provider/vault: vault_auth_backend resource

hashicorp · Jan 2, 2017 · c133f86 · c133f86
1 parent 4538af7
commit c133f86
Show file tree

Hide file tree

Showing 3 changed files with 225 additions and 0 deletions.
diff --git a/builtin/providers/vault/provider.go b/builtin/providers/vault/provider.go
@@ -88,6 +88,7 @@ func Provider() terraform.ResourceProvider {
 
 		ResourcesMap: map[string]*schema.Resource{
 			"vault_generic_secret": genericSecretResource(),
+			"vault_auth_backend":   authBackendResource(),
 		},
 	}
 }

diff --git a/builtin/providers/vault/resource_auth_backend.go b/builtin/providers/vault/resource_auth_backend.go
@@ -0,0 +1,95 @@
+package vault
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/vault/api"
+)
+
+func authBackendResource() *schema.Resource {
+	return &schema.Resource{
+		Create: authBackendWrite,
+		Update: authBackendWrite,
+		Delete: authBackendDelete,
+		Read:   authBackendRead,
+
+		Schema: map[string]*schema.Schema{
+			"type": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Name of the auth",
+			},
+
+			"path": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    false,
+				ForceNew:    true,
+				Description: "path to mount",
+			},
+
+			"description": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    false,
+				Optional:    true,
+				Description: "The auth document",
+			},
+		},
+	}
+}
+
+func authBackendWrite(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*api.Client)
+
+	name := d.Get("type").(string)
+	desc := d.Get("description").(string)
+
+	log.Printf("[DEBUG] Writing auth %s to Vault", name)
+	err := client.Sys().EnableAuth(name, name, desc)
+
+	if err != nil {
+		return fmt.Errorf("error writing to Vault: %s", err)
+	}
+
+	d.SetId(name)
+
+	return nil
+}
+
+func authBackendDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*api.Client)
+
+	name := d.Id()
+
+	log.Printf("[DEBUG] Deleting auth %s from Vault", name)
+
+	err := client.Sys().DisableAuth(name)
+	if err != nil {
+		return fmt.Errorf("error disabling auth from Vault: %s", err)
+	}
+
+	return nil
+}
+
+func authBackendRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*api.Client)
+
+	name := d.Id()
+	auths, err := client.Sys().ListAuth()
+
+	if err != nil {
+		return fmt.Errorf("error reading from Vault: %s", err)
+	}
+
+	for _, auth := range auths {
+		if auth.Type == name {
+			return nil
+		}
+	}
+
+	// If we fell out here then we didn't find our Auth in the list.
+	d.SetId("")
+	return nil
+}
diff --git a/builtin/providers/vault/resource_auth_backend_test.go b/builtin/providers/vault/resource_auth_backend_test.go
@@ -0,0 +1,129 @@
+package vault
+
+import (
+	"fmt"
+	"testing"
+
+	r "github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/hashicorp/vault/api"
+)
+
+func TestResourceAuth(t *testing.T) {
+	r.Test(t, r.TestCase{
+		Providers: testProviders,
+		PreCheck:  func() { testAccPreCheck(t) },
+		Steps: []r.TestStep{
+			r.TestStep{
+				Config: testResourceAuth_initialConfig,
+				Check:  testResourceAuth_initialCheck,
+			},
+			r.TestStep{
+				Config: testResourceAuth_updateConfig,
+				Check:  testResourceAuth_updateCheck,
+			},
+		},
+	})
+}
+
+var testResourceAuth_initialConfig = `
+
+resource "vault_auth_backend" "test" {
+	type = "github"
+}
+
+`
+
+func testResourceAuth_initialCheck(s *terraform.State) error {
+	resourceState := s.Modules[0].Resources["vault_auth_backend.test"]
+	if resourceState == nil {
+		return fmt.Errorf("resource not found in state")
+	}
+
+	instanceState := resourceState.Primary
+	if instanceState == nil {
+		return fmt.Errorf("resource has no primary instance")
+	}
+
+	name := instanceState.ID
+
+	if name != instanceState.Attributes["type"] {
+		return fmt.Errorf("id doesn't match name")
+	}
+
+	if name != "github" {
+		return fmt.Errorf("unexpected auth name %s", name)
+	}
+
+	client := testProvider.Meta().(*api.Client)
+	auths, err := client.Sys().ListAuth()
+
+	if err != nil {
+		return fmt.Errorf("error reading back auth: %s", err)
+	}
+
+	found := false
+	for _, auth := range auths {
+		if auth.Type == name {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		return fmt.Errorf("could not find auth backend %s in %+v", name, auths)
+	}
+
+	return nil
+}
+
+var testResourceAuth_updateConfig = `
+
+resource "vault_auth_backend" "test" {
+	type = "ldap"
+}
+
+`
+
+func testResourceAuth_updateCheck(s *terraform.State) error {
+	resourceState := s.Modules[0].Resources["vault_auth_backend.test"]
+	if resourceState == nil {
+		return fmt.Errorf("resource not found in state")
+	}
+
+	instanceState := resourceState.Primary
+	if instanceState == nil {
+		return fmt.Errorf("resource has no primary instance")
+	}
+
+	name := instanceState.ID
+
+	if name != instanceState.Attributes["type"] {
+		return fmt.Errorf("id doesn't match name")
+	}
+
+	if name != "ldap" {
+		return fmt.Errorf("unexpected auth name")
+	}
+
+	client := testProvider.Meta().(*api.Client)
+	auths, err := client.Sys().ListAuth()
+
+	if err != nil {
+		return fmt.Errorf("error reading back auth: %s", err)
+	}
+
+	found := false
+	for _, auth := range auths {
+		if auth.Type == name {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		return fmt.Errorf("could not find auth backend %s in %+v", name, auths)
+	}
+
+	return nil
+}