From 7733d4324914f84d89e9dacf7fc5217e40255d56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 09:30:57 +0000 Subject: [PATCH 1/8] Bump golang.org/x/crypto from 0.28.0 to 0.31.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 24629b4..f56344e 100644 --- a/go.mod +++ b/go.mod @@ -47,11 +47,11 @@ require ( github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/zclconf/go-cty v1.15.0 // indirect - golang.org/x/crypto v0.28.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/net v0.28.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect diff --git a/go.sum b/go.sum index 845fc88..ddf4cd5 100644 --- a/go.sum +++ b/go.sum @@ -146,8 +146,8 @@ github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6 github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= @@ -160,8 +160,8 @@ golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -174,8 +174,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -183,8 +183,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= From e8fc6d318c44791b456131fffd2985f94cf5d568 Mon Sep 17 00:00:00 2001 From: bsimon Date: Fri, 13 Dec 2024 11:51:43 +0100 Subject: [PATCH 2/8] f --- bastion/resource_encryption.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bastion/resource_encryption.go b/bastion/resource_encryption.go index a7d72ca..91397d6 100644 --- a/bastion/resource_encryption.go +++ b/bastion/resource_encryption.go @@ -161,7 +161,7 @@ func updateEncryption( } func resourceEncryptionDelete( - _ context.Context, d *schema.ResourceData, m interface{}, + _ context.Context, d *schema.ResourceData, _ interface{}, ) diag.Diagnostics { // Since the API does not support deletion, we simply remove the resource from the Terraform state d.SetId("") From 1128ddbfb9df7ff8b866d0a79980c72124323ea0 Mon Sep 17 00:00:00 2001 From: bsimon Date: Mon, 16 Dec 2024 11:46:15 +0100 Subject: [PATCH 3/8] BUG FIXES: * fixed list of SSH and RDP supported subprotocols. --- ...udio_input-in-rdp-subprotocol-for-a-service-declaration.md | 4 ++++ bastion/resource_device_service.go | 3 +++ 2 files changed, 7 insertions(+) create mode 100644 .changes/48-bug-unable-to-add-rdp_audio_input-in-rdp-subprotocol-for-a-service-declaration.md diff --git a/.changes/48-bug-unable-to-add-rdp_audio_input-in-rdp-subprotocol-for-a-service-declaration.md b/.changes/48-bug-unable-to-add-rdp_audio_input-in-rdp-subprotocol-for-a-service-declaration.md new file mode 100644 index 0000000..73f94f2 --- /dev/null +++ b/.changes/48-bug-unable-to-add-rdp_audio_input-in-rdp-subprotocol-for-a-service-declaration.md @@ -0,0 +1,4 @@ + +BUG FIXES: + +* fixed list of SSH and RDP supported subprotocols. diff --git a/bastion/resource_device_service.go b/bastion/resource_device_service.go index 651754f..adb12bf 100644 --- a/bastion/resource_device_service.go +++ b/bastion/resource_device_service.go @@ -302,6 +302,8 @@ func sshSubProtocolsValid() []string { "SSH_DIRECT_TCPIP", "SSH_REVERSE_TCPIP", "SSH_AUTH_AGENT", + "SSH_DIRECT_UNIXSOCK", + "SSH_REVERSE_UNIXSOCK", } } @@ -315,6 +317,7 @@ func rdpSubProtocolsValid() []string { "RDP_DRIVE", "RDP_SMARTCARD", "RDP_AUDIO_OUTPUT", + "RDP_AUDIO_OUTPUT", } } From d09b458b485a2e3f58eeec4f03be16e7e1edd2d7 Mon Sep 17 00:00:00 2001 From: bsimon Date: Wed, 18 Dec 2024 09:28:41 +0100 Subject: [PATCH 4/8] Linting --- .github/workflows/linters.yml | 20 +++++++++----------- .github/workflows/release.yml | 19 +++++++------------ bastion/data_source_authdomain_ad_test.go | 16 ++++++++-------- 3 files changed, 24 insertions(+), 31 deletions(-) diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index c6c3f6d..68e0dfc 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -8,7 +8,7 @@ jobs: - name: Set up Go 1.23 uses: actions/setup-go@v5 with: - go-version: '1.23' + go-version: "1.23" check-latest: true id: go - name: Disable cgo @@ -27,13 +27,13 @@ jobs: name: markdown-lint runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v4 + - name: Check out code + uses: actions/checkout@v4 - - name: Markdown files linting - uses: avto-dev/markdown-lint@v1 - with: - args: '.' + - name: Markdown files linting + uses: avto-dev/markdown-lint@v1 + with: + args: . terrafmt: name: terrafmt @@ -42,9 +42,8 @@ jobs: - name: Set up Go 1.23 uses: actions/setup-go@v5 with: - go-version: '1.23' + go-version: "1.23" check-latest: true - skip-cache: true id: go - name: Show version run: go version @@ -56,7 +55,6 @@ jobs: repository: katbyte/terrafmt ref: v0.5.2 path: terrafmt - skip-cache: true - name: Build terrafmt bin run: cd terrafmt && go install ./... && cd ${GITHUB_WORKSPACE} - name: Detect resource/data-source blocks without double quote on type and name (blocks not detected by terrafmt) @@ -68,7 +66,7 @@ jobs: run: find bastion | egrep "_test.go" | sort | while read f; do terrafmt diff $f; done >> /tmp/results.test.go - name: Generate error if results not empty run: | - if [[ -s /tmp/results.md || -s /tmp/results.test.go ]] ; then + if [[ -s /tmp/results.md || -s /tmp/results.test.go ]] ; then cat /tmp/results.md cat /tmp/results.test.go echo "terraform blocks in docs/test-go files not being properly formatted" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b9d08eb..544860f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,31 +4,26 @@ name: release on: push: tags: - - 'v*' + - v* jobs: goreleaser: runs-on: ubuntu-latest steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v4 - - - name: Unshallow + - name: Unshallow run: git fetch --prune --unshallow - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v5 with: - go-version: '1.23' - - - name: Import GPG key + go-version: "1.23" + - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v6.2.0 id: import_gpg with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - - - name: Run GoReleaser + - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6.1.0 with: version: latest diff --git a/bastion/data_source_authdomain_ad_test.go b/bastion/data_source_authdomain_ad_test.go index 67ba3f8..334000a 100644 --- a/bastion/data_source_authdomain_ad_test.go +++ b/bastion/data_source_authdomain_ad_test.go @@ -38,11 +38,11 @@ func TestAccDataSourceAuthDomainAD_basic(t *testing.T) { func testAccDataSourceAuthDomainADConfigCreate() string { return ` resource "wallix-bastion_authdomain_ad" "testacc_dataAuthDomain" { - domain_name = "testacc-domain" - auth_domain_name = "testacc-auth-domain" - default_language = "en" + domain_name = "testacc-domain" + auth_domain_name = "testacc-auth-domain" + default_language = "en" default_email_domain = "example.com" - external_auths = ["auth1", "auth2"] + external_auths = ["auth1", "auth2"] } ` } @@ -51,11 +51,11 @@ resource "wallix-bastion_authdomain_ad" "testacc_dataAuthDomain" { func testAccDataSourceAuthDomainADConfigData() string { return ` resource "wallix-bastion_authdomain_ad" "testacc_dataAuthDomain" { - domain_name = "testacc-domain" - auth_domain_name = "testacc-auth-domain" - default_language = "en" + domain_name = "testacc-domain" + auth_domain_name = "testacc-auth-domain" + default_language = "en" default_email_domain = "example.com" - external_auths = ["auth1", "auth2"] + external_auths = ["auth1", "auth2"] } data "wallix-bastion_authdomain" "testacc_dataDomain" { From f0dc61580d75c154139543723118b3b93c875694 Mon Sep 17 00:00:00 2001 From: bsimon Date: Thu, 19 Dec 2024 16:08:02 +0100 Subject: [PATCH 5/8] lint fix data_source_authdomain_ad_test.go --- bastion/data_source_authdomain_ad_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bastion/data_source_authdomain_ad_test.go b/bastion/data_source_authdomain_ad_test.go index 334000a..ddfadad 100644 --- a/bastion/data_source_authdomain_ad_test.go +++ b/bastion/data_source_authdomain_ad_test.go @@ -59,7 +59,7 @@ resource "wallix-bastion_authdomain_ad" "testacc_dataAuthDomain" { } data "wallix-bastion_authdomain" "testacc_dataDomain" { - domain_name = wallix-bastion_domain.testacc_dataDomain.domain_name + domain_name = wallix-bastion_domain.testacc_dataDomain.domain_name auth_domain_name = wallix-bastion_domain.testacc_dataDomain.domain_real_name } ` From 1bfb3b279e34374afa06871c9d38638f3e79fa8a Mon Sep 17 00:00:00 2001 From: Julien Date: Fri, 20 Dec 2024 16:44:35 +0100 Subject: [PATCH 6/8] added config X509 resource --- .changes/feature_config_x509.md | 3 + bastion/provider.go | 1 + bastion/resource_config_x509.go | 174 +++++++++++++++++++++++++++ bastion/resource_config_x509_test.go | 63 ++++++++++ docs/resources/config_x509.md | 47 ++++++++ 5 files changed, 288 insertions(+) create mode 100644 .changes/feature_config_x509.md create mode 100644 bastion/resource_config_x509.go create mode 100644 bastion/resource_config_x509_test.go create mode 100644 docs/resources/config_x509.md diff --git a/.changes/feature_config_x509.md b/.changes/feature_config_x509.md new file mode 100644 index 0000000..e6ab805 --- /dev/null +++ b/.changes/feature_config_x509.md @@ -0,0 +1,3 @@ +FEATURES: + +* **resource/wallix-bastion_config_x509**: added the possibilty to configure the X509 for the GUI and for users authentication \ No newline at end of file diff --git a/bastion/provider.go b/bastion/provider.go index 3311d58..b0d88df 100644 --- a/bastion/provider.go +++ b/bastion/provider.go @@ -72,6 +72,7 @@ func Provider() *schema.Provider { "wallix-bastion_authorization": resourceAuthorization(), "wallix-bastion_checkout_policy": resourceCheckoutPolicy(), "wallix-bastion_cluster": resourceCluster(), + "wallix-bastion_config_x509": resourceConfigX509(), "wallix-bastion_connection_message": resourceConnectionMessage(), "wallix-bastion_connection_policy": resourceConnectionPolicy(), "wallix-bastion_device": resourceDevice(), diff --git a/bastion/resource_config_x509.go b/bastion/resource_config_x509.go new file mode 100644 index 0000000..c352d15 --- /dev/null +++ b/bastion/resource_config_x509.go @@ -0,0 +1,174 @@ +package bastion + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +type jsonConfigX509 struct { + CaCertificate string `json:"ca_certificate,omitempty"` + ServerPublicKey string `json:"server_public_key"` + ServerPrivateKey string `json:"server_private_key"` + Enable bool `json:"enable,omitempty"` +} + +func resourceConfigX509() *schema.Resource { + return &schema.Resource{ + CreateContext: resourceConfigX509Create, + ReadContext: resourceConfigX509Read, + UpdateContext: resourceConfigX509Update, + DeleteContext: resourceConfigX509Delete, + Importer: &schema.ResourceImporter{ + State: resourceConfigX509Import, + }, + Schema: map[string]*schema.Schema{ + "ca_certificate": { + Type: schema.TypeString, + Optional: true, + }, + "server_public_key": { + Type: schema.TypeString, + Required: true, + }, + "server_private_key": { + Type: