Finished the read implementation for vault generic secret

This commit is contained in:
Gerrit Tamboer 2017-02-08 13:08:39 +01:00
parent 86aea6b094
commit c7eee62b7b
1 changed files with 32 additions and 13 deletions

View File

@ -35,14 +35,8 @@ func genericSecretResource() *schema.Resource {
// string. This makes terraform not want to change when an extra // string. This makes terraform not want to change when an extra
// space is included in the JSON string. It is also necesarry // space is included in the JSON string. It is also necesarry
// when allow_read is true for comparing values. // when allow_read is true for comparing values.
StateFunc: func(v interface{}) string { StateFunc: NormalizeDataJSON,
var dat map[string]interface{} ValidateFunc: ValidateDataJSON,
if err := json.Unmarshal([]byte(v.(string)), &dat); err != nil {
return fmt.Errorf("data_json %#v syntax error: %s", v.(string), err)
}
jsonDataBytes, _ := json.Marshal(dat)
return string(jsonDataBytes)
},
}, },
"allow_read": &schema.Schema{ "allow_read": &schema.Schema{
@ -55,6 +49,35 @@ func genericSecretResource() *schema.Resource {
} }
} }
func ValidateDataJSON(configI interface{}, k string) ([]string, []error) {
dataJSON := configI.(string)
dataMap := map[string]interface{}{}
err := json.Unmarshal([]byte(dataJSON), &dataMap)
if err != nil {
return nil, []error{err}
}
return nil, nil
}
func NormalizeDataJSON(configI interface{}) string {
dataJSON := configI.(string)
dataMap := map[string]interface{}{}
err := json.Unmarshal([]byte(dataJSON), &dataMap)
if err != nil {
// The validate function should've taken care of this.
return ""
}
ret, err := json.Marshal(dataMap)
if err != nil {
// Should never happen.
return dataJSON
}
return string(ret)
}
func genericSecretResourceWrite(d *schema.ResourceData, meta interface{}) error { func genericSecretResourceWrite(d *schema.ResourceData, meta interface{}) error {
client := meta.(*api.Client) client := meta.(*api.Client)
@ -93,10 +116,9 @@ func genericSecretResourceDelete(d *schema.ResourceData, meta interface{}) error
func genericSecretResourceRead(d *schema.ResourceData, meta interface{}) error { func genericSecretResourceRead(d *schema.ResourceData, meta interface{}) error {
allowed_to_read := d.Get("allow_read").(bool) allowed_to_read := d.Get("allow_read").(bool)
if allowed_to_read {
path := d.Get("path").(string) path := d.Get("path").(string)
if allowed_to_read {
client := meta.(*api.Client) client := meta.(*api.Client)
log.Printf("[DEBUG] Reading %s from Vault", path) log.Printf("[DEBUG] Reading %s from Vault", path)
@ -105,15 +127,12 @@ func genericSecretResourceRead(d *schema.ResourceData, meta interface{}) error {
return fmt.Errorf("error reading from Vault: %s", err) return fmt.Errorf("error reading from Vault: %s", err)
} }
d.SetId(path)
// Ignoring error because this value came from JSON in the // Ignoring error because this value came from JSON in the
// first place so no reason why it should fail to re-encode. // first place so no reason why it should fail to re-encode.
jsonDataBytes, _ := json.Marshal(secret.Data) jsonDataBytes, _ := json.Marshal(secret.Data)
d.Set("data_json", string(jsonDataBytes)) d.Set("data_json", string(jsonDataBytes))
} }
path := d.Get("path").(string)
d.SetId(path) d.SetId(path)
return nil return nil