Skip to content

Commit

Permalink
API Management: ensuring a Key Vault Child ID is passed (#2189)
Browse files Browse the repository at this point in the history
* refactor: Key Vault Child -> Azure package

* Adding validation for a Key Vault Child ID

```
=== RUN   TestAccAzureRMValidateKeyVaultChildID
--- PASS: TestAccAzureRMValidateKeyVaultChildID (0.00s)
PASS
```
  • Loading branch information
tombuildsstuff authored Oct 31, 2018
1 parent 206ff8a commit 46eadc3
Show file tree
Hide file tree
Showing 8 changed files with 124 additions and 44 deletions.
3 changes: 2 additions & 1 deletion azurerm/data_source_key_vault_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"fmt"

"github.com/hashicorp/terraform/helper/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand Down Expand Up @@ -62,7 +63,7 @@ func dataSourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) e
}

// the version may have changed, so parse the updated id
respID, err := parseKeyVaultChildID(*resp.ID)
respID, err := azure.ParseKeyVaultChildID(*resp.ID)
if err != nil {
return err
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,21 @@
package azurerm
package azure

import (
"fmt"
"net/url"
"regexp"
"strings"

"github.com/hashicorp/terraform/helper/validation"
)

func parseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
type KeyVaultChildID struct {
KeyVaultBaseUrl string
Name string
Version string
}

func ParseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
// example: https://tharvey-keyvault.vault.azure.net/type/bird/fdf067c93bbb4b22bff4d8b7a9a56217
idURL, err := url.ParseRequestURI(id)
if err != nil {
Expand All @@ -34,13 +42,7 @@ func parseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
return &childId, nil
}

type KeyVaultChildID struct {
KeyVaultBaseUrl string
Name string
Version string
}

func validateKeyVaultChildName(v interface{}, k string) (ws []string, es []error) {
func ValidateKeyVaultChildName(v interface{}, k string) (ws []string, es []error) {
value := v.(string)

if matched := regexp.MustCompile(`^[0-9a-zA-Z-]+$`).Match([]byte(value)); !matched {
Expand All @@ -49,3 +51,25 @@ func validateKeyVaultChildName(v interface{}, k string) (ws []string, es []error

return ws, es
}

// Unfortunately this can't (easily) go in the Validate package
// since there's a circular reference on this package
func ValidateKeyVaultChildId(i interface{}, k string) (s []string, es []error) {
if s, es = validation.NoZeroValues(i, k); len(es) > 0 {
return s, es
}

v, ok := i.(string)
if !ok {
es = append(es, fmt.Errorf("Expected %s to be a string!", k))
return s, es
}

_, err := ParseKeyVaultChildID(v)
if err != nil {
es = append(es, fmt.Errorf("Error parsing Key Vault Child ID: %s", err))
return s, es
}

return s, es
}
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
package azurerm
package azure

import "testing"

func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
func TestAccAzureRMValidateKeyVaultChildID(t *testing.T) {
cases := []struct {
Input string
ExpectError bool
Expand All @@ -12,42 +12,45 @@ func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
ExpectError: true,
},
{
Input: "hello",
ExpectError: false,
Input: "https://my-keyvault.vault.azure.net/secrets",
ExpectError: true,
},
{
Input: "hello-world",
ExpectError: false,
Input: "https://my-keyvault.vault.azure.net/secrets/bird",
ExpectError: true,
},
{
Input: "hello-world-21",
Input: "https://my-keyvault.vault.azure.net/secrets/bird/fdf067c93bbb4b22bff4d8b7a9a56217",
ExpectError: false,
},
{
Input: "hello_world_21",
ExpectError: true,
},
{
Input: "Hello-World",
Input: "https://my-keyvault.vault.azure.net/certificates/hello/world",
ExpectError: false,
},
{
Input: "20202020",
Input: "https://my-keyvault.vault.azure.net/keys/castle/1492",
ExpectError: false,
},
{
Input: "ABC123!@£",
Input: "https://my-keyvault.vault.azure.net/secrets/bird/fdf067c93bbb4b22bff4d8b7a9a56217/XXX",
ExpectError: true,
},
}

for _, tc := range cases {
_, errors := validateKeyVaultChildName(tc.Input, "")
warnings, err := ValidateKeyVaultChildId(tc.Input, "example")
if err != nil {
if !tc.ExpectError {
t.Fatalf("Got error for input %q: %+v", tc.Input, err)
}

hasError := len(errors) > 0
return
}

if tc.ExpectError && !hasError {
t.Fatalf("Expected the Key Vault Child Name to trigger a validation error for '%s'", tc.Input)
if tc.ExpectError && len(warnings) == 0 {
t.Fatalf("Got no errors for input %q but expected some", tc.Input)
} else if !tc.ExpectError && len(warnings) > 0 {
t.Fatalf("Got %d errors for input %q when didn't expect any", len(warnings), tc.Input)
}
}
}
Expand Down Expand Up @@ -104,7 +107,7 @@ func TestAccAzureRMKeyVaultChild_parseID(t *testing.T) {
}