schema.TypeString, + Required: true, + }, + "enable": { + Type: schema.TypeBool, + Optional: true, + }, + }, + } +} + +func resourceConfigX509Create(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { + // Add the configuration + if err := addConfigX509(ctx, d, m); err != nil { + return diag.FromErr(err) + } + // Use a static ID since the API does not provide one + d.SetId("x509Config") + + return resourceConfigX509Read(ctx, d, m) +} + +func resourceConfigX509Read(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { + cfg, err := readConfigX509Options(ctx, m) + if err != nil { + return diag.FromErr(err) + } + + // If no config exists, mark the resource as deleted + if cfg.ServerPublicKey == "" && cfg.ServerPrivateKey == "" { + d.SetId("") + return nil + } + + fillConfigX509(d, cfg) + return nil +} + +func resourceConfigX509Update(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { + if err := updateConfigX509(ctx, d, m); err != nil { + return diag.FromErr(err) + } + + return resourceConfigX509Read(ctx, d, m) +} + +func resourceConfigX509Delete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { + if err := deleteConfigX509(ctx, m); err != nil { + return diag.FromErr(err) + } + + // Remove the resource from state + d.SetId("") + + return nil +} + +func resourceConfigX509Import(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { + // Since the resource does not have a unique ID, use the static "x509Config" ID + d.SetId("x509Config") + return []*schema.ResourceData{d}, nil +} + +func addConfigX509(ctx context.Context, d *schema.ResourceData, m interface{}) error { + c := m.(*Client) + jsonData := prepareConfigX509JSON(d) + body, code, err := c.newRequest(ctx, "/config/x509", http.MethodPost, jsonData) + if err != nil { + return err + } + if code != http.StatusOK && code != http.StatusNoContent { + return fmt.Errorf("API returned error: %d with body:\n%s", code, body) + } + return nil +} + +func readConfigX509Options(ctx context.Context, m interface{}) (jsonConfigX509, error) { + c := m.(*Client) + var result jsonConfigX509 + body, code, err := c.newRequest(ctx, "/config/x509", http.MethodGet, nil) + if err != nil { + return result, err + } + if code == http.StatusNotFound { + return result, nil + } + if code != http.StatusOK { + return result, fmt.Errorf("API returned error: %d with body:\n%s", code, body) + } + err = json.Unmarshal([]byte(body), &result) + if err != nil { + return result, fmt.Errorf("error unmarshaling JSON: %w", err) + } + return result, nil +} + +func updateConfigX509(ctx context.Context, d *schema.ResourceData, m interface{}) error { + c := m.(*Client) + jsonData := prepareConfigX509JSON(d) + body, code, err := c.newRequest(ctx, "/config/x509", http.MethodPut, jsonData) + if err != nil { + return err + } + if code != http.StatusOK && code != http.StatusNoContent { + return fmt.Errorf("API returned error: %d with body:\n%s", code, body) + } + return nil +} + +func deleteConfigX509(ctx context.Context, m interface{}) error { + c := m.(*Client) + body, code, err := c.newRequest(ctx, "/config/x509", http.MethodDelete, nil) + if err != nil { + return err + } + if code != http.StatusOK && code != http.StatusNoContent { + return fmt.Errorf("API returned error: %d with body:\n%s", code, body) + } + return nil +} + +func prepareConfigX509JSON(d *schema.ResourceData) jsonConfigX509 { + return jsonConfigX509{ + CaCertificate: d.Get("ca_certificate").(string), + ServerPublicKey: d.Get("server_public_key").(string), + ServerPrivateKey: d.Get("server_private_key").(string), + Enable: d.Get("enable").(bool), + } +} + +func fillConfigX509(d *schema.ResourceData, jsonData jsonConfigX509) { + d.Set("ca_certificate", jsonData.CaCertificate) + d.Set("server_public_key", jsonData.ServerPublicKey) + d.Set("server_private_key", jsonData.ServerPrivateKey) + d.Set("enable", jsonData.Enable) +} diff --git a/bastion/resource_config_x509_test.go b/bastion/resource_config_x509_test.go new file mode 100644 index 0000000..2780b24 --- /dev/null +++ b/bastion/resource_config_x509_test.go @@ -0,0 +1,63 @@ +package bastion_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +// TestAccResourceConfigX509_basic tests creating, updating the x509 configuration. +func TestAccResourceConfigX509_basic(t *testing.T) { + resourceName := "bastion_x509_config.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, // Ensures necessary environment variables are set + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccResourceConfigX509Basic(), + Check: resource.ComposeTestCheckFunc( + // Verify that the resource exists + resource.TestCheckResourceAttr(resourceName, "ca_certificate", "test-ca-cert"), + resource.TestCheckResourceAttr(resourceName, "server_public_key", "test-public-key"), + resource.TestCheckResourceAttr(resourceName, "server_private_key", "test-private-key"), + resource.TestCheckResourceAttr(resourceName, "enable", "true"), + ), + }, + // Test updating the resource + { + Config: testAccResourceConfigX509Update(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "ca_certificate", "updated-ca-cert"), + resource.TestCheckResourceAttr(resourceName, "server_public_key", "updated-public-key"), + resource.TestCheckResourceAttr(resourceName, "server_private_key", "updated-private-key"), + resource.TestCheckResourceAttr(resourceName, "enable", "false"), + ), + }, + }, + }) +} + +// Test