{}{configMap} @@ -1172,6 +1312,7 @@ func getObservabilityConfig(propertyName string, d *schema.ResourceData) (*vault Datadog: &vaultmodels.HashicorpCloudVault20201125Datadog{}, Cloudwatch: &vaultmodels.HashicorpCloudVault20201125CloudWatch{}, Elasticsearch: &vaultmodels.HashicorpCloudVault20201125Elasticsearch{}, + HTTP: &vaultmodels.HashicorpCloudVault20201125HTTP{}, } // If we don't find the property we return the empty object to be updated and delete the configuration. @@ -1205,6 +1346,16 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha elasticsearchEndpoint, _ := config["elasticsearch_endpoint"].(string) elasticsearchUser, _ := config["elasticsearch_user"].(string) elasticsearchPassword, _ := config["elasticsearch_password"].(string) + httpBasicUser, _ := config["http_basic_user"].(string) + httpBasicPassword, _ := config["http_basic_password"].(string) + httpBearerToken, _ := config["http_bearer_token"].(string) + httpHeaders, _ := config["http_headers"].(map[string]interface{}) + httpCodec, _ := config["http_codec"].(string) + httpCompression, _ := config["http_compression"].(bool) + httpMethod, _ := config["http_method"].(string) + httpPayloadPrefix, _ := config["http_payload_prefix"].(string) + httpPayloadSuffix, _ := config["http_payload_suffix"].(string) + httpURI, _ := config["http_uri"].(string) var observabilityConfig *vaultmodels.HashicorpCloudVault20201125ObservabilityConfig // only return an error about a missing field for a specific provider after ensuring there's a single provider @@ -1290,6 +1441,54 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha } } + if httpURI != "" || httpMethod != "" || httpCodec != "" { + if observabilityConfig != nil { + return nil, tooManyProvidersErr + } + + if httpURI == "" || httpMethod == "" || httpCodec == "" { + missingParamErr = diag.Errorf("http configuration is invalid: configuration information missing") + } + + var httpBearerAuth *vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth + var httpBasicAuth *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth + + if httpBearerToken != "" { + httpBearerAuth = &vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth{ + Token: httpBearerToken, + } + + // only one of basic or bearer authentication should be submitted + if httpBasicUser != "" || httpBasicPassword != "" { + missingParamErr = diag.Errorf("http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both") + } + } else { + // http basic requires both the username and password to be filled + if httpBasicUser != "" && httpBasicPassword == "" || httpBasicUser == "" && httpBasicPassword != "" { + missingParamErr = diag.Errorf("http configuration is invalid: basic authentication requires username and password") + } else { + httpBasicAuth = &vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth{ + User: httpBasicUser, + Password: httpBasicPassword, + } + } + } + + observabilityConfig = &vaultmodels.HashicorpCloudVault20201125ObservabilityConfig{ + HTTP: &vaultmodels.HashicorpCloudVault20201125HTTP{ + Headers: httpHeaders, + Bearer: httpBearerAuth, + Basic: httpBasicAuth, + Codec: (*vaultmodels.HashicorpCloudVault20201125HTTPEncodingCodec)(&httpCodec), + Compression: httpCompression, + PayloadPrefix: httpPayloadPrefix, + PayloadSuffix: httpPayloadSuffix, + Method: httpMethod, + URI: httpURI, + }, + } + } + if missingParamErr != nil { return nil, missingParamErr } From 43619f5a102e5719f74b0adf7db740981797c752 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Mon, 30 Oct 2023 14:21:31 -0700 Subject: [PATCH 02/19] Added tests for http observability --- .../resource_vault_cluster_config_test.go | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/internal/providersdkv2/resource_vault_cluster_config_test.go b/internal/providersdkv2/resource_vault_cluster_config_test.go index 0f5b0492b..eb29ebdec 100644 --- a/internal/providersdkv2/resource_vault_cluster_config_test.go +++ b/internal/providersdkv2/resource_vault_cluster_config_test.go @@ -60,6 +60,43 @@ func TestGetValidObservabilityConfig(t *testing.T) { }, expectedError: "elasticsearch configuration is invalid: configuration information missing", }, + "http missing params": { + config: map[string]interface{}{ + "http_uri": "https://localhost:3000", + "http_basic_user": "user", + "http_basic_password": "pass", + }, + expectedError: "http configuration is invalid: configuration information missing", + }, + "http provide bearer and basic auth": { + config: map[string]interface{}{ + "http_uri": "https://localhost:3000", + "http_method": "POST", + "http_codec": "JSON", + "http_basic_user": "test", + "http_basic_password": "pass", + "http_bearer_token": "111111111", + }, + expectedError: "http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both", + }, + "http basic auth without username": { + config: map[string]interface{}{ + "http_uri": "https://localhost:3000", + "http_method": "POST", + "http_codec": "JSON", + "http_basic_password": "pass", + }, + expectedError: "http configuration is invalid: basic authentication requires username and password", + }, + "http basic auth without password": { + config: map[string]interface{}{ + "http_uri": "https://localhost:3000", + "http_method": "POST", + "http_codec": "JSON", + "http_basic_user": "test", + }, + expectedError: "http configuration is invalid: basic authentication requires username and password", + }, "too many providers takes precedence over missing params": { config: map[string]interface{}{ "datadog_region": "us1", From 01b6283cc7033e1ff1adbee3407069e990bad981 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Mon, 30 Oct 2023 14:30:38 -0700 Subject: [PATCH 03/19] Noted http observability provider improvement in changelog --- .changelog/660.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/660.txt diff --git a/.changelog/660.txt b/.changelog/660.txt new file mode 100644 index 000000000..47b946f9a --- /dev/null +++ b/.changelog/660.txt @@ -0,0 +1,3 @@ +```release-note:improvement +Add custom http endpoints as an observability provider for streaming audit logs and metrics from HCP Vault clusters. +``` From d62f5b484aedf87e34458f7a88d06dcc6b545393 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Mon, 30 Oct 2023 14:32:30 -0700 Subject: [PATCH 04/19] Ran go generate --- docs/data-sources/vault_cluster.md | 20 ++++++++++++++++++++ docs/resources/vault_cluster.md | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/docs/data-sources/vault_cluster.md b/docs/data-sources/vault_cluster.md index 7ad6197a3..3941efe24 100644 --- a/docs/data-sources/vault_cluster.md +++ b/docs/data-sources/vault_cluster.md @@ -81,6 +81,16 @@ Read-Only: - `elasticsearch_user` (String) ElasticSearch user for streaming audit logs - `grafana_endpoint` (String) Grafana endpoint for streaming audit logs - `grafana_user` (String) Grafana user for streaming audit logs +- `http_basic_password` (String) HTTP basic authentication password for streaming audit logs +- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs +- `http_bearer_token` (String) HTTP bearer authentication token for streaming audit logs +- `http_codec` (String) HTTP codec for streaming audit logs +- `http_compression` (Boolean) HTTP compression flag for streaming audit logs +- `http_headers` (Map of String) HTTP headers for streaming audit logs +- `http_method` (String) HTTP payload method for streaming audit logs +- `http_payload_prefix` (String) HTTP payload prefix for streaming audit logs +- `http_payload_suffix` (String) HTTP payload suffix for streaming audit logs +- `http_uri` (String) HTTP URI for streaming audit logs - `splunk_hecendpoint` (String) Splunk endpoint for streaming audit logs @@ -110,4 +120,14 @@ Read-Only: - `elasticsearch_user` (String) ElasticSearch user for streaming metrics - `grafana_endpoint` (String) Grafana endpoint for streaming metrics - `grafana_user` (String) Grafana user for streaming metrics +- `http_basic_password` (String) HTTP basic authentication password for streaming metrics +- `http_basic_user` (String) HTTP basic authentication username for streaming metrics +- `http_bearer_token` (String) HTTP bearer authentication token for streaming metrics +- `http_codec` (String) HTTP codec for streaming metrics +- `http_compression` (Boolean) HTTP compression flag for streaming metrics +- `http_headers` (Map of String) HTTP headers for streaming metrics +- `http_method` (String) HTTP payload method for streaming metrics +- `http_payload_prefix` (String) HTTP payload prefix for streaming metrics +- `http_payload_suffix` (String) HTTP payload suffix for streaming metrics +- `http_uri` (String) HTTP URI for streaming metrics - `splunk_hecendpoint` (String) Splunk endpoint for streaming metrics diff --git a/docs/resources/vault_cluster.md b/docs/resources/vault_cluster.md index a2d54769a..fc4420b7e 100644 --- a/docs/resources/vault_cluster.md +++ b/docs/resources/vault_cluster.md @@ -94,6 +94,16 @@ Optional: - `grafana_endpoint` (String) Grafana endpoint for streaming audit logs - `grafana_password` (String, Sensitive) Grafana password for streaming audit logs - `grafana_user` (String) Grafana user for streaming audit logs +- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming audit logs +- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs +- `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming audit logs +- `http_codec` (String) HTTP codec for streaming audit logs +- `http_compression` (Boolean) HTTP compression flag for streaming audit logs +- `http_headers` (Map of String) HTTP headers for streaming audit logs +- `http_method` (String) HTTP payload method for streaming audit logs +- `http_payload_prefix` (String) HTTP payload prefix for streaming audit logs +- `http_payload_suffix` (String) HTTP payload suffix for streaming audit logs +- `http_uri` (String) HTTP URI for streaming audit logs - `splunk_hecendpoint` (String) Splunk endpoint for streaming audit logs - `splunk_token` (String, Sensitive) Splunk token for streaming audit logs @@ -133,6 +143,16 @@ Optional: - `grafana_endpoint` (String) Grafana endpoint for streaming metrics - `grafana_password` (String, Sensitive) Grafana password for streaming metrics - `grafana_user` (String) Grafana user for streaming metrics +- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming metrics +- `http_basic_user` (String) HTTP basic authentication username for streaming metrics +- `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming metrics +- `http_codec` (String) HTTP codec for streaming metrics +- `http_compression` (Boolean) HTTP compression flag for streaming metrics +- `http_headers` (Map of String) HTTP headers for streaming metrics +- `http_method` (String) HTTP payload method for streaming metrics +- `http_payload_prefix` (String) HTTP payload prefix for streaming metrics +- `http_payload_suffix` (String) HTTP payload suffix for streaming metrics +- `http_uri` (String) HTTP URI for streaming metrics - `splunk_hecendpoint` (String) Splunk endpoint for streaming metrics - `splunk_token` (String, Sensitive) Splunk token for streaming metrics From 9de6e2796f70159944e6bab72fc9283b320829be Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 09:32:21 -0700 Subject: [PATCH 05/19] renamed missingParamsError to invalidProviderConfigError --- .../providersdkv2/resource_vault_cluster.go | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index b7ff9eec3..539a87ca7 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1359,12 +1359,12 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha var observabilityConfig *vaultmodels.HashicorpCloudVault20201125ObservabilityConfig // only return an error about a missing field for a specific provider after ensuring there's a single provider - var missingParamErr diag.Diagnostics + var invalidProviderConfigError diag.Diagnostics tooManyProvidersErr := diag.Errorf("multiple configurations found: must contain configuration for only one provider") if grafanaEndpoint != "" || grafanaUser != "" || grafanaPassword != "" { if grafanaEndpoint == "" || grafanaUser == "" || grafanaPassword == "" { - missingParamErr = diag.Errorf("grafana configuration is invalid: configuration information missing") + invalidProviderConfigError = diag.Errorf("grafana configuration is invalid: configuration information missing") } observabilityConfig = &vaultmodels.HashicorpCloudVault20201125ObservabilityConfig{ @@ -1381,7 +1381,7 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha return nil, tooManyProvidersErr } if splunkEndpoint == "" || splunkToken == "" { - missingParamErr = diag.Errorf("splunk configuration is invalid: configuration information missing") + invalidProviderConfigError = diag.Errorf("splunk configuration is invalid: configuration information missing") } observabilityConfig = &vaultmodels.HashicorpCloudVault20201125ObservabilityConfig{ Splunk: &vaultmodels.HashicorpCloudVault20201125Splunk{ @@ -1396,7 +1396,7 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha return nil, tooManyProvidersErr } if datadogAPIKey == "" || datadogRegion == "" { - missingParamErr = diag.Errorf("datadog configuration is invalid: configuration information missing") + invalidProviderConfigError = diag.Errorf("datadog configuration is invalid: configuration information missing") } observabilityConfig = &vaultmodels.HashicorpCloudVault20201125ObservabilityConfig{ Datadog: &vaultmodels.HashicorpCloudVault20201125Datadog{ @@ -1411,7 +1411,7 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha return nil, tooManyProvidersErr } if cloudwatchAccessKeyID == "" || cloudwatchAccessKeySecret == "" || cloudwatchRegion == "" { - missingParamErr = diag.Errorf("cloudwatch configuration is invalid: configuration information missing") + invalidProviderConfigError = diag.Errorf("cloudwatch configuration is invalid: configuration information missing") } observabilityConfig = &vaultmodels.HashicorpCloudVault20201125ObservabilityConfig{ Cloudwatch: &vaultmodels.HashicorpCloudVault20201125CloudWatch{ @@ -1429,7 +1429,7 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha } if elasticsearchEndpoint == "" || elasticsearchUser == "" || elasticsearchPassword == "" { - missingParamErr = diag.Errorf("elasticsearch configuration is invalid: configuration information missing") + invalidProviderConfigError = diag.Errorf("elasticsearch configuration is invalid: configuration information missing") } observabilityConfig = &vaultmodels.HashicorpCloudVault20201125ObservabilityConfig{ @@ -1447,7 +1447,7 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha } if httpURI == "" || httpMethod == "" || httpCodec == "" { - missingParamErr = diag.Errorf("http configuration is invalid: configuration information missing") + invalidProviderConfigError = diag.Errorf("http configuration is invalid: configuration information missing") } var httpBearerAuth *vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth @@ -1460,12 +1460,12 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha // only one of basic or bearer authentication should be submitted if httpBasicUser != "" || httpBasicPassword != "" { - missingParamErr = diag.Errorf("http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both") + invalidProviderConfigError = diag.Errorf("http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both") } } else { // http basic requires both the username and password to be filled if httpBasicUser != "" && httpBasicPassword == "" || httpBasicUser == "" && httpBasicPassword != "" { - missingParamErr = diag.Errorf("http configuration is invalid: basic authentication requires username and password") + invalidProviderConfigError = diag.Errorf("http configuration is invalid: basic authentication requires