github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/builtin/providers/vault/resource_auth_backend.go

github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/builtin/providers/vault/resource_auth_backend.go (about)

     1  package vault
     2  
     3  import (
     4  	"errors"
     5  	"fmt"
     6  	"log"
     7  	"strings"
     8  
     9  	"github.com/hashicorp/terraform/helper/schema"
    10  	"github.com/hashicorp/vault/api"
    11  )
    12  
    13  func authBackendResource() *schema.Resource {
    14  	return &schema.Resource{
    15  		Create: authBackendWrite,
    16  		Delete: authBackendDelete,
    17  		Read:   authBackendRead,
    18  
    19  		Schema: map[string]*schema.Schema{
    20  			"type": &schema.Schema{
    21  				Type:        schema.TypeString,
    22  				Required:    true,
    23  				ForceNew:    true,
    24  				Description: "Name of the auth backend",
    25  			},
    26  
    27  			"path": &schema.Schema{
    28  				Type:        schema.TypeString,
    29  				Optional:    true,
    30  				Computed:    true,
    31  				ForceNew:    true,
    32  				Description: "path to mount the backend. This defaults to the type.",
    33  				ValidateFunc: func(v interface{}, k string) (ws []string, errs []error) {
    34  					value := v.(string)
    35  					if strings.HasSuffix(value, "/") {
    36  						errs = append(errs, errors.New("cannot write to a path ending in '/'"))
    37  					}
    38  					return
    39  				},
    40  			},
    41  
    42  			"description": &schema.Schema{
    43  				Type:        schema.TypeString,
    44  				ForceNew:    true,
    45  				Optional:    true,
    46  				Description: "The description of the auth backend",
    47  			},
    48  		},
    49  	}
    50  }
    51  
    52  func authBackendWrite(d *schema.ResourceData, meta interface{}) error {
    53  	client := meta.(*api.Client)
    54  
    55  	name := d.Get("type").(string)
    56  	desc := d.Get("description").(string)
    57  	path := d.Get("path").(string)
    58  
    59  	log.Printf("[DEBUG] Writing auth %s to Vault", name)
    60  
    61  	var err error
    62  
    63  	if path == "" {
    64  		path = name
    65  		err = d.Set("path", name)
    66  		if err != nil {
    67  			return fmt.Errorf("unable to set state: %s", err)
    68  		}
    69  	}
    70  
    71  	err = client.Sys().EnableAuth(path, name, desc)
    72  
    73  	if err != nil {
    74  		return fmt.Errorf("error writing to Vault: %s", err)
    75  	}
    76  
    77  	d.SetId(name)
    78  
    79  	return nil
    80  }
    81  
    82  func authBackendDelete(d *schema.ResourceData, meta interface{}) error {
    83  	client := meta.(*api.Client)
    84  
    85  	name := d.Id()
    86  
    87  	log.Printf("[DEBUG] Deleting auth %s from Vault", name)
    88  
    89  	err := client.Sys().DisableAuth(name)
    90  
    91  	if err != nil {
    92  		return fmt.Errorf("error disabling auth from Vault: %s", err)
    93  	}
    94  
    95  	return nil
    96  }
    97  
    98  func authBackendRead(d *schema.ResourceData, meta interface{}) error {
    99  	client := meta.(*api.Client)
   100  
   101  	name := d.Id()
   102  
   103  	auths, err := client.Sys().ListAuth()
   104  
   105  	if err != nil {
   106  		return fmt.Errorf("error reading from Vault: %s", err)
   107  	}
   108  
   109  	for path, auth := range auths {
   110  		configuredPath := d.Get("path").(string)
   111  
   112  		vaultPath := configuredPath + "/"
   113  		if auth.Type == name && path == vaultPath {
   114  			return nil
   115  		}
   116  	}
   117  
   118  	// If we fell out here then we didn't find our Auth in the list.
   119  	d.SetId("")
   120  	return nil
   121  }