configuration for creating the resource +func testAccResourceConfigX509Basic() string { + return (` +resource "bastion_x509_config" "test" { + ca_certificate = "test-ca-cert" + server_public_key = "test-public-key" + server_private_key = "test-private-key" + enable = true +} +`) +} + +// Test configuration for updating the resource +func testAccResourceConfigX509Update() string { + return (` +resource "bastion_x509_config" "test" { + ca_certificate = "updated-ca-cert" + server_public_key = "updated-public-key" + server_private_key = "updated-private-key" + enable = false +} +`) +} diff --git a/docs/resources/config_x509.md b/docs/resources/config_x509.md new file mode 100644 index 0000000..d718e69 --- /dev/null +++ b/docs/resources/config_x509.md @@ -0,0 +1,47 @@ +# wallix-bastion_config_x509 Resource + +Provides a X509 resource. + +## Example Usage + +```hcl +# Configure the X509 authentication and/or change GUI and API certificates +resource "wallix-bastion_config_x509" "acme-cert" { + ca_certificate = file("${path.root}/chain1.pem") + server_private_key = file("${path.root}/privkey1.pem") + server_public_key = file("${path.root}/cert1.pem") + enable = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- **ca_certificate** (Optional, String) + The ca for users authentication +- **server_private_key** (Required, String) + The server certificate private key +- **server_public_key** (Required, String) + The server certificate public key +- **enable** (Optional, Bool) + Whether or not enable X509 users authentication + +## Attribute Reference + +- **id** (String) + Internal id of X509 config (only in Tfstate since the API does not provide any) +- **ca_certificate** (String) + The server X509 ca certificate for users authentication +- **server_public_key** (String) + The server x509 public certificate +- **enable** (String) + Whether or not the X509 users authentication is enabled + +## Import + +X509 config can be imported using any id (in Tfstate it will always be x509Config ) e.g. + +```shell +terraform import wallix-bastion_device.acme-cert myx509 +``` From 8476f75577de94a70caaa9fca55ca58cf0dbc7ba Mon Sep 17 00:00:00 2001 From: Julien Date: Fri, 20 Dec 2024 17:06:06 +0100 Subject: [PATCH 7/8] linting --- bastion/resource_config_x509.go | 26 ++++++++++++++++++++------ bastion/resource_config_x509_test.go | 10 +++++----- docs/resources/config_x509.md | 18 +++++++++--------- 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/bastion/resource_config_x509.go b/bastion/resource_config_x509.go index c352d15..8983338 100644 --- a/bastion/resource_config_x509.go +++ b/bastion/resource_config_x509.go @@ -61,16 +61,19 @@ func resourceConfigX509Create(ctx context.Context, d *schema.ResourceData, m int func resourceConfigX509Read(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { cfg, err := readConfigX509Options(ctx, m) if err != nil { + return diag.FromErr(err) } // If no config exists, mark the resource as deleted if cfg.ServerPublicKey == "" && cfg.ServerPrivateKey == "" { d.SetId("") + return nil } fillConfigX509(d, cfg) + return nil } @@ -93,9 +96,10 @@ func resourceConfigX509Delete(ctx context.Context, d *schema.ResourceData, m int return nil } -func resourceConfigX509Import(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) { +func resourceConfigX509Import(d *schema.ResourceData, _ interface{}) ([]*schema.ResourceData, error) { // Since the resource does not have a unique ID, use the static "x509Config" ID d.SetId("x509Config") + return []*schema.ResourceData{d}, nil } @@ -166,9 +170,19 @@ func prepareConfigX509JSON(d *schema.ResourceData) jsonConfigX509 { } } -func fillConfigX509(d *schema.ResourceData, jsonData jsonConfigX509) { - d.Set("ca_certificate", jsonData.CaCertificate) - d.Set("server_public_key", jsonData.ServerPublicKey) - d.Set("server_private_key", jsonData.ServerPrivateKey) - d.Set("enable", jsonData.Enable) +func fillConfigX509(d *schema.ResourceData, jsonData jsonConfigX509) error { + if err := d.Set("ca_certificate", jsonData.CaCertificate); err != nil { + return err + } + if err := d.Set("server_public_key", jsonData.ServerPublicKey); err != nil { + return err + } + if err := d.Set("server_private_key", jsonData.ServerPrivateKey); err != nil { + return err + } + if err := d.Set("enable", jsonData.Enable); err != nil { + return err + } + + return nil } diff --git a/bastion/resource_config_x509_test.go b/bastion/resource_config_x509_test.go index 2780b24..d819208 100644 --- a/bastion/resource_config_x509_test.go +++ b/bastion/resource_config_x509_test.go @@ -11,20 +11,20 @@ func TestAccResourceConfigX509_basic(t *testing.T) { resourceName := "bastion_x509_config.test" resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, // Ensures necessary environment variables are set + PreCheck: func() { testAccPreCheck(t) }, // Ensures necessary environment variables are set. Providers: testAccProviders, Steps: []resource.TestStep{ { Config: testAccResourceConfigX509Basic(), Check: resource.ComposeTestCheckFunc( - // Verify that the resource exists + // Verify that the resource exists. resource.TestCheckResourceAttr(resourceName, "ca_certificate", "test-ca-cert"), resource.TestCheckResourceAttr(resourceName, "server_public_key", "test-public-key"), resource.TestCheckResourceAttr(resourceName, "server_private_key", "test-private-key"), resource.TestCheckResourceAttr(resourceName, "enable", "true"), ), }, - // Test