Merge pull request #1 from terraform-providers/master

merge upstream into fork

.travis.yml

@@ -1,39 +1,35 @@
 dist: trusty
 sudo: required
 services:
-  - docker
+- docker
 go_import_path: github.com/terraform-providers/terraform-provider-vault
 language: go
 go:
-  - 1.11
-
+- 1.11
 install:
-  # This script is used by the Travis build to install a cookie for
-  # go.googlesource.com so rate limits are higher when using `go get` to fetch
-  # packages that live there.
-  # See: https://github.com/golang/go/issues/12933
-  - bash scripts/gogetcookie.sh
-  - go get github.com/kardianos/govendor
-
+- bash scripts/gogetcookie.sh
+- go get github.com/kardianos/govendor
 script:
-  - docker-compose up -d
-  - |
-    until $(curl --output /dev/null --silent --head --fail http://localhost:8200)
-    do
-        printf '.'
-        sleep 1
-    done
-  - source .test-env
-  - make test
-  - make testacc
-  - make vendor-status
-  - make vet
-  - make website-test
-
+- docker-compose up -d
+- |
+  until $(curl --output /dev/null --silent --head --fail http://localhost:8200)
+  do
+      printf '.'
+      sleep 1
+  done
+- source .test-env
+- make test
+- make testacc
+- make vendor-status
+- make vet
+- make website-test
 branches:
   only:
-    - master
-  matrix:
-    fast_finish: true
-    allow_failures:
-      - go: tip
+  - master
+matrix:
+  fast_finish: true
+  allow_failures:
+  - go: tip
+notifications:
+  slack:
+    secure: 3HTR1F2l3Gf+lZgI0p3XYNlu20oZCjK/Q2esv3eFRZe/0l7suuHSovWADGMXflWNGEQe2pHeLpQEELl142bZ2FjYMkZQn2RXfWEuwTOyjMQdlNRzsh0Tm4XiPJqWMYr0NL0cNNXbePQSV+ap3Me8XB6ret5+mkDJGSlI0cStzmmt6pJiVdZ3kq8iu2CnqR11pEgC+v2plGF8OEEca1ixOJF5bRQ2fBQbl6KA81TvE25t1qM5brdT3NzNqZMLtUcHOFoQgsS5Ot5ymQL1HJGatMABAgwmNyUsCcMaBOsdf1qfCAwHC8q8Vpt4RORxY5Rrc0kuWLgKrblHVmJ3uzq+U/XM7rAY3eVKgFm+ZFfyLHQ0Yowpe1jTPGCM3RYVnaDZukf7J39w+958B4xl7NYcK6Sux9q4U1f7k/OTXRHyYmmHSvlZPXjq6+65BEaAEXisy2HvNVqflcXv0n6WqAKwT5vp+xZdd/dc06nCROysc0M9duSm19VOkjIfHlXQLcXlc36tp48S1v8PMNVO2P2Bwh06rRFtPhWXYPYXzeN8g+Fv9dLeHaBj3kEbbtDTsMIYu5cyofQDiphQDCH4/Z/1rjbLhXAVuL/bk8XNwxPsVW90Jh4aZN4B1+tZIT2io3IsxlqUcPvXqtin8B4uVc7850VQSEgK/3HJrPZZrhXmxl0=

GNUmakefile

@@ -26,7 +26,7 @@ vet:
 	fi
 
 fmt:
-	gofmt -w $(GOFMT_FILES)
+	gofmt -s -w $(GOFMT_FILES)
 
 fmtcheck:
 	@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"

scripts/gofmtcheck.sh

@@ -2,7 +2,7 @@
 
 # Check gofmt
 echo "==> Checking that code complies with gofmt requirements..."
-gofmt_files=$(gofmt -l `find . -name '*.go' | grep -v vendor`)
+gofmt_files=$(gofmt -s -l `find . -name '*.go' | grep -v vendor`)
 if [[ -n ${gofmt_files} ]]; then
     echo 'gofmt needs running on the following files:'
     echo "${gofmt_files}"

vault/provider.go

@@ -110,6 +110,7 @@ func Provider() terraform.ResourceProvider {
 			"vault_consul_secret_backend":               consulSecretBackendResource(),
 			"vault_database_secret_backend_connection":  databaseSecretBackendConnectionResource(),
 			"vault_database_secret_backend_role":        databaseSecretBackendRoleResource(),
+			"vault_gcp_auth_backend":                    gcpAuthBackendResource(),
 			"vault_gcp_auth_backend_role":               gcpAuthBackendRoleResource(),
 			"vault_gcp_secret_backend":                  gcpSecretBackendResource(),
 			"vault_cert_auth_backend_role":              certAuthBackendRoleResource(),

vault/resource_auth_backend.go

@@ -55,7 +55,7 @@ func authBackendResource() *schema.Resource {
 				Description: "The description of the auth backend",
 			},
 
