2021-03-18 03:30:54 -04:00
|
|
|
package provider
|
2018-05-16 12:00:04 -04:00
|
|
|
|
|
|
|
|
import (
|
2020-12-02 06:06:39 -05:00
|
|
|
"context"
|
2018-05-16 12:00:04 -04:00
|
|
|
"encoding/base64"
|
|
|
|
|
"log"
|
|
|
|
|
|
|
|
|
|
"github.com/docker/docker/api/types/swarm"
|
2021-03-18 03:30:54 -04:00
|
|
|
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
|
|
|
|
|
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
|
2018-05-16 12:00:04 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func resourceDockerSecret() *schema.Resource {
|
|
|
|
|
return &schema.Resource{
|
2021-03-18 03:30:54 -04:00
|
|
|
CreateContext: resourceDockerSecretCreate,
|
|
|
|
|
ReadContext: resourceDockerSecretRead,
|
|
|
|
|
DeleteContext: resourceDockerSecretDelete,
|
2018-05-16 12:00:04 -04:00
|
|
|
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
2019-03-01 16:02:17 -05:00
|
|
|
"name": {
|
2018-05-16 12:00:04 -04:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Description: "User-defined name of the secret",
|
|
|
|
|
Required: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
},
|
|
|
|
|
|
2019-03-01 16:02:17 -05:00
|
|
|
"data": {
|
2021-03-18 03:30:54 -04:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Description: "Base64-url-safe-encoded secret data",
|
|
|
|
|
Required: true,
|
|
|
|
|
Sensitive: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ValidateDiagFunc: validateStringIsBase64Encoded(),
|
2018-05-16 12:00:04 -04:00
|
|
|
},
|
2018-10-18 06:39:58 -04:00
|
|
|
|
2019-03-01 16:02:17 -05:00
|
|
|
"labels": {
|
2019-11-08 18:24:50 -05:00
|
|
|
Type: schema.TypeSet,
|
2019-11-08 18:56:55 -05:00
|
|
|
Optional: true,
|
2018-10-18 06:39:58 -04:00
|
|
|
ForceNew: true,
|
2019-11-08 18:24:50 -05:00
|
|
|
Elem: labelSchema,
|
2018-10-18 06:39:58 -04:00
|
|
|
},
|
2018-05-16 12:00:04 -04:00
|
|
|
},
|
2019-11-12 17:41:59 -05:00
|
|
|
SchemaVersion: 1,
|
|
|
|
|
StateUpgraders: []schema.StateUpgrader{
|
|
|
|
|
{
|
|
|
|
|
Version: 0,
|
|
|
|
|
Type: resourceDockerSecretV0().CoreConfigSchema().ImpliedType(),
|
2021-03-18 03:30:54 -04:00
|
|
|
Upgrade: func(ctx context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
|
2019-11-14 17:44:58 -05:00
|
|
|
return replaceLabelsMapFieldWithSetField(rawState), nil
|
2019-11-12 17:41:59 -05:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceDockerSecretV0() *schema.Resource {
|
|
|
|
|
return &schema.Resource{
|
2020-12-02 06:06:39 -05:00
|
|
|
// This is only used for state migration, so the CRUD
|
|
|
|
|
// callbacks are no longer relevant
|
2019-11-12 17:41:59 -05:00
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"name": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Description: "User-defined name of the secret",
|
|
|
|
|
Required: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"data": {
|
2021-03-18 03:30:54 -04:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Description: "User-defined name of the secret",
|
|
|
|
|
Required: true,
|
|
|
|
|
Sensitive: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ValidateDiagFunc: validateStringIsBase64Encoded(),
|
2019-11-12 17:41:59 -05:00
|
|
|
},
|
|
|
|
|
|
2019-03-01 16:02:17 -05:00
|
|
|
"labels": {
|
2018-10-18 06:39:58 -04:00
|
|
|
Type: schema.TypeMap,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
},
|
2018-05-16 12:00:04 -04:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-18 03:30:54 -04:00
|
|
|
func resourceDockerSecretCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
|
2018-05-16 12:00:04 -04:00
|
|
|
client := meta.(*ProviderConfig).DockerClient
|
|
|
|
|
data, _ := base64.StdEncoding.DecodeString(d.Get("data").(string))
|
|
|
|
|
|
2018-07-03 11:30:53 -04:00
|
|
|
secretSpec := swarm.SecretSpec{
|
|
|
|
|
Annotations: swarm.Annotations{
|
|
|
|
|
Name: d.Get("name").(string),
|
2018-05-16 12:00:04 -04:00
|
|
|
},
|
2018-07-03 11:30:53 -04:00
|
|
|
Data: data,
|
2018-05-16 12:00:04 -04:00
|
|
|
}
|
|
|
|
|
|
2018-10-18 06:39:58 -04:00
|
|
|
if v, ok := d.GetOk("labels"); ok {
|
2019-11-08 18:24:50 -05:00
|
|
|
secretSpec.Annotations.Labels = labelSetToMap(v.(*schema.Set))
|
2018-10-18 06:39:58 -04:00
|
|
|
}
|
|
|
|
|
|
2021-03-18 03:30:54 -04:00
|
|
|
secret, err := client.SecretCreate(ctx, secretSpec)
|
2018-05-16 12:00:04 -04:00
|
|
|
if err != nil {
|
2021-03-18 03:30:54 -04:00
|
|
|
return diag.FromErr(err)
|
2018-05-16 12:00:04 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
d.SetId(secret.ID)
|
|
|
|
|
|
2021-03-18 03:30:54 -04:00
|
|
|
return resourceDockerSecretRead(ctx, d, meta)
|
2018-05-16 12:00:04 -04:00
|
|
|
}
|
|
|
|
|
|
2021-03-18 03:30:54 -04:00
|
|
|
func resourceDockerSecretRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
|
2018-05-16 12:00:04 -04:00
|
|
|
client := meta.(*ProviderConfig).DockerClient
|
2021-03-18 03:30:54 -04:00
|
|
|
secret, _, err := client.SecretInspectWithRaw(ctx, d.Id())
|
2018-05-16 12:00:04 -04:00
|
|
|
if err != nil {
|
2018-07-03 11:30:53 -04:00
|
|
|
log.Printf("[WARN] Secret (%s) not found, removing from state", d.Id())
|
|
|
|
|
d.SetId("")
|
|
|
|
|
return nil
|
2018-05-16 12:00:04 -04:00
|
|
|
}
|
|
|
|
|
d.SetId(secret.ID)
|
2019-11-23 08:42:05 -05:00
|
|
|
d.Set("name", secret.Spec.Name)
|
|
|
|
|
// Note mavogel: secret data is not exposed via the API
|
|
|
|
|
// TODO next major if we do not explicitly do not store it in the state we could import it, but BC
|
|
|
|
|
// d.Set("data", base64.StdEncoding.EncodeToString(secret.Spec.Data))
|
2018-05-16 12:00:04 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-18 03:30:54 -04:00
|
|
|
func resourceDockerSecretDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
|
2018-05-16 12:00:04 -04:00
|
|
|
client := meta.(*ProviderConfig).DockerClient
|
2021-03-18 03:30:54 -04:00
|
|
|
err := client.SecretRemove(ctx, d.Id())
|
2018-05-16 12:00:04 -04:00
|
|
|
if err != nil {
|
2021-03-18 03:30:54 -04:00
|
|
|
return diag.FromErr(err)
|
2018-05-16 12:00:04 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
d.SetId("")
|
|
|
|
|
return nil
|
|
|
|
|
}
|