updating the resource + // Test updating the resource. { Config: testAccResourceConfigX509Update(), Check: resource.ComposeTestCheckFunc( @@ -38,7 +38,7 @@ func TestAccResourceConfigX509_basic(t *testing.T) { }) } -// Test configuration for creating the resource +// Test configuration for creating the resource. func testAccResourceConfigX509Basic() string { return (` resource "bastion_x509_config" "test" { @@ -50,7 +50,7 @@ resource "bastion_x509_config" "test" { `) } -// Test configuration for updating the resource +// Test configuration for updating the resource. func testAccResourceConfigX509Update() string { return (` resource "bastion_x509_config" "test" { diff --git a/docs/resources/config_x509.md b/docs/resources/config_x509.md index d718e69..3a5c43d 100644 --- a/docs/resources/config_x509.md +++ b/docs/resources/config_x509.md @@ -7,10 +7,10 @@ Provides a X509 resource. ```hcl # Configure the X509 authentication and/or change GUI and API certificates resource "wallix-bastion_config_x509" "acme-cert" { - ca_certificate = file("${path.root}/chain1.pem") + ca_certificate = file("${path.root}/chain1.pem") server_private_key = file("${path.root}/privkey1.pem") - server_public_key = file("${path.root}/cert1.pem") - enable = true + server_public_key = file("${path.root}/cert1.pem") + enable = true } ``` @@ -29,14 +29,14 @@ The following arguments are supported: ## Attribute Reference -- **id** (String) +- **id** (String) Internal id of X509 config (only in Tfstate since the API does not provide any) -- **ca_certificate** (String) +- **ca_certificate** (String) The server X509 ca certificate for users authentication -- **server_public_key** (String) - The server x509 public certificate -- **enable** (String) - Whether or not the X509 users authentication is enabled +- **server_public_key** (String) + The server x509 public certificate +- **enable** (String) + Whether or not the X509 users authentication is enabled ## Import From 6750e6727bc1f31bfff22ec31190d162579c3be5 Mon Sep 17 00:00:00 2001 From: bsimon Date: Fri, 20 Dec 2024 17:18:16 +0100 Subject: [PATCH 8/8] Preparation for 0.14.2 release --- ...p-subprotocol-for-a-service-declaration.md | 4 - .changes/feature_config_x509.md | 3 - CHANGELOG.md | 202 +++++++++--------- bastion/resource_config_x509.go | 5 +- .../resource_externalauth_kerberos_test.go | 2 +- 5 files changed, 111 insertions(+), 105 deletions(-) delete mode 100644 .changes/48-bug-unable-to-add-rdp_audio_input-in-rdp-subprotocol-for-a-service-declaration.md delete mode 100644 .changes/feature_config_x509.md diff --git a/.changes/48-bug-unable-to-add-rdp_audio_input-in-rdp-subprotocol-for-a-service-declaration.md b/.changes/48-bug-unable-to-add-rdp_audio_input-in-rdp-subprotocol-for-a-service-declaration.md deleted file mode 100644 index 73f94f2..0000000 --- a/.changes/48-bug-unable-to-add-rdp_audio_input-in-rdp-subprotocol-for-a-service-declaration.md +++ /dev/null @@ -1,4 +0,0 @@ - -BUG FIXES: - -* fixed list of SSH and RDP supported subprotocols. diff --git a/.changes/feature_config_x509.md b/.changes/feature_config_x509.md deleted file mode 100644 index e6ab805..0000000 --- a/.changes/feature_config_x509.md +++ /dev/null @@ -1,3 +0,0 @@ -FEATURES: - -* **resource/wallix-bastion_config_x509**: added the possibilty to configure the X509 for the GUI and for users authentication \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index e21b8c9..bf61e37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,251 +1,261 @@ # changelog +## 0.14.2 (December 20, 2024) + +FEATURES: + +- **resource/wallix-bastion_config_x509**: added the possibilty to configure the X509 for the GUI and for users authentication + +BUG FIXES: + +- **resource/wallix-device_service**: supported subprotocols. + ## 0.14.1 (December 13, 2024) FEATURES: -* **datasource/wallix-bastion_authdomain_ad**: added the datasource to retrieve an existing authdomain -* **resource/wallix-bastion_domain_account_credential**: added credential propagation to AD upon creation. +- **datasource/wallix-bastion_authdomain_ad**: added the datasource to retrieve an existing authdomain +- **resource/wallix-bastion_domain_account_credential**: added credential propagation to AD upon creation. BUG FIXES: -* **resource/wallix-bastion_externalauth_kerberos**: deprecate `login_attribute` argument (it produces Bad Request with API v3.12) -* **provider_test**: Added the user environment variable presence test for acceptance tests. +- **resource/wallix-bastion_externalauth_kerberos**: deprecate `login_attribute` argument (it produces Bad Request with API v3.12) +- **provider_test**: Added the user environment variable presence test for acceptance tests. ## 0.14.0 (November 08, 2024) BREAKING CHANGES: -* remove compatibility with API version 3.3 and 3.6 -* remove resource `wallix-bastion_ldapdomain` -* remove resource `wallix-bastion_ldapmapping` -* default provider api_version argument is now `v3.8` -* user statement is now mandatory +- remove compatibility with API version 3.3 and 3.6 +- remove resource `wallix-bastion_ldapdomain` +- remove resource `wallix-bastion_ldapmapping` +- default provider api_version argument