Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API Management: ensuring a Key Vault Child ID is passed #2189

Merged
merged 2 commits into from
Oct 31, 2018
Merged

API Management: ensuring a Key Vault Child ID is passed #2189

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ae837c6
refactor: Key Vault Child -> Azure package
tombuildsstuff Oct 30, 2018
ae8e20a
Adding validation for a Key Vault Child ID
tombuildsstuff Oct 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion azurerm/data_source_key_vault_secret.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"fmt"

"github.com/hashicorp/terraform/helper/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand Down Expand Up @@ -62,7 +63,7 @@ func dataSourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) e
}

// the version may have changed, so parse the updated id
respID, err := parseKeyVaultChildID(*resp.ID)
respID, err := azure.ParseKeyVaultChildID(*resp.ID)
if err != nil {
return err
}
Expand Down
42 changes: 33 additions & 9 deletions azurerm/key_vault_child.go → azurerm/helpers/azure/key_vault_child.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,21 @@
package azurerm
package azure

import (
"fmt"
"net/url"
"regexp"
"strings"

"github.com/hashicorp/terraform/helper/validation"
)

func parseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
type KeyVaultChildID struct {
KeyVaultBaseUrl string
Name string
Version string
}

func ParseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
// example: https://tharvey-keyvault.vault.azure.net/type/bird/fdf067c93bbb4b22bff4d8b7a9a56217
idURL, err := url.ParseRequestURI(id)
if err != nil {
Expand All @@ -34,13 +42,7 @@ func parseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
return &childId, nil
}

type KeyVaultChildID struct {
KeyVaultBaseUrl string
Name string
Version string
}

func validateKeyVaultChildName(v interface{}, k string) (ws []string, es []error) {
func ValidateKeyVaultChildName(v interface{}, k string) (ws []string, es []error) {
value := v.(string)

if matched := regexp.MustCompile(`^[0-9a-zA-Z-]+$`).Match([]byte(value)); !matched {
Expand All @@ -49,3 +51,25 @@ func validateKeyVaultChildName(v interface{}, k string) (ws []string, es []error

return ws, es
}

// Unfortunately this can't (easily) go in the Validate package
// since there's a circular reference on this package
func ValidateKeyVaultChildId(i interface{}, k string) (s []string, es []error) {
if s, es = validation.NoZeroValues(i, k); len(es) > 0 {
return s, es
}

v, ok := i.(string)
if !ok {
es = append(es, fmt.Errorf("Expected %s to be a string!", k))
return s, es
}

_, err := ParseKeyVaultChildID(v)
if err != nil {
es = append(es, fmt.Errorf("Error parsing Key Vault Child ID: %s", err))
return s, es
}

return s, es
}
91 changes: 72 additions & 19 deletions azurerm/key_vault_child_test.go → ...erm/helpers/azure/key_vault_child_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
package azurerm
package azure

import "testing"

func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
func TestAccAzureRMValidateKeyVaultChildID(t *testing.T) {
cases := []struct {
Input string
ExpectError bool
Expand All @@ -12,42 +12,45 @@ func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
ExpectError: true,
},
{
Input: "hello",
ExpectError: false,
Input: "https://my-keyvault.vault.azure.net/secrets",
ExpectError: true,
},
{
Input: "hello-world",
ExpectError: false,
Input: "https://my-keyvault.vault.azure.net/secrets/bird",
ExpectError: true,
},
{
Input: "hello-world-21",
Input: "https://my-keyvault.vault.azure.net/secrets/bird/fdf067c93bbb4b22bff4d8b7a9a56217",
ExpectError: false,
},
{
Input: "hello_world_21",
ExpectError: true,
},
{
Input: "Hello-World",
Input: "https://my-keyvault.vault.azure.net/certificates/hello/world",
ExpectError: false,
},
{
Input: "20202020",
Input: "https://my-keyvault.vault.azure.net/keys/castle/1492",
ExpectError: false,
},
{
Input: "ABC123!@£",
Input: "https://my-keyvault.vault.azure.net/secrets/bird/fdf067c93bbb4b22bff4d8b7a9a56217/XXX",
ExpectError: true,
},
}

for _, tc := range cases {
_, errors := validateKeyVaultChildName(tc.Input, "")
warnings, err := ValidateKeyVaultChildId(tc.Input, "example")
if err != nil {
if !tc.ExpectError {
t.Fatalf("Got error for input %q: %+v", tc.Input, err)
}

hasError := len(errors) > 0
return
}

if tc.ExpectError && !hasError {
t.Fatalf("Expected the Key Vault Child Name to trigger a validation error for '%s'", tc.Input)
if tc.ExpectError && len(warnings) == 0 {
t.Fatalf("Got no errors for input %q but expected some", tc.Input)
} else if !tc.ExpectError && len(warnings) > 0 {
t.Fatalf("Got %d errors for input %q when didn't expect any", len(warnings), tc.Input)
}
}
}
Expand Down Expand Up @@ -104,7 +107,7 @@ func TestAccAzureRMKeyVaultChild_parseID(t *testing.T) {
}