username and password") } else { httpBasicAuth = &vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth{ User: httpBasicUser, @@ -1489,8 +1489,8 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha } } - if missingParamErr != nil { - return nil, missingParamErr + if invalidProviderConfigError != nil { + return nil, invalidProviderConfigError } return observabilityConfig, nil From 026ac0c95a5ebd62ef31ace1ffd37ab9d7718849 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 10:27:26 -0700 Subject: [PATCH 06/19] updated http_bearer_token, http_basic_user, and http_basic_password to specifiy that only basic or bearer authentication can be provided at any given time --- docs/data-sources/vault_cluster.md | 12 ++++++------ docs/resources/vault_cluster.md | 8 ++++---- internal/providersdkv2/data_source_vault_cluster.go | 12 ++++++------ internal/providersdkv2/resource_vault_cluster.go | 8 ++++---- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/docs/data-sources/vault_cluster.md b/docs/data-sources/vault_cluster.md index 3941efe24..3e0e27dc7 100644 --- a/docs/data-sources/vault_cluster.md +++ b/docs/data-sources/vault_cluster.md @@ -81,9 +81,9 @@ Read-Only: - `elasticsearch_user` (String) ElasticSearch user for streaming audit logs - `grafana_endpoint` (String) Grafana endpoint for streaming audit logs - `grafana_user` (String) Grafana user for streaming audit logs -- `http_basic_password` (String) HTTP basic authentication password for streaming audit logs -- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs -- `http_bearer_token` (String) HTTP bearer authentication token for streaming audit logs +- `http_basic_password` (String) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided +- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. +- `http_bearer_token` (String) HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming audit logs - `http_compression` (Boolean) HTTP compression flag for streaming audit logs - `http_headers` (Map of String) HTTP headers for streaming audit logs @@ -120,9 +120,9 @@ Read-Only: - `elasticsearch_user` (String) ElasticSearch user for streaming metrics - `grafana_endpoint` (String) Grafana endpoint for streaming metrics - `grafana_user` (String) Grafana user for streaming metrics -- `http_basic_password` (String) HTTP basic authentication password for streaming metrics -- `http_basic_user` (String) HTTP basic authentication username for streaming metrics -- `http_bearer_token` (String) HTTP bearer authentication token for streaming metrics +- `http_basic_password` (String) HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided +- `http_basic_user` (String) HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. +- `http_bearer_token` (String) HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming metrics - `http_compression` (Boolean) HTTP compression flag for streaming metrics - `http_headers` (Map of String) HTTP headers for streaming metrics diff --git a/docs/resources/vault_cluster.md b/docs/resources/vault_cluster.md index fc4420b7e..3e7fe14e6 100644 --- a/docs/resources/vault_cluster.md +++ b/docs/resources/vault_cluster.md @@ -94,9 +94,9 @@ Optional: - `grafana_endpoint` (String) Grafana endpoint for streaming audit logs - `grafana_password` (String, Sensitive) Grafana password for streaming audit logs - `grafana_user` (String) Grafana user for streaming audit logs -- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming audit logs -- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs -- `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming audit logs +- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided +- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. +- `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming audit logs - `http_compression` (Boolean) HTTP compression flag for streaming audit logs - `http_headers` (Map of String) HTTP headers for streaming audit logs @@ -145,7 +145,7 @@ Optional: - `grafana_user` (String) Grafana user for streaming metrics - `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming metrics - `http_basic_user` (String) HTTP basic authentication username for streaming metrics -- `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming metrics +- `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming metrics - `http_compression` (Boolean) HTTP compression flag for streaming metrics - `http_headers` (Map of String) HTTP headers for streaming metrics diff --git a/internal/providersdkv2/data_source_vault_cluster.go b/internal/providersdkv2/data_source_vault_cluster.go index 21309aa16..d7deaead5 100644 --- a/internal/providersdkv2/data_source_vault_cluster.go +++ b/internal/providersdkv2/data_source_vault_cluster.go @@ -202,17 +202,17 @@ If a project is not configured in the HCP Provider config block, the oldest proj Computed: true, }, "http_basic_user": { - Description: "HTTP basic authentication username for streaming metrics", + Description: "HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided.", Type: schema.TypeString, Computed: true, }, "http_basic_password": { - Description: "HTTP basic authentication password for streaming metrics", + Description: "HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided", Type: schema.TypeString, Computed: true, }, "http_bearer_token": { - Description: "HTTP bearer authentication token for streaming metrics", + Description: "HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided", Type: schema.TypeString, Computed: true, }, @@ -327,17 +327,17 @@ If a project is not configured in the HCP Provider config block, the oldest proj Computed: true, }, "http_basic_user": { - Description: "HTTP basic authentication username for streaming audit logs", + Description: "HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided.", Type: schema.TypeString, Computed: true, }, "http_basic_password": { - Description: "HTTP basic authentication password for streaming audit logs", + Description: "HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided", Type: schema.TypeString, Computed: true, }, "http_bearer_token": { - Description: "HTTP bearer authentication token for streaming audit logs", + Description: "HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided", Type: schema.TypeString, Computed: true, }, diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index 539a87ca7..fffa7b52a 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -244,7 +244,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Sensitive: true, }, "http_bearer_token": { - Description: "HTTP bearer authentication token for streaming metrics", + Description: "HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided", Type: schema.TypeString, Optional: true, Sensitive: true, @@ -380,18 +380,18 @@ If a project is not configured in the HCP Provider config block, the oldest proj Sensitive: true, }, "http_basic_user": { - Description: "HTTP basic authentication username for streaming audit logs", + Description: "HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided.", Type: schema.TypeString, Optional: true, }, "http_basic_password": { - Description: "HTTP basic authentication password for streaming audit logs", + Description: "HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided", Type: schema.TypeString, Optional: true, Sensitive: true, }, "http_bearer_token": { - Description: "HTTP bearer authentication token for streaming audit logs", + Description: "HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided", Type: schema.TypeString, Optional: true, Sensitive: true, From bad8acefa1160a8a69b709cf00cc46af844655e9 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 10:32:13 -0700 Subject: [PATCH 07/19] Specified allowed values for http_codec --- docs/data-sources/vault_cluster.md | 4 ++-- docs/resources/vault_cluster.md | 4 ++-- internal/providersdkv2/data_source_vault_cluster.go | 4 ++-- internal/providersdkv2/resource_vault_cluster.go | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/data-sources/vault_cluster.md b/docs/data-sources/vault_cluster.md index 3e0e27dc7..1e54452ac 100644 --- a/docs/data-sources/vault_cluster.md +++ b/docs/data-sources/vault_cluster.md @@ -84,7 +84,7 @@ Read-Only: - `http_basic_password` (String) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided - `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. - `http_bearer_token` (String) HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided -- `http_codec` (String) HTTP codec for streaming audit logs +- `http_codec` (String) HTTP codec for streaming audit logs, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming audit logs - `http_headers` (Map of String) HTTP headers for streaming audit logs - `http_method` (String) HTTP payload method for streaming audit logs @@ -123,7 +123,7 @@ Read-Only: - `http_basic_password` (String) HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided - `http_basic_user` (String) HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. - `http_bearer_token` (String) HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided -- `http_codec` (String) HTTP codec for streaming metrics +- `http_codec` (String) HTTP codec for streaming metrics, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming metrics - `http_headers` (Map of String) HTTP headers for streaming metrics - `http_method` (String) HTTP payload method for streaming metrics diff --git a/docs/resources/vault_cluster.md b/docs/resources/vault_cluster.md index 3e7fe14e6..ef4445b20 100644 --- a/docs/resources/vault_cluster.md +++ b/docs/resources/vault_cluster.md @@ -97,7 +97,7 @@ Optional: - `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided - `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. - `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided -- `http_codec` (String) HTTP codec for streaming audit logs +- `http_codec` (String) HTTP codec for streaming audit logs, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming audit logs - `http_headers` (Map of String) HTTP headers for streaming audit logs - `http_method` (String) HTTP payload method for streaming audit logs @@ -146,7 +146,7 @@ Optional: - `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming metrics - `http_basic_user` (String) HTTP basic authentication username for streaming metrics - `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided -- `http_codec` (String) HTTP codec for streaming metrics +- `http_codec` (String) HTTP codec for streaming metrics, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming metrics - `http_headers` (Map of String) HTTP headers for streaming metrics - `http_method` (String) HTTP payload method for streaming metrics diff --git a/internal/providersdkv2/data_source_vault_cluster.go b/internal/providersdkv2/data_source_vault_cluster.go index d7deaead5..2e277ff09 100644 --- a/internal/providersdkv2/data_source_vault_cluster.go +++ b/internal/providersdkv2/data_source_vault_cluster.go @@ -222,7 +222,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Computed: true, }, "http_codec": { - Description: "HTTP codec for streaming metrics", + Description: "HTTP codec for streaming metrics, allowed values are JSON and NDJSON", Type: schema.TypeString, Computed: true, }, @@ -347,7 +347,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Computed: true, }, "http_codec": { - Description: "HTTP codec for streaming audit logs", + Description: "HTTP codec for streaming audit logs, allowed values are JSON and NDJSON", Type: schema.TypeString, Computed: true, }, diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index fffa7b52a..6e44f67e2 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -255,7 +255,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Optional: true, }, "http_codec": { - Description: "HTTP codec for streaming metrics", + Description: "HTTP codec for streaming metrics, allowed values are JSON and NDJSON", Type: schema.TypeString, Optional: true, }, @@ -402,7 +402,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Optional: true, }, "http_codec": { - Description: "HTTP codec for streaming audit logs", + Description: "HTTP codec for streaming audit logs, allowed values are JSON and NDJSON", Type: schema.TypeString, Optional: true, }, From fd25524cf950e8aa1206b21d22158630d72054e7 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 10:43:05 -0700 Subject: [PATCH 08/19] validate that http_codec should only be "JSON" or "NDJSON" values --- internal/providersdkv2/resource_vault_cluster.go | 4 ++++ .../providersdkv2/resource_vault_cluster_config_test.go | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index 6e44f67e2..3d57f1011 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1446,6 +1446,10 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha return nil, tooManyProvidersErr } + if httpCodec != "JSON" && httpCodec != "NDJSON" { + invalidProviderConfigError = diag.Errorf("http configuration is invalud: allowed values for http_codec are only \"JSON\" or \"NDJSON\"") + } + if httpURI == "" || httpMethod == "" || httpCodec == "" { invalidProviderConfigError = diag.Errorf("http configuration is invalid: configuration information missing") } diff --git a/internal/providersdkv2/resource_vault_cluster_config_test.go b/internal/providersdkv2/resource_vault_cluster_config_test.go index eb29ebdec..b0e2bc447 100644 --- a/internal/providersdkv2/resource_vault_cluster_config_test.go +++ b/internal/providersdkv2/resource_vault_cluster_config_test.go @@ -68,6 +68,14 @@ func TestGetValidObservabilityConfig(t *testing.T) { }, expectedError: "http configuration is invalid: configuration information missing", }, + "http invalid codec": { + config: map[string]interface{}{ + "http_uri": "https://localhost:3000", + "http_method": "POST", + "http_codec": "SOME_VALUE", + }, + expectedError: "http configuration is invalud: allowed values for http_codec are only \"JSON\" or \"NDJSON\"", + }, "http provide bearer and basic auth": { config: map[string]interface{}{ "http_uri": "https://localhost:3000", From bd1b49029e88566878d23f4bd033b11cbe610ff7 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 10:48:28 -0700 Subject: [PATCH 09/19] validated httpMethod so ensure that its value is either POST, PUT, or PATCH --- docs/data-sources/vault_cluster.md | 4 ++-- docs/resources/vault_cluster.md | 4 ++-- internal/providersdkv2/data_source_vault_cluster.go | 4 ++-- internal/providersdkv2/resource_vault_cluster.go | 8 ++++++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/data-sources/vault_cluster.md b/docs/data-sources/vault_cluster.md index 1e54452ac..e8da98686 100644 --- a/docs/data-sources/vault_cluster.md +++ b/docs/data-sources/vault_cluster.md @@ -87,7 +87,7 @@ Read-Only: - `http_codec` (String) HTTP codec for streaming audit logs, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming audit logs - `http_headers` (Map of String) HTTP headers for streaming audit logs -- `http_method` (String) HTTP payload method for streaming audit logs +- `http_method` (String) HTTP payload method for streaming audit logs, allowed values are PATCH, POST, or PUT - `http_payload_prefix` (String) HTTP payload prefix for streaming audit logs - `http_payload_suffix` (String) HTTP payload suffix for streaming audit logs - `http_uri` (String) HTTP URI for streaming audit logs @@ -126,7 +126,7 @@ Read-Only: - `http_codec` (String) HTTP codec for streaming metrics, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming metrics - `http_headers` (Map of String) HTTP headers for streaming metrics -- `http_method` (String) HTTP payload method for streaming metrics +- `http_method` (String) HTTP payload method for streaming metrics, allowed values are PATCH, POST, or