-			"accessor": &schema.Schema{
+			"accessor": {
 				Type:        schema.TypeString,
 				Computed:    true,
 				Description: "The accessor of the auth backend",

vault/resource_gcp_auth_backend.go

@@ -0,0 +1,196 @@
+package vault
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/vault/api"
+)
+
+const gcpAuthType string = "gcp"
+
+func gcpAuthBackendResource() *schema.Resource {
+	return &schema.Resource{
+
+		Create: gcpAuthBackendWrite,
+		Update: gcpAuthBackendUpdate,
+		Read:   gcpAuthBackendRead,
+		Delete: gcpAuthBackendDelete,
+		Exists: gcpAuthBackendExists,
+
+		Schema: map[string]*schema.Schema{
+			"credentials": {
+				Type:         schema.TypeString,
+				Required:     true,
+				StateFunc:    NormalizeCredentials,
+				ValidateFunc: ValidateCredentials,
+				Sensitive:    true,
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"client_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"private_key_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"project_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"client_email": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"path": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Default:  "gcp",
+				StateFunc: func(v interface{}) string {
+					return strings.Trim(v.(string), "/")
+				},
+			},
+		},
+	}
+}
+
+func ValidateCredentials(configI interface{}, k string) ([]string, []error) {
+	credentials := configI.(string)
+	dataMap := map[string]interface{}{}
+	err := json.Unmarshal([]byte(credentials), &dataMap)
+	if err != nil {
+		return nil, []error{err}
+	}
+	return nil, nil
+}
+
+func NormalizeCredentials(configI interface{}) string {
+	credentials := configI.(string)
+
+	dataMap := map[string]interface{}{}
+	err := json.Unmarshal([]byte(credentials), &dataMap)
+	if err != nil {
+		// The validate function should've taken care of this.
+		log.Printf("[ERROR] Invalid JSON data in vault_gcp_auth_backend: %s", err)
+		return ""
+	}
+
+	ret, err := json.Marshal(dataMap)
+	if err != nil {
+		// Should never happen.
+		log.Printf("[ERROR] Problem normalizing JSON for vault_gcp_auth_backend: %s", err)
+		return credentials
+	}
+
+	return string(ret)
+}
+
+func gcpAuthBackendConfigPath(path string) string {
+	return "auth/" + strings.Trim(path, "/") + "/config"
+}
+
+func gcpAuthBackendWrite(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*api.Client)
+
+	authType := gcpAuthType
+	path := d.Get("path").(string)
+	desc := d.Get("description").(string)
+
+	log.Printf("[DEBUG] Enabling gcp auth backend %q", path)
+	err := client.Sys().EnableAuth(path, authType, desc)
+	if err != nil {
+		return fmt.Errorf("error enabling gcp auth backend %q: %s", path, err)
+	}
+	log.Printf("[DEBUG] Enabled gcp auth backend %q", path)
+
+	d.SetId(path)
+
+	return gcpAuthBackendUpdate(d, meta)
+}
+
+func gcpAuthBackendUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*api.Client)
+
+	path := gcpAuthBackendConfigPath(d.Id())
+	data := map[string]interface{}{}
+
+	if v, ok := d.GetOk("credentials"); ok {
+		data["credentials"] = v.(string)
+	}
+
+	log.Printf("[DEBUG] Writing gcp config %q", path)
+	_, err := client.Logical().Write(path, data)
+
+	if err != nil {
+		d.SetId("")
+		return fmt.Errorf("error writing gcp config %q: %s", path, err)
+	}
+	log.Printf("[DEBUG] Wrote gcp config %q", path)
+
+	return gcpAuthBackendRead(d, meta)
+}
+
+func gcpAuthBackendRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*api.Client)
+	path := gcpAuthBackendConfigPath(d.Id())
+
+	log.Printf("[DEBUG] Reading gcp auth backend config %q", path)
+	resp, err := client.Logical().Read(path)
+	if err != nil {
+		return fmt.Errorf("error reading gcp auth backend config %q: %s", path, err)
+	}
+	log.Printf("[DEBUG] Read gcp auth backend config %q", path)
+
+	if resp == nil {
+		log.Printf("[WARN] gcp auth backend config %q not found, removing from state", path)
+		d.SetId("")
+		return nil
+	}
+
+	d.Set("private_key_id", resp.Data["private_key_id"])
+	d.Set("client_id", resp.Data["client_id"])
+	d.Set("project_id", resp.Data["project_id"])
+	d.Set("client_email", resp.Data["client_email"])
+
+	return nil
+}
+
+func gcpAuthBackendDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*api.Client)
+	path := d.Id()
+
+	log.Printf("[DEBUG] Deleting gcp auth backend %q", path)
+	err := client.Sys().DisableAuth(path)
+	if err != nil {
+		return fmt.Errorf("error deleting gcp auth backend %q: %q", path, err)
+	}
+	log.Printf("[DEBUG] Deleted gcp auth backend %q", path)
+
+	return nil
+}
+
+func gcpAuthBackendExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	client := meta.(*api.Client)
+	path := gcpAuthBackendConfigPath(d.Id())
+
+	log.Printf("[DEBUG] Checking if gcp auth backend %q exists", path)
+	resp, err := client.Logical().Read(path)
+	if err != nil {
+		return true, fmt.Errorf("error checking for existence of gcp config %q: %s", path, err)
+	}
+	log.Printf("[DEBUG] Checked if gcp auth backend %q exists", path)
+
+	return resp != nil, nil
+}

vault/resource_gcp_auth_backend_role.go

@@ -58,47 +58,47 @@ func gcpAuthBackendRoleResource() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
-			"bound_service_accounts": &schema.Schema{
+			"bound_service_accounts": {
 				Type: schema.TypeSet,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
 				Optional: true,
 				Computed: true,
 			},
-			"bound_zones": &schema.Schema{
+			"bound_zones": {
 				Type: schema.TypeSet,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
 				Optional: true,
 				Computed: true,
 			},
-			"bound_regions": &schema.Schema{
+			"bound_regions": {
 				Type: schema.TypeSet,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
 				Optional: true,
 				Computed: true,
 			},
-			"bound_instance_groups": &schema.Schema{
+			"bound_instance_groups": {
 				Type: schema.TypeSet,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
 				Optional: true,
 				Computed: true,
 			},
-			"bound_labels": &schema.Schema{
+			"bound_labels": {
 				Type: schema.TypeSet,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
 				Optional: true,
 				Computed: true,
 			},
-			"backend": &schema.Schema{
+			"backend": {
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,