for _, tc := range cases {
secretId, err := parseKeyVaultChildID(tc.Input)
secretId, err := ParseKeyVaultChildID(tc.Input)
if err != nil {
if !tc.ExpectError {
t.Fatalf("Got error for ID '%s': %+v", tc.Input, err)
Expand All @@ -130,3 +133,53 @@ func TestAccAzureRMKeyVaultChild_parseID(t *testing.T) {
}
}
}

func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
cases := []struct {
Input string
ExpectError bool
}{
{
Input: "",
ExpectError: true,
},
{
Input: "hello",
ExpectError: false,
},
{
Input: "hello-world",
ExpectError: false,
},
{
Input: "hello-world-21",
ExpectError: false,
},
{
Input: "hello_world_21",
ExpectError: true,
},
{
Input: "Hello-World",
ExpectError: false,
},
{
Input: "20202020",
ExpectError: false,
},
{
Input: "ABC123!@£",
ExpectError: true,
},
}

for _, tc := range cases {
_, errors := ValidateKeyVaultChildName(tc.Input, "")

hasError := len(errors) > 0

if tc.ExpectError && !hasError {
t.Fatalf("Expected the Key Vault Child Name to trigger a validation error for '%s'", tc.Input)
}
}
}
1 change: 0 additions & 1 deletion azurerm/helpers/validate/validate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package validate
import (
"fmt"
"net/url"

"strings"

"github.com/hashicorp/terraform/helper/schema"
Expand Down
2 changes: 1 addition & 1 deletion azurerm/resource_arm_api_management.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -775,7 +775,7 @@ func apiManagementResourceHostnameSchema(schemaName string) map[string]*schema.S
"key_vault_id": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: azure.ValidateResourceID,
ValidateFunc: azure.ValidateKeyVaultChildId,
ConflictsWith: []string{
fmt.Sprintf("hostname_configuration.0.%s.0.certificate", schemaName),
fmt.Sprintf("hostname_configuration.0.%s.0.certificate_password", schemaName),
Expand Down
7 changes: 4 additions & 3 deletions azurerm/resource_arm_key_vault_certificate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand All @@ -31,7 +32,7 @@ func resourceArmKeyVaultCertificate() *schema.Resource {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateKeyVaultChildName,
ValidateFunc: azure.ValidateKeyVaultChildName,
},

"vault_uri": {
Expand Down Expand Up @@ -369,7 +370,7 @@ func resourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down Expand Up @@ -419,7 +420,7 @@ func resourceArmKeyVaultCertificateDelete(d *schema.ResourceData, meta interface
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down
9 changes: 5 additions & 4 deletions azurerm/resource_arm_key_vault_key.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand All @@ -25,7 +26,7 @@ func resourceArmKeyVaultKey() *schema.Resource {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateKeyVaultChildName,
ValidateFunc: azure.ValidateKeyVaultChildName,
},

"vault_uri": {
Expand Down Expand Up @@ -139,7 +140,7 @@ func resourceArmKeyVaultKeyUpdate(d *schema.ResourceData, meta interface{}) erro
ctx := meta.(*ArmClient).StopContext

log.Print("[INFO] preparing arguments for AzureRM KeyVault Key update.")
id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down Expand Up @@ -167,7 +168,7 @@ func resourceArmKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down Expand Up @@ -209,7 +210,7 @@ func resourceArmKeyVaultKeyDelete(d *schema.ResourceData, meta interface{}) erro
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down
13 changes: 7 additions & 6 deletions azurerm/resource_arm_key_vault_secret.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (

"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand All @@ -24,7 +25,7 @@ func resourceArmKeyVaultSecret() *schema.Resource {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateKeyVaultChildName,
ValidateFunc: azure.ValidateKeyVaultChildName,
},

"vault_uri": {
Expand Down Expand Up @@ -96,7 +97,7 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e
ctx := meta.(*ArmClient).StopContext
log.Print("[INFO] preparing arguments for AzureRM KeyVault Secret update.")

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand All @@ -123,7 +124,7 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e
if err != nil {
return fmt.Errorf("Error getting Key Vault Secret %q : %+v", id.Name, err)
}
_, err = parseKeyVaultChildID(*read.ID)
_, err = azure.ParseKeyVaultChildID(*read.ID)
if err != nil {
return err
}
Expand All @@ -149,7 +150,7 @@ func resourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) err
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand All @@ -166,7 +167,7 @@ func resourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) err
}

// the version may have changed, so parse the updated id
respID, err := parseKeyVaultChildID(*resp.ID)
respID, err := azure.ParseKeyVaultChildID(*resp.ID)
if err != nil {
return err
}
Expand All @@ -185,7 +186,7 @@ func resourceArmKeyVaultSecretDelete(d *schema.ResourceData, meta interface{}) e
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

id, err := parseKeyVaultChildID(d.Id())
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}
Expand Down