PUT - `http_payload_prefix` (String) HTTP payload prefix for streaming metrics - `http_payload_suffix` (String) HTTP payload suffix for streaming metrics - `http_uri` (String) HTTP URI for streaming metrics diff --git a/docs/resources/vault_cluster.md b/docs/resources/vault_cluster.md index ef4445b20..5f0cfca4c 100644 --- a/docs/resources/vault_cluster.md +++ b/docs/resources/vault_cluster.md @@ -100,7 +100,7 @@ Optional: - `http_codec` (String) HTTP codec for streaming audit logs, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming audit logs - `http_headers` (Map of String) HTTP headers for streaming audit logs -- `http_method` (String) HTTP payload method for streaming audit logs +- `http_method` (String) HTTP payload method for streaming audit logs, , allowed values are PATCH, POST, or PUT - `http_payload_prefix` (String) HTTP payload prefix for streaming audit logs - `http_payload_suffix` (String) HTTP payload suffix for streaming audit logs - `http_uri` (String) HTTP URI for streaming audit logs @@ -149,7 +149,7 @@ Optional: - `http_codec` (String) HTTP codec for streaming metrics, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming metrics - `http_headers` (Map of String) HTTP headers for streaming metrics -- `http_method` (String) HTTP payload method for streaming metrics +- `http_method` (String) HTTP payload method for streaming metrics, allowed values are PATCH, POST, or PUT - `http_payload_prefix` (String) HTTP payload prefix for streaming metrics - `http_payload_suffix` (String) HTTP payload suffix for streaming metrics - `http_uri` (String) HTTP URI for streaming metrics diff --git a/internal/providersdkv2/data_source_vault_cluster.go b/internal/providersdkv2/data_source_vault_cluster.go index 2e277ff09..58071a262 100644 --- a/internal/providersdkv2/data_source_vault_cluster.go +++ b/internal/providersdkv2/data_source_vault_cluster.go @@ -232,7 +232,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Computed: true, }, "http_method": { - Description: "HTTP payload method for streaming metrics", + Description: "HTTP payload method for streaming metrics, allowed values are PATCH, POST, or PUT", Type: schema.TypeString, Computed: true, }, @@ -357,7 +357,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Computed: true, }, "http_method": { - Description: "HTTP payload method for streaming audit logs", + Description: "HTTP payload method for streaming audit logs, allowed values are PATCH, POST, or PUT", Type: schema.TypeString, Computed: true, }, diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index 3d57f1011..3ef00d1dd 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -265,7 +265,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Optional: true, }, "http_method": { - Description: "HTTP payload method for streaming metrics", + Description: "HTTP payload method for streaming metrics, allowed values are PATCH, POST, or PUT", Type: schema.TypeString, Optional: true, }, @@ -412,7 +412,7 @@ If a project is not configured in the HCP Provider config block, the oldest proj Optional: true, }, "http_method": { - Description: "HTTP payload method for streaming audit logs", + Description: "HTTP payload method for streaming audit logs, , allowed values are PATCH, POST, or PUT", Type: schema.TypeString, Optional: true, }, @@ -1446,6 +1446,10 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha return nil, tooManyProvidersErr } + if httpMethod != "POST" && httpMethod != "PUT" && httpMethod != "PATCH" { + invalidProviderConfigError = diag.Errorf("http configuration is invalud: allowed values for http_method are only \"POST\", \"PUT\", or \"PATCH\"") + } + if httpCodec != "JSON" && httpCodec != "NDJSON" { invalidProviderConfigError = diag.Errorf("http configuration is invalud: allowed values for http_codec are only \"JSON\" or \"NDJSON\"") } From 439a80929e931a807652e0b8cb0dee7cb0d154c2 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 11:14:39 -0700 Subject: [PATCH 10/19] added strings.toUpper for httpMethod and httpCodec --- internal/providersdkv2/resource_vault_cluster.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index 3ef00d1dd..4c343bba9 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1446,11 +1446,11 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha return nil, tooManyProvidersErr } - if httpMethod != "POST" && httpMethod != "PUT" && httpMethod != "PATCH" { + if strings.ToUpper(httpMethod) != "POST" && strings.ToUpper(httpMethod) != "PUT" && strings.ToUpper(httpMethod) != "PATCH" { invalidProviderConfigError = diag.Errorf("http configuration is invalud: allowed values for http_method are only \"POST\", \"PUT\", or \"PATCH\"") } - if httpCodec != "JSON" && httpCodec != "NDJSON" { + if strings.ToUpper(httpMethod) != "JSON" && strings.ToUpper(httpMethod) != "NDJSON" { invalidProviderConfigError = diag.Errorf("http configuration is invalud: allowed values for http_codec are only \"JSON\" or \"NDJSON\"") } From f5c4771e032d812727b600ee923104dd2fd4b069 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 14:19:46 -0700 Subject: [PATCH 11/19] updated http_basic_user and http_basic_password description --- docs/data-sources/vault_cluster.md | 8 ++++---- docs/resources/vault_cluster.md | 8 ++++---- internal/providersdkv2/data_source_vault_cluster.go | 8 ++++---- internal/providersdkv2/resource_vault_cluster.go | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/data-sources/vault_cluster.md b/docs/data-sources/vault_cluster.md index e8da98686..5469966af 100644 --- a/docs/data-sources/vault_cluster.md +++ b/docs/data-sources/vault_cluster.md @@ -81,8 +81,8 @@ Read-Only: - `elasticsearch_user` (String) ElasticSearch user for streaming audit logs - `grafana_endpoint` (String) Grafana endpoint for streaming audit logs - `grafana_user` (String) Grafana user for streaming audit logs -- `http_basic_password` (String) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided -- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. +- `http_basic_password` (String) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user is also provided +- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_password is also provided - `http_bearer_token` (String) HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming audit logs, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming audit logs @@ -120,8 +120,8 @@ Read-Only: - `elasticsearch_user` (String) ElasticSearch user for streaming metrics - `grafana_endpoint` (String) Grafana endpoint for streaming metrics - `grafana_user` (String) Grafana user for streaming metrics -- `http_basic_password` (String) HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided -- `http_basic_user` (String) HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. +- `http_basic_password` (String) HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user is also provided +- `http_basic_user` (String) HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_password is also provided - `http_bearer_token` (String) HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming metrics, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming metrics diff --git a/docs/resources/vault_cluster.md b/docs/resources/vault_cluster.md index 5f0cfca4c..ca23e5491 100644 --- a/docs/resources/vault_cluster.md +++ b/docs/resources/vault_cluster.md @@ -94,8 +94,8 @@ Optional: - `grafana_endpoint` (String) Grafana endpoint for streaming audit logs - `grafana_password` (String, Sensitive) Grafana password for streaming audit logs - `grafana_user` (String) Grafana user for streaming audit logs -- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided -- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided. +- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user is also provided +- `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_password is also