Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tls_ca configuration option to MongoDb #989

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 68 additions & 3 deletions vault/resource_database_secret_backend_connection.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ func databaseSecretBackendConnectionResource() *schema.Resource {
Type: schema.TypeList,
Optional: true,
Description: "Connection parameters for the mongodb-database-plugin plugin.",
Elem: connectionStringResource(),
Elem: mongoDbConnectionStringResource(),
MaxItems: 1,
ConflictsWith: util.CalculateConflictsWith("mongodb", dbBackendTypes),
},
Expand Down Expand Up @@ -315,6 +315,16 @@ func connectionStringResource() *schema.Resource {
}
}

func mongoDbConnectionStringResource() *schema.Resource {
r := connectionStringResource()
r.Schema["tls_ca"] = &schema.Schema{
Type: schema.TypeString,
Optional: true,
Description: "x509 CA file for validating the certificate presented by the MongoDB server. Must be PEM encoded.",
}
return r
}

func getDatabasePluginName(d *schema.ResourceData) (string, error) {
switch {
case len(d.Get("cassandra").([]interface{})) > 0:
Expand Down Expand Up @@ -398,7 +408,7 @@ func getDatabaseAPIData(d *schema.ResourceData) (map[string]interface{}, error)
case "hana-database-plugin":
setDatabaseConnectionData(d, "hana.0.", data)
case "mongodb-database-plugin":
setDatabaseConnectionData(d, "mongodb.0.", data)
setMongoDbDatabaseConnectionData(d, "mongodb.0.", data)
case "mongodbatlas-database-plugin":
if v, ok := d.GetOk("mongodbatlas.0.public_key"); ok {
data["public_key"] = v.(string)
Expand Down Expand Up @@ -471,6 +481,54 @@ func getConnectionDetailsFromResponse(d *schema.ResourceData, prefix string, res
return []map[string]interface{}{result}
}

func getMongoDbConnectionDetailsFromResponse(d *schema.ResourceData, prefix string, resp *api.Secret) []map[string]interface{} {
details := resp.Data["connection_details"]
data, ok := details.(map[string]interface{})
if !ok {
return nil
}
result := map[string]interface{}{}
if v, ok := d.GetOk(prefix + "connection_url"); ok {
result["connection_url"] = v.(string)
} else {
if v, ok := data["connection_url"]; ok {
result["connection_url"] = v.(string)
}
}
if v, ok := data["max_open_connections"]; ok {
n, err := v.(json.Number).Int64()
if err != nil {
log.Printf("[WARN] Non-number %s returned from Vault server: %s", v, err)
} else {
result["max_open_connections"] = n
}
}
if v, ok := data["max_idle_connections"]; ok {
n, err := v.(json.Number).Int64()
if err != nil {
log.Printf("[WARN] Non-number %s returned from Vault server: %s", v, err)
} else {
result["max_idle_connections"] = n
}
}
if v, ok := data["max_connection_lifetime"]; ok {
n, err := time.ParseDuration(v.(string))
if err != nil {
log.Printf("[WARN] Non-number %s returned from Vault server: %s", v, err)
} else {
result["max_connection_lifetime"] = n.Seconds()
}
}
if v, ok := d.GetOk(prefix + "tls_ca"); ok {
result["tls_ca"] = v.(string)
} else {
if v, ok := data["tls_ca"]; ok {
result["tls_ca"] = v.(string)
}
}
return []map[string]interface{}{result}
}

func getElasticsearchConnectionDetailsFromResponse(d *schema.ResourceData, prefix string, resp *api.Secret) []map[string]interface{} {
details := resp.Data["connection_details"]
data, ok := details.(map[string]interface{})
Expand Down Expand Up @@ -514,6 +572,13 @@ func setDatabaseConnectionData(d *schema.ResourceData, prefix string, data map[s
}
}

func setMongoDbDatabaseConnectionData(d *schema.ResourceData, prefix string, data map[string]interface{}) {
setDatabaseConnectionData(d, prefix, data)
if v, ok := d.GetOkExists(prefix + "tls_ca"); ok {
data["tls_ca"] = v.(string)
}
}

func setElasticsearchDatabaseConnectionData(d *schema.ResourceData, prefix string, data map[string]interface{}) {
if v, ok := d.GetOk(prefix + "url"); ok {
data["url"] = v.(string)
Expand Down Expand Up @@ -663,7 +728,7 @@ func databaseSecretBackendConnectionRead(d *schema.ResourceData, meta interface{
case "hana-database-plugin":
d.Set("hana", getConnectionDetailsFromResponse(d, "hana.0.", resp))
case "mongodb-database-plugin":
d.Set("mongodb", getConnectionDetailsFromResponse(d, "mongodb.0.", resp))
d.Set("mongodb", getMongoDbConnectionDetailsFromResponse(d, "mongodb.0.", resp))
case "mongodbatlas-database-plugin":
details := resp.Data["connection_details"]
data, ok := details.(map[string]interface{})
Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/database_secret_backend_connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ Exactly one of the nested blocks of configuration options must be supplied.
docs](https://www.vaultproject.io/api-docs/secret/databases/mongodb.html#sample-payload)
for an example.

* `tls_ca` - (Optional) x509 CA file for validating the certificate presented by the MongoDB server. Must be PEM encoded.

### MongoDB Atlas Configuration Options

Expand All @@ -123,7 +124,6 @@ Exactly one of the nested blocks of configuration options must be supplied.

* `project_id` - (Required) The Project ID the Database User should be created within.


### SAP HanaDB Configuration Options

* `connection_url` - (Required) A URL containing connection information. See
Expand Down