github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/builtin/providers/vault/resource_auth_backend.go (about) 1 package vault 2 3 import ( 4 "errors" 5 "fmt" 6 "log" 7 "strings" 8 9 "github.com/hashicorp/terraform/helper/schema" 10 "github.com/hashicorp/vault/api" 11 ) 12 13 func authBackendResource() *schema.Resource { 14 return &schema.Resource{ 15 Create: authBackendWrite, 16 Delete: authBackendDelete, 17 Read: authBackendRead, 18 19 Schema: map[string]*schema.Schema{ 20 "type": &schema.Schema{ 21 Type: schema.TypeString, 22 Required: true, 23 ForceNew: true, 24 Description: "Name of the auth backend", 25 }, 26 27 "path": &schema.Schema{ 28 Type: schema.TypeString, 29 Optional: true, 30 Computed: true, 31 ForceNew: true, 32 Description: "path to mount the backend. This defaults to the type.", 33 ValidateFunc: func(v interface{}, k string) (ws []string, errs []error) { 34 value := v.(string) 35 if strings.HasSuffix(value, "/") { 36 errs = append(errs, errors.New("cannot write to a path ending in '/'")) 37 } 38 return 39 }, 40 }, 41 42 "description": &schema.Schema{ 43 Type: schema.TypeString, 44 ForceNew: true, 45 Optional: true, 46 Description: "The description of the auth backend", 47 }, 48 }, 49 } 50 } 51 52 func authBackendWrite(d *schema.ResourceData, meta interface{}) error { 53 client := meta.(*api.Client) 54 55 name := d.Get("type").(string) 56 desc := d.Get("description").(string) 57 path := d.Get("path").(string) 58 59 log.Printf("[DEBUG] Writing auth %s to Vault", name) 60 61 var err error 62 63 if path == "" { 64 path = name 65 err = d.Set("path", name) 66 if err != nil { 67 return fmt.Errorf("unable to set state: %s", err) 68 } 69 } 70 71 err = client.Sys().EnableAuth(path, name, desc) 72 73 if err != nil { 74 return fmt.Errorf("error writing to Vault: %s", err) 75 } 76 77 d.SetId(name) 78 79 return nil 80 } 81 82 func authBackendDelete(d *schema.ResourceData, meta interface{}) error { 83 client := meta.(*api.Client) 84 85 name := d.Id() 86 87 log.Printf("[DEBUG] Deleting auth %s from Vault", name) 88 89 err := client.Sys().DisableAuth(name) 90 91 if err != nil { 92 return fmt.Errorf("error disabling auth from Vault: %s", err) 93 } 94 95 return nil 96 } 97 98 func authBackendRead(d *schema.ResourceData, meta interface{}) error { 99 client := meta.(*api.Client) 100 101 name := d.Id() 102 103 auths, err := client.Sys().ListAuth() 104 105 if err != nil { 106 return fmt.Errorf("error reading from Vault: %s", err) 107 } 108 109 for path, auth := range auths { 110 configuredPath := d.Get("path").(string) 111 112 vaultPath := configuredPath + "/" 113 if auth.Type == name && path == vaultPath { 114 return nil 115 } 116 } 117 118 // If we fell out here then we didn't find our Auth in the list. 119 d.SetId("") 120 return nil 121 }