provided - `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming audit logs, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming audit logs @@ -143,8 +143,8 @@ Optional: - `grafana_endpoint` (String) Grafana endpoint for streaming metrics - `grafana_password` (String, Sensitive) Grafana password for streaming metrics - `grafana_user` (String) Grafana user for streaming metrics -- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming metrics -- `http_basic_user` (String) HTTP basic authentication username for streaming metrics +- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user is also specified +- `http_basic_user` (String) HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_password is also specified - `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming metrics, allowed values are JSON and NDJSON - `http_compression` (Boolean) HTTP compression flag for streaming metrics diff --git a/internal/providersdkv2/data_source_vault_cluster.go b/internal/providersdkv2/data_source_vault_cluster.go index 58071a262..4e67a1bb4 100644 --- a/internal/providersdkv2/data_source_vault_cluster.go +++ b/internal/providersdkv2/data_source_vault_cluster.go @@ -202,12 +202,12 @@ If a project is not configured in the HCP Provider config block, the oldest proj Computed: true, }, "http_basic_user": { - Description: "HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided.", + Description: "HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_password is also provided", Type: schema.TypeString, Computed: true, }, "http_basic_password": { - Description: "HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_bearer_token is not provided", + Description: "HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user is also provided", Type: schema.TypeString, Computed: true, }, @@ -327,12 +327,12 @@ If a project is not configured in the HCP Provider config block, the oldest proj Computed: true, }, "http_basic_user": { - Description: "HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided.", + Description: "HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_password is also provided", Type: schema.TypeString, Computed: true, }, "http_basic_password": { - Description: "HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided", + Description: "HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user is also provided", Type: schema.TypeString, Computed: true, }, diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index 4c343bba9..eb73ab159 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -233,12 +233,12 @@ If a project is not configured in the HCP Provider config block, the oldest proj Sensitive: true, }, "http_basic_user": { - Description: "HTTP basic authentication username for streaming metrics", + Description: "HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_password is also specified", Type: schema.TypeString, Optional: true, }, "http_basic_password": { - Description: "HTTP basic authentication password for streaming metrics", + Description: "HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user is also specified", Type: schema.TypeString, Optional: true, Sensitive: true, @@ -380,12 +380,12 @@ If a project is not configured in the HCP Provider config block, the oldest proj Sensitive: true, }, "http_basic_user": { - Description: "HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided.", + Description: "HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_password is also provided", Type: schema.TypeString, Optional: true, }, "http_basic_password": { - Description: "HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_bearer_token is not provided", + Description: "HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user is also provided", Type: schema.TypeString, Optional: true, Sensitive: true, From 230d250a48f485746e4a1b1df475af01f0d8df42 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 15:26:55 -0700 Subject: [PATCH 12/19] separated http validation into separate function --- .../providersdkv2/resource_vault_cluster.go | 54 +++++++++++-------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index eb73ab159..c8ac26cb3 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1332,6 +1332,36 @@ func getObservabilityConfig(propertyName string, d *schema.ResourceData) (*vault return getValidObservabilityConfig(config) } +func validateHttpAuth(httpBasicUser string, httpBasicPassword string, httpBearerToken string) (diag.Diagnostics, *vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth, *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth) { + var httpConfigError diag.Diagnostics + + // only one of basic or bearer authentication should be submitted + if httpBearerToken != "" && httpBasicUser != "" || httpBearerToken != "" && httpBasicPassword != "" { + httpConfigError = diag.Errorf("http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both") + } else if httpBasicUser != "" && httpBasicPassword == "" || httpBasicUser == "" && httpBasicPassword != "" { + // http basic requires both the username and password to be filled + httpConfigError = diag.Errorf("http configuration is invalid: basic authentication requires username and password") + } + + if httpConfigError != nil { + return httpConfigError, nil, nil + } + + if httpBearerToken != "" { + httpBearerAuth := &vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth{ + Token: httpBearerToken, + } + return nil, httpBearerAuth, nil + } + + httpBasicAuth := &vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth{ + User: httpBasicUser, + Password: httpBasicPassword, + } + + return nil, nil, httpBasicAuth +} + func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.HashicorpCloudVault20201125ObservabilityConfig, diag.Diagnostics) { grafanaEndpoint, _ := config["grafana_endpoint"].(string) grafanaUser, _ := config["grafana_user"].(string) @@ -1458,28 +1488,10 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha invalidProviderConfigError = diag.Errorf("http configuration is invalid: configuration information missing") } - var httpBearerAuth *vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth - var httpBasicAuth *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth + httpConfigError, httpBearerAuth, httpBasicAuth := validateHttpAuth(httpBasicUser, httpBasicPassword, httpBearerToken) - if httpBearerToken != "" { - httpBearerAuth = &vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth{ - Token: httpBearerToken, - } - - // only one of basic or bearer authentication should be submitted - if httpBasicUser != "" || httpBasicPassword != "" { - invalidProviderConfigError = diag.Errorf("http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both") - } - } else { - // http basic requires both the username and password to be filled - if httpBasicUser != "" && httpBasicPassword == "" || httpBasicUser == "" && httpBasicPassword != "" { - invalidProviderConfigError = diag.Errorf("http configuration is invalid: basic authentication requires username and password") - } else { - httpBasicAuth = &vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth{ - User: httpBasicUser, - Password: httpBasicPassword, - } - } + if httpConfigError != nil { + invalidProviderConfigError = httpConfigError } observabilityConfig = &vaultmodels.HashicorpCloudVault20201125ObservabilityConfig{ From b73f1b3b5e8519b370809fb98d893aefb881eeb3 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 15:28:38 -0700 Subject: [PATCH 13/19] added comment to validateHTTPAuth --- internal/providersdkv2/resource_vault_cluster.