is now `v3.8` +- user statement is now mandatory FEATURES: -* add compatibility with API version 3.12 +- add compatibility with API version 3.12 ENHANCEMENTS: -* **resource/wallix-bastion_application**: - * add `category`, `application_url`, `browser`, `browser_version` arguments to be able to add `jumphost` application (not tested) - * `paths` and `target` is now only required when `category` = `standard` -* **resource/wallix-bastion_connection_policy**: add `type` argument with default value as `protocol` value -* **resource/wallix-bastion_externalauth_saml**: add `claim_customization` block argument +- **resource/wallix-bastion_application**: + - add `category`, `application_url`, `browser`, `browser_version` arguments to be able to add `jumphost` application (not tested) + - `paths` and `target` is now only required when `category` = `standard` +- **resource/wallix-bastion_connection_policy**: add `type` argument with default value as `protocol` value +- **resource/wallix-bastion_externalauth_saml**: add `claim_customization` block argument ## 0.13.0 (March 08, 2024) -* build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in https://github.com/wallix/terraform-provider-wallix-bastion/pull/13 -* added http basic authentication by @moulip in https://github.com/wallix/terraform-provider-wallix-bastion/pull/15 +- build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in https://github.com/wallix/terraform-provider-wallix-bastion/pull/13 +- added http basic authentication by @moulip in https://github.com/wallix/terraform-provider-wallix-bastion/pull/15 ## 0.12.2 (January 03, 2024) -* Corrected and added documentation example -* Updated dependancies +- Corrected and added documentation example +- Updated dependancies ## 0.12.1 (October 11, 2023) -* Corrected documentation example -* Provider pushed to terraform registry +- Corrected documentation example +- Provider pushed to terraform registry ## 0.12.0 (October 04, 2023) ENHANCEMENTS: -* release now with golang 1.21 -* resource/**wallix-bastion_user**: update the password when has changed in config to not empty value and `force_change_pwd` isn't true (instead of no-op on password when update resource) +- release now with golang 1.21 +- resource/**wallix-bastion_user**: update the password when has changed in config to not empty value and `force_change_pwd` isn't true (instead of no-op on password when update resource) BUG FIXES: -* reduced compute and memory usage to prepare the JSON payload when creating or updating resource +- reduced compute and memory usage to prepare the JSON payload when creating or updating resource ## 0.11.0 (September 26, 2023) FEATURES: -* add `wallix-bastion_local_password_policy` data source +- add `wallix-bastion_local_password_policy` data source ## 0.10.0 (July 27, 2023) FEATURES: -* add `wallix-bastion_connection_message` resource +- add `wallix-bastion_connection_message` resource BUG FIXES: -* reduce CRUD operations time (reuse HTTP/TCP connections instead of using a new for each request to API) +- reduce CRUD operations time (reuse HTTP/TCP connections instead of using a new for each request to API) ## 0.9.1 (May 15, 2023) BUG FIXES: -* force a resource replacement when `private_key` change on `wallix-bastion_device_localdomain_account_credential` and `wallix-bastion_domain_account_credential` resources (update doesn't work with generated keys) +- force a resource replacement when `private_key` change on `wallix-bastion_device_localdomain_account_credential` and `wallix-bastion_domain_account_credential` resources (update doesn't work with generated keys) ## 0.9.0 (March 03, 2023) ENHANCEMENTS: -* resource/**wallix-bastion_profile**: add `dashboards` argument (not compatible with API v3.3) +- resource/**wallix-bastion_profile**: add `dashboards` argument (not compatible with API v3.3) BUG FIXES: -* fix not detecting that an account's credentials have been deleted while it still exists with resource ID but not linked to the account +- fix not detecting that an account's credentials have been deleted while it still exists with resource ID but not linked to the account ## 0.8.0 (February 24, 2023) FEATURES: -* add `wallix-bastion_configoption` data source +- add `wallix-bastion_configoption` data source ENHANCEMENTS: -* release now with golang 1.20 +- release now with golang 1.20 ## 0.7.0 (January 13, 2023) FEATURES: -* add `wallix-bastion_authdomain_ad` resource -* add `wallix-bastion_authdomain_azuread` resource -* add `wallix-bastion_authdomain_ldap` resource -* add `wallix-bastion_authdomain_mapping` resource -* add `wallix-bastion_externalauth_saml` resource +- add `wallix-bastion_authdomain_ad` resource +- add `wallix-bastion_authdomain_azuread` resource +- add `wallix-bastion_authdomain_ldap` resource +- add `wallix-bastion_authdomain_mapping` resource +- add `wallix-bastion_externalauth_saml` resource ENHANCEMENTS: -* release now with golang 1.19 -* optimize resource search when checking if it already exists before create or when importing -* resource/**wallix-bastion_externalauth_ldap**: add `passphrase` argument -* allow use `v3.8` to `api_version` provider argument +- release now with golang 1.19 +- optimize resource search when checking if it already exists before create or when importing +- resource/**wallix-bastion_externalauth_ldap**: add `passphrase` argument +- allow use `v3.8` to `api_version` provider argument BUG FIXES: -* resource/**wallix-bastion_\*domain** & resource/**wallix-bastion_\*credential**: fix missing requirement of `private_key` with `passphrase` argument -* resource/**wallix-bastion_externalauth_kerberos**: fix missing sensitive option on `keytab` -* resource/**wallix-bastion_externalauth_ldap**: fix missing sensitive option on `certificate` and `private_key` and can't be refresh +- resource/**wallix-bastion\_\*domain** & resource/**wallix-bastion\_\*credential**: fix missing requirement of `private_key` with `passphrase` argument +- resource/**wallix-bastion_externalauth_kerberos**: fix missing sensitive option on `keytab` +- resource/**wallix-bastion_externalauth_ldap**: fix missing sensitive option on `certificate` and `private_key` and can't be refresh ## 0.6.1 (May 17, 2022) NOTES: -* use custom User-Agent when request API -* deps: bump terraform-plugin-sdk to v2.16.0 +- use custom User-Agent when request API +- deps: bump terraform-plugin-sdk to v2.16.0 ## 0.6.0 (February 25, 2022) FEATURES: -* add `wallix-bastion_version` data source +- add `wallix-bastion_version` data source ENHANCEMENTS: -* allow use `v3.6` to `api_version` provider argument +- allow use `v3.6` to `api_version` provider argument BUG FIXES: -* resource/**wallix-bastion_externalauth_kerberos**: add `keytab` argument required in latest version of WAB -* resource/**wallix-bastion_externalauth_radius**: `secret` argument can't be refresh in latest version of WAB -* resource/**wallix-bastion_externalauth_tacacs**: `secret` argument can't be refresh in latest version of WAB +- resource/**wallix-bastion_externalauth_kerberos**: add `keytab` argument required in latest version of WAB +- resource/**wallix-bastion_externalauth_radius**: `secret` argument can't be refresh in latest version of WAB +- resource/**wallix-bastion_externalauth_tacacs**: `secret` argument can't be refresh in latest version of WAB ## 0.5.0 (December 9, 2021) NOTES: -* upgrade golang version to release, so now requires macOS 10.13 High Sierra or later; Older macOS versions are no longer supported. +- upgrade golang version to release, so now requires macOS 10.13 High Sierra or later; Older macOS versions are no longer supported. ## 0.4.2 (December 9, 2021) BUG FIXES: -* resource/**wallix-bastion_connection_policy**: to avoid unnecessary update of resource, `authentication_methods` is now unordered -* resource/**wallix-bastion_application**: avoid large update plan output with unmodified `path` blocks in block set -* resource/**wallix-bastion_targetgroup**: avoid large update plan output with unmodified blocks in block sets +- resource/**wallix-bastion_connection_policy**: to avoid unnecessary update of resource, `authentication_methods` is now unordered +- resource/**wallix-bastion_application**: avoid large update plan output with unmodified `path` blocks in block set +- resource/**wallix-bastion_targetgroup**: avoid large update plan output with unmodified blocks in block sets ## 0.4.1 (October 18, 2021) ENHANCEMENTS: -* [docs] reformat arguments/attributes, add example usage & minor fix +- [docs] reformat arguments/attributes, add example usage & minor fix BUG FIXES: -* fix the potential double slash in url when calling Wallix API -* fix missing sensitive options for few arguments -* resource/**wallix-bastion_application_localdomain**, **wallix-bastion_device_localdomain**, **wallix-bastion_domain**: fix arguments requirement -* resource/**wallix-bastion_application**: fix panic with `global_domains` -* resource/**wallix-bastion_profile**: fix `default_target_group` is required in `target_groups_limitation` block -* resource/**wallix-bastion_domain**: fix `passphrase` can't refresh -* resource/**wallix-bastion_device_localdomain**: fix `passphrase` can't refresh +- fix the potential double slash in url when calling Wallix API +- fix missing sensitive options for few arguments +- resource/**wallix-bastion_application_localdomain**, **wallix-bastion_device_localdomain**, **wallix-bastion_domain**: fix arguments requirement +- resource/**wallix-bastion_application**: fix panic with `global_domains` +- resource/**wallix-bastion_profile**: fix `default_target_group` is required in `target_groups_limitation` block +- resource/**wallix-bastion_domain**: fix `passphrase` can't refresh +- resource/**wallix-bastion_device_localdomain**: fix `passphrase` can't refresh ## 0.4.0 (April 9, 2021) FEATURES: -* add `wallix-bastion_domain` data source +- add `wallix-bastion_domain` data source ## 0.3.3 (April 6, 2021) BUG FIXES: -* fix `global_domains` argument can be an attribute in `wallix-bastion_device_service` resource +- fix `global_domains` argument can be an attribute in `wallix-bastion_device_service` resource ## 0.3.2 (April 1, 2021) BUG FIXES: -* fix `device`/`service` or `application` needed with `domain_type`="global" on `session_accounts` in `wallix-bastion_targetgroup` resource -* fix `resources` argument can be an attribute in `wallix-bastion_domain_account` resource +- fix `device`/`service` or `application` needed with `domain_type`="global" on `session_accounts` in `wallix-bastion_targetgroup` resource +- fix `resources` argument can be an attribute in `wallix-bastion_domain_account` resource ## 0.3.1 (March 30, 2021) BUG FIXES: -* fix import user resource +- fix import user resource ## 0.3.0 (March 19, 2021) FEATURES: -* add `wallix-bastion_application` resource -* add `wallix-bastion_application_localdomain` resource -* add `wallix-bastion_application_localdomain_account` resource -* add `wallix-bastion_checkout_policy` resource -* add `wallix-bastion_cluster` resource -* add `wallix-bastion_connection_policy` resource -* add `wallix-bastion_externalauth_kerberos` resource -* add `wallix-bastion_externalauth_radius` resource -* add `wallix-bastion_externalauth_tacacs` resource -* add `wallix-bastion_profile` resource -* add `wallix-bastion_timeframe` resource +- add `wallix-bastion_application` resource +- add `wallix-bastion_application_localdomain` resource +- add `wallix-bastion_application_localdomain_account` resource +- add `wallix-bastion_checkout_policy` resource +- add `wallix-bastion_cluster` resource +- add `wallix-bastion_connection_policy` resource +- add `wallix-bastion_externalauth_kerberos` resource +- add `wallix-bastion_externalauth_radius` resource +- add `wallix-bastion_externalauth_tacacs` resource +- add `wallix-bastion_profile` resource +- add `wallix-bastion_timeframe` resource ## 0.2.0 (March 5, 2021) FEATURES: -* add `wallix-bastion_authorization` resource -* add `wallix-bastion_device`resource -* add `wallix-bastion_device_localdomain` resource -* add `wallix-bastion_device_localdomain_account` resource -* add `wallix-bastion_device_localdomain_account_credential` resource -* add `wallix-bastion_device_service` resource -* add `wallix-bastion_domain` resource -* add `wallix-bastion_domain_account` resource -* add `wallix-bastion_domain_account_credential` resource -* add `wallix-bastion_ldapdomain` resource -* add `wallix-bastion_ldapmapping` resource -* add `wallix-bastion_targetgroup` resource +- add `wallix-bastion_authorization` resource +- add `wallix-bastion_device`resource +- add `wallix-bastion_device_localdomain` resource +- add `wallix-bastion_device_localdomain_account` resource +- add `wallix-bastion_device_localdomain_account_credential` resource +- add `wallix-bastion_device_service` resource +- add `wallix-bastion_domain` resource +- add `wallix-bastion_domain_account` resource +- add `wallix-bastion_domain_account_credential` resource +- add `wallix-bastion_ldapdomain` resource +- add `wallix-bastion_ldapmapping` resource +- add `wallix-bastion_targetgroup` resource ENHANCEMENTS: -* remove Forcenew on `authentication_name` in `wallix-bastion_externalauth_ldap` resource, it's not necessary +- remove Forcenew on `authentication_name` in `wallix-bastion_externalauth_ldap` resource, it's not necessary BUG FIXES: -* typo in errors displayed -* remove log to debug in http request (possible secret could appear) -* `timeframes` and `restrictions` aren't ordered in `wallix-bastion_usegroup` resource -* do not reactivate `force_change_pwd` after creation and the password has changed in `wallix-bastion_user` resource +- typo in errors displayed +- remove log to debug in http request (possible secret could appear) +- `timeframes` and `restrictions` aren't ordered in `wallix-bastion_usegroup` resource +- do not reactivate `force_change_pwd` after creation and the password has changed in `wallix-bastion_user` resource ## 0.1.0 (February 9, 2021) diff --git a/bastion/resource_config_x509.go b/bastion/resource_config_x509.go index 8983338..5d532e5 100644 --- a/bastion/resource_config_x509.go +++ b/bastion/resource_config_x509.go @@ -61,7 +61,6 @@ func resourceConfigX509Create(ctx context.Context, d *schema.ResourceData, m int func resourceConfigX509Read(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { cfg, err := readConfigX509Options(ctx, m) if err != nil { - return diag.FromErr(err) } @@ -113,6 +112,7 @@ func addConfigX509(ctx context.Context, d *schema.ResourceData, m interface{}) e if code != http.StatusOK && code != http.StatusNoContent { return fmt.Errorf("API returned error: %d with body:\n%s", code, body) } + return nil } @@ -133,6 +133,7 @@ func readConfigX509Options(ctx context.Context, m interface{}) (jsonConfigX509, if err != nil { return result, fmt.Errorf("error unmarshaling JSON: %w", err) } + return result, nil } @@ -146,6 +147,7 @@ func updateConfigX509(ctx context.Context, d *schema.ResourceData, m interface{} if code != http.StatusOK && code != http.StatusNoContent { return fmt.Errorf("API returned error: %d with body:\n%s", code, body) } + return nil } @@ -158,6 +160,7 @@ func deleteConfigX509(ctx context.Context, m interface{}) error { if code != http.StatusOK && code != http.StatusNoContent { return fmt.Errorf("API returned error: %d with body:\n%s", code, body) } + return nil } diff --git a/bastion/resource_externalauth_kerberos_test.go b/bastion/resource_externalauth_kerberos_test.go index 029e598..b0f14a3 100644 --- a/bastion/resource_externalauth_kerberos_test.go +++ b/bastion/resource_externalauth_kerberos_test.go @@ -47,7 +47,7 @@ func TestAccResourceExternalAuthKerberos_basic(t *testing.T) { func testAccResourceExternalAuthKerberosCreate() string { k, _ := hex.DecodeString(keytabDataHexStr) - os.WriteFile("/tmp/testacc_data", k, 0644) //nolint: all + os.WriteFile("/tmp/testacc_data", k, 0o644) //nolint: all return ` data "wallix-bastion_version" "v" {}