for _, tc := range cases {
secretId, err := parseKeyVaultChildID(tc.Input)
secretId, err := ParseKeyVaultChildID(tc.Input)
if err != nil {
if !tc.ExpectError {
t.Fatalf("Got error for ID '%s': %+v", tc.Input, err)
Expand All @@ -130,3 +133,53 @@ func TestAccAzureRMKeyVaultChild_parseID(t *testing.T) {
}
}
}

func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
cases := []struct {
Input string
ExpectError bool
}{
{
Input: "",
ExpectError: true,
},
{
Input: "hello",
ExpectError: false,
},
{
Input: "hello-world",
ExpectError: false,
},
{
Input: "hello-world-21",
ExpectError: false,
},
{
Input: "hello_world_21",
ExpectError: true,
},
{
Input: "Hello-World",
ExpectError: false,
},
{
Input: "20202020",
ExpectError: false,
},
{
Input: "ABC123!@£",
ExpectError: true,
},
}

for _, tc := range cases {
_, errors := ValidateKeyVaultChildName(tc.Input, "")

hasError := len(errors) > 0

if tc.ExpectError && !hasError {
t.Fatalf("Expected the Key Vault Child Name to trigger a validation error for '%s'", tc.Input)
}
}
}
1 change: 0 additions & 1 deletion azurerm/helpers/validate/validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package validate
import (
"fmt"
"net/url"

"strings"

"github.com/hashicorp/terraform/helper/schema"
Expand Down
2 changes: 1 addition & 1 deletion azurerm/resource_arm_api_management.go
Original file line number Diff line number Diff line change
Expand Up @@ -775,7 +775,7 @@ func apiManagementResourceHostnameSchema(schemaName string) map[string]*schema.S
"key_vault_id": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: azure.ValidateResourceID,
ValidateFunc: azure.ValidateKeyVaultChildId,
ConflictsWith: []string{
fmt.Sprintf("hostname_configuration.0.%s.0.certificate", schemaName),
fmt.Sprintf("hostname_configuration.0.%s.0.certificate_password", schemaName),
Expand Down
7 changes: 4 additions & 3 deletions azurerm/resource_arm_key_vault_certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand All @@ -31,7 +32,7 @@ func resourceArmKeyVaultCertificate() *schema.Resource {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateKeyVaultChildName,
ValidateFunc: azure.ValidateKeyVaultChildName,
},

"vault_uri": {
Expand Down Expand Up @@ -369,7 +370,7 @@ func resourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down Expand Up @@ -419,7 +420,7 @@ func resourceArmKeyVaultCertificateDelete(d *schema.ResourceData, meta interface
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down
9 changes: 5 additions & 4 deletions azurerm/resource_arm_key_vault_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand All @@ -25,7 +26,7 @@ func resourceArmKeyVaultKey() *schema.Resource {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateKeyVaultChildName,
ValidateFunc: azure.ValidateKeyVaultChildName,
},

"vault_uri": {
Expand Down Expand Up @@ -139,7 +140,7 @@ func resourceArmKeyVaultKeyUpdate(d *schema.ResourceData, meta interface{}) erro
ctx := meta.(*ArmClient).StopContext

log.Print("[INFO] preparing arguments for AzureRM KeyVault Key update.")
id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down Expand Up @@ -167,7 +168,7 @@ func resourceArmKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down Expand Up @@ -209,7 +210,7 @@ func resourceArmKeyVaultKeyDelete(d *schema.ResourceData, meta interface{}) erro
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down
13 changes: 7 additions & 6 deletions azurerm/resource_arm_key_vault_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (

"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand All @@ -24,7 +25,7 @@ func resourceArmKeyVaultSecret() *schema.Resource {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateKeyVaultChildName,
ValidateFunc: azure.ValidateKeyVaultChildName,
},

"vault_uri": {
Expand Down Expand Up @@ -96,7 +97,7 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e
ctx := meta.(*ArmClient).StopContext
log.Print("[INFO] preparing arguments for AzureRM KeyVault Secret update.")

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand All @@ -123,7 +124,7 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e
if err != nil {
return fmt.Errorf("Error getting Key Vault Secret %q : %+v", id.Name, err)
}
_, err = parseKeyVaultChildID(*read.ID)
_, err = azure.ParseKeyVaultChildID(*read.ID)
if err != nil {
return err
}
Expand All @@ -149,7 +150,7 @@ func resourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) err
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand All @@ -166,7 +167,7 @@ func resourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) err
}

// the version may have changed, so parse the updated id
respID, err := parseKeyVaultChildID(*resp.ID)
respID, err := azure.ParseKeyVaultChildID(*resp.ID)
if err != nil {
return err
}
Expand All @@ -185,7 +186,7 @@ func resourceArmKeyVaultSecretDelete(d *schema.ResourceData, meta interface{}) e
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down

0 comments on commit 46eadc3

Please sign in to comment.