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index c8ac26cb3..a326eca03 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1332,6 +1332,7 @@ func getObservabilityConfig(propertyName string, d *schema.ResourceData) (*vault return getValidObservabilityConfig(config) } +// if http observability information is provided, this function ensures that authentication fields are valid and returns the authentication method used func validateHttpAuth(httpBasicUser string, httpBasicPassword string, httpBearerToken string) (diag.Diagnostics, *vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth, *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth) { var httpConfigError diag.Diagnostics From 4fd2cf7337567dbd34d9d3f09c114e54e5cd1504 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Thu, 2 Nov 2023 15:34:07 -0700 Subject: [PATCH 14/19] changed validateHttpAuth to validateHTTPAuth --- internal/providersdkv2/resource_vault_cluster.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index a326eca03..cbce72b62 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1333,7 +1333,7 @@ func getObservabilityConfig(propertyName string, d *schema.ResourceData) (*vault } // if http observability information is provided, this function ensures that authentication fields are valid and returns the authentication method used -func validateHttpAuth(httpBasicUser string, httpBasicPassword string, httpBearerToken string) (diag.Diagnostics, *vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth, *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth) { +func validateHTTPAuth(httpBasicUser string, httpBasicPassword string, httpBearerToken string) (diag.Diagnostics, *vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth, *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth) { var httpConfigError diag.Diagnostics // only one of basic or bearer authentication should be submitted @@ -1489,7 +1489,7 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha invalidProviderConfigError = diag.Errorf("http configuration is invalid: configuration information missing") } - httpConfigError, httpBearerAuth, httpBasicAuth := validateHttpAuth(httpBasicUser, httpBasicPassword, httpBearerToken) + httpConfigError, httpBearerAuth, httpBasicAuth := validateHTTPAuth(httpBasicUser, httpBasicPassword, httpBearerToken) if httpConfigError != nil { invalidProviderConfigError = httpConfigError From 91030052137c53153ff6b4eeec665802f4fb0d58 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Mon, 6 Nov 2023 10:32:52 -0800 Subject: [PATCH 15/19] return httpConfigError last in validateHttpAuth --- internal/providersdkv2/resource_vault_cluster.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index cbce72b62..723caf65d 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1333,11 +1333,11 @@ func getObservabilityConfig(propertyName string, d *schema.ResourceData) (*vault } // if http observability information is provided, this function ensures that authentication fields are valid and returns the authentication method used -func validateHTTPAuth(httpBasicUser string, httpBasicPassword string, httpBearerToken string) (diag.Diagnostics, *vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth, *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth) { +func validateHTTPAuth(httpBasicUser, httpBasicPassword, httpBearerToken string) (*vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth, *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth, diag.Diagnostics) { var httpConfigError diag.Diagnostics // only one of basic or bearer authentication should be submitted - if httpBearerToken != "" && httpBasicUser != "" || httpBearerToken != "" && httpBasicPassword != "" { + if httpBearerToken != "" && (httpBasicUser != "" || httpBasicPassword != "") { httpConfigError = diag.Errorf("http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both") } else if httpBasicUser != "" && httpBasicPassword == "" || httpBasicUser == "" && httpBasicPassword != "" { // http basic requires both the username and password to be filled @@ -1345,14 +1345,14 @@ func validateHTTPAuth(httpBasicUser string, httpBasicPassword string, httpBearer } if httpConfigError != nil { - return httpConfigError, nil, nil + return nil, nil, httpConfigError } if httpBearerToken != "" { httpBearerAuth := &vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth{ Token: httpBearerToken, } - return nil, httpBearerAuth, nil + return httpBearerAuth, nil, nil } httpBasicAuth := &vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth{ @@ -1360,7 +1360,7 @@ func validateHTTPAuth(httpBasicUser string, httpBasicPassword string, httpBearer Password: httpBasicPassword, } - return nil, nil, httpBasicAuth + return nil, httpBasicAuth, nil } func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.HashicorpCloudVault20201125ObservabilityConfig, diag.Diagnostics) { @@ -1489,7 +1489,7 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha invalidProviderConfigError = diag.Errorf("http configuration is invalid: configuration information missing") } - httpConfigError, httpBearerAuth, httpBasicAuth := validateHTTPAuth(httpBasicUser, httpBasicPassword, httpBearerToken) + httpBearerAuth, httpBasicAuth, httpConfigError := validateHTTPAuth(httpBasicUser, httpBasicPassword, httpBearerToken) if httpConfigError != nil { invalidProviderConfigError = httpConfigError From 492734208df8d07970ccb5400fefc85115a88567 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Tue, 7 Nov 2023 11:09:00 -0800 Subject: [PATCH 16/19] renamed missingParamError to invalidProviderConfigError from newrelic branch --- internal/providersdkv2/resource_vault_cluster.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index c5901715b..12657fadd 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1562,7 +1562,7 @@ func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.Ha } if newrelicAccountID == "" || newrelicLicenseKey == "" || newrelicRegion == "" { - missingParamErr = diag.Errorf("newrelic configuration is invalid: configuration information missing") + invalidProviderConfigError = diag.Errorf("newrelic configuration is invalid: configuration information missing") } observabilityConfig = &vaultmodels.HashicorpCloudVault20201125ObservabilityConfig{ From 143659a021bdfbd8aee45cf52eaf51341030133d Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Tue, 7 Nov 2023 11:12:31 -0800 Subject: [PATCH 17/19] Ran 'go generate' --- docs/data-sources/vault_cluster.md | 12 ++++++------ docs/resources/vault_cluster.md | 14 +++++++------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/data-sources/vault_cluster.md b/docs/data-sources/vault_cluster.md index 52a95503d..b7703dfec 100644 --- a/docs/data-sources/vault_cluster.md +++ b/docs/data-sources/vault_cluster.md @@ -81,9 +81,6 @@ Read-Only: - `elasticsearch_user` (String) ElasticSearch user for streaming audit logs - `grafana_endpoint` (String) Grafana endpoint for streaming audit logs - `grafana_user` (String) Grafana user for streaming audit logs -- `newrelic_account_id` (String) NewRelic Account ID for streaming audit logs -- `newrelic_license_key` (String) NewRelic license key for streaming audit logs -- `newrelic_region` (String) NewRelic region for streaming audit logs, allowed values are "US" and "EU" - `http_basic_password` (String) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user is also provided - `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_password is also provided - `http_bearer_token` (String) HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided @@ -94,6 +91,9 @@ Read-Only: - `http_payload_prefix` (String) HTTP payload prefix for streaming audit logs - `http_payload_suffix` (String) HTTP payload suffix for streaming audit logs - `http_uri` (String) HTTP URI for streaming audit logs +- `newrelic_account_id` (String) NewRelic Account ID for streaming audit logs +- `newrelic_license_key` (String) NewRelic license key for streaming audit logs +- `newrelic_region` (String) NewRelic region for streaming audit logs, allowed values are "US" and "EU" - `splunk_hecendpoint` (String) Splunk endpoint for streaming audit logs @@ -123,9 +123,6 @@ Read-Only: - `elasticsearch_user` (String) ElasticSearch user for streaming metrics - `grafana_endpoint` (String) Grafana endpoint for streaming metrics - `grafana_user` (String) Grafana user for streaming metrics -- `newrelic_account_id` (String) NewRelic Account ID for streaming metrics -- `newrelic_license_key` (String) NewRelic license key for streaming metrics -- `newrelic_region` (String) NewRelic region for streaming metrics, allowed values are "US" and "EU" - `http_basic_password` (String) HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user is also provided - `http_basic_user` (String) HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_password is also provided - `http_bearer_token` (String) HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided @@ -136,4 +133,7 @@ Read-Only: - `http_payload_prefix` (String) HTTP payload prefix for streaming metrics - `http_payload_suffix` (String) HTTP payload suffix for streaming metrics - `http_uri` (String) HTTP URI for streaming metrics +- `newrelic_account_id` (String) NewRelic Account ID for streaming metrics +- `newrelic_license_key` (String) NewRelic license key for streaming metrics +- `newrelic_region` (String) NewRelic region for streaming metrics, allowed values are "US" and "EU" - `splunk_hecendpoint` (String) Splunk endpoint for streaming metrics diff --git a/docs/resources/vault_cluster.md b/docs/resources/vault_cluster.md index da4668186..cbb8e1e7f 100644 --- a/docs/resources/vault_cluster.md +++ b/docs/resources/vault_cluster.md @@ -94,9 +94,6 @@ Optional: - `grafana_endpoint` (String) Grafana endpoint for streaming audit logs - `grafana_password` (String, Sensitive) Grafana password for streaming audit logs - `grafana_user` (String) Grafana user for streaming audit logs -- `newrelic_account_id` (String) NewRelic Account ID for streaming audit logs -- `newrelic_license_key` (String, Sensitive) NewRelic license key for streaming audit logs -- `newrelic_region` (String) NewRelic region for streaming audit logs, allowed values are "US" and "EU" - `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user is also provided - `http_basic_user` (String) HTTP basic authentication username for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_password is also provided - `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming audit logs, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided @@ -107,6 +104,9 @@ Optional: - `http_payload_prefix` (String) HTTP payload prefix for streaming audit logs - `http_payload_suffix` (String) HTTP payload suffix for streaming audit logs - `http_uri` (String) HTTP URI for streaming audit logs +- `newrelic_account_id` (String) NewRelic Account ID for streaming audit logs +- `newrelic_license_key` (String, Sensitive) NewRelic license key for streaming audit logs +- `newrelic_region` (String) NewRelic region for streaming audit logs, allowed values are "US" and "EU" - `splunk_hecendpoint` (String) Splunk endpoint for streaming audit logs - `splunk_token` (String, Sensitive) Splunk token for streaming audit logs @@ -146,10 +146,7 @@ Optional: - `grafana_endpoint` (String) Grafana endpoint for streaming metrics - `grafana_password` (String, Sensitive) Grafana password for streaming metrics - `grafana_user` (String) Grafana user for streaming metrics -- `newrelic_account_id` (String) NewRelic Account ID for streaming metrics -- `newrelic_license_key` (String, Sensitive) NewRelic license key for streaming metrics -- `newrelic_region` (String) NewRelic region for streaming metrics, allowed values are "US" and "EU" -- `http_basic_password` (String, Sensitive) HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user is also specified +- `http_basic_password` (String) HTTP basic authentication password for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user is also specified - `http_basic_user` (String) HTTP basic authentication username for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_password is also specified - `http_bearer_token` (String, Sensitive) HTTP bearer authentication token for streaming metrics, one of the two available authentication methods, can be specified only if http_basic_user and http_basic_password are not provided - `http_codec` (String) HTTP codec for streaming metrics, allowed values are JSON and NDJSON @@ -159,6 +156,9 @@ Optional: - `http_payload_prefix` (String) HTTP payload prefix for streaming metrics - `http_payload_suffix` (String) HTTP payload suffix for streaming metrics - `http_uri` (String) HTTP URI for streaming metrics +- `newrelic_account_id` (String) NewRelic Account ID for streaming metrics +- `newrelic_license_key` (String, Sensitive) NewRelic license key for streaming metrics +- `newrelic_region` (String) NewRelic region for streaming metrics, allowed values are "US" and "EU" - `splunk_hecendpoint` (String) Splunk endpoint for streaming metrics - `splunk_token` (String, Sensitive) Splunk token for streaming metrics From 4538814462571443b8706cedbc0e51b19417c5cf Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Tue, 7 Nov 2023 11:13:46 -0800 Subject: [PATCH 18/19] removed httpConfigError from validateHTTPAuth function --- internal/providersdkv2/resource_vault_cluster.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index 12657fadd..373a0a19e 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1381,18 +1381,12 @@ func getObservabilityConfig(propertyName string, d *schema.ResourceData) (*vault // if http observability information is provided, this function ensures that authentication fields are valid and returns the authentication method used func validateHTTPAuth(httpBasicUser, httpBasicPassword, httpBearerToken string) (*vaultmodels.HashicorpCloudVault20201125HTTPBearerAuth, *vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth, diag.Diagnostics) { - var httpConfigError diag.Diagnostics - // only one of basic or bearer authentication should be submitted if httpBearerToken != "" && (httpBasicUser != "" || httpBasicPassword != "") { - httpConfigError = diag.Errorf("http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both") + return nil, nil, diag.Errorf("http configuration is invalid: either the basic or bearer authentication method can be submitted, but not both") } else if httpBasicUser != "" && httpBasicPassword == "" || httpBasicUser == "" && httpBasicPassword != "" { // http basic requires both the username and password to be filled - httpConfigError = diag.Errorf("http configuration is invalid: basic authentication requires username and password") - } - - if httpConfigError != nil { - return nil, nil, httpConfigError + return nil, nil, diag.Errorf("http configuration is invalid: basic authentication requires username and password") } if httpBearerToken != "" { From 6fadcacd822bca53ea36f701f52e2d2260b745c8 Mon Sep 17 00:00:00 2001 From: Jaired Jawed Date: Tue, 7 Nov 2023 11:28:15 -0800 Subject: [PATCH 19/19] Made sure that httpBasicAuth is only set when the user provides authentication --- internal/providersdkv2/resource_vault_cluster.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index 373a0a19e..2152a30f7 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1396,12 +1396,16 @@ func validateHTTPAuth(httpBasicUser, httpBasicPassword, httpBearerToken string) return httpBearerAuth, nil, nil } - httpBasicAuth := &vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth{ - User: httpBasicUser, - Password: httpBasicPassword, + if httpBasicUser != "" && httpBasicPassword != "" { + httpBasicAuth := &vaultmodels.HashicorpCloudVault20201125HTTPBasicAuth{ + User: httpBasicUser, + Password: httpBasicPassword, + } + + return nil, httpBasicAuth, nil } - return nil, httpBasicAuth, nil + return nil, nil, nil } func getValidObservabilityConfig(config map[string]interface{}) (*vaultmodels.HashicorpCloudVault20201125ObservabilityConfig, diag.Diagnostics) {