github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/vault/data_source_generic_secret.go

github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/vault/data_source_generic_secret.go (about)

     1  package vault
     2  
     3  import (
     4  	"encoding/json"
     5  	"fmt"
     6  	"log"
     7  	"time"
     8  
     9  	"github.com/hashicorp/terraform/helper/schema"
    10  
    11  	"github.com/hashicorp/vault/api"
    12  )
    13  
    14  func genericSecretDataSource() *schema.Resource {
    15  	return &schema.Resource{
    16  		Read: genericSecretDataSourceRead,
    17  
    18  		Schema: map[string]*schema.Schema{
    19  			"path": &schema.Schema{
    20  				Type:        schema.TypeString,
    21  				Required:    true,
    22  				Description: "Full path from which a secret will be read.",
    23  			},
    24  
    25  			"data_json": &schema.Schema{
    26  				Type:        schema.TypeString,
    27  				Computed:    true,
    28  				Description: "JSON-encoded secret data read from Vault.",
    29  			},
    30  
    31  			"data": &schema.Schema{
    32  				Type:        schema.TypeMap,
    33  				Computed:    true,
    34  				Description: "Map of strings read from Vault.",
    35  			},
    36  
    37  			"lease_id": &schema.Schema{
    38  				Type:        schema.TypeString,
    39  				Computed:    true,
    40  				Description: "Lease identifier assigned by vault.",
    41  			},
    42  
    43  			"lease_duration": &schema.Schema{
    44  				Type:        schema.TypeInt,
    45  				Computed:    true,
    46  				Description: "Lease duration in seconds relative to the time in lease_start_time.",
    47  			},
    48  
    49  			"lease_start_time": &schema.Schema{
    50  				Type:        schema.TypeString,
    51  				Computed:    true,
    52  				Description: "Time at which the lease was read, using the clock of the system where Terraform was running",
    53  			},
    54  
    55  			"lease_renewable": &schema.Schema{
    56  				Type:        schema.TypeBool,
    57  				Computed:    true,
    58  				Description: "True if the duration of this lease can be extended through renewal.",
    59  			},
    60  		},
    61  	}
    62  }
    63  
    64  func genericSecretDataSourceRead(d *schema.ResourceData, meta interface{}) error {
    65  	client := meta.(*api.Client)
    66  
    67  	path := d.Get("path").(string)
    68  
    69  	log.Printf("[DEBUG] Reading %s from Vault", path)
    70  	secret, err := client.Logical().Read(path)
    71  	if err != nil {
    72  		return fmt.Errorf("error reading from Vault: %s", err)
    73  	}
    74  
    75  	d.SetId(secret.RequestID)
    76  
    77  	// Ignoring error because this value came from JSON in the
    78  	// first place so no reason why it should fail to re-encode.
    79  	jsonDataBytes, _ := json.Marshal(secret.Data)
    80  	d.Set("data_json", string(jsonDataBytes))
    81  
    82  	// Since our "data" map can only contain string values, we
    83  	// will take strings from Data and write them in as-is,
    84  	// and write everything else in as a JSON serialization of
    85  	// whatever value we get so that complex types can be
    86  	// passed around and processed elsewhere if desired.
    87  	dataMap := map[string]string{}
    88  	for k, v := range secret.Data {
    89  		if vs, ok := v.(string); ok {
    90  			dataMap[k] = vs
    91  		} else {
    92  			// Again ignoring error because we know this value
    93  			// came from JSON in the first place and so must be valid.
    94  			vBytes, _ := json.Marshal(v)
    95  			dataMap[k] = string(vBytes)
    96  		}
    97  	}
    98  	d.Set("data", dataMap)
    99  
   100  	d.Set("lease_id", secret.LeaseID)
   101  	d.Set("lease_duration", secret.LeaseDuration)
   102  	d.Set("lease_start_time", time.Now().Format("RFC3339"))
   103  	d.Set("lease_renewable", secret.Renewable)
   104  
   105  	return nil
   106  }