From ed93fc1089650c5fa19580b0d748b6cf9f5a46a0 Mon Sep 17 00:00:00 2001 From: korenyoni <10080107+korenyoni@users.noreply.github.com> Date: Tue, 27 Feb 2024 11:35:01 -0500 Subject: [PATCH] Use reusable idp package. --- codefresh/resource_account_idp.go | 92 +++-- codefresh/resource_idp.go | 571 ++--------------------------- codefresh/resource_idp_accounts.go | 3 - 3 files changed, 73 insertions(+), 593 deletions(-) diff --git a/codefresh/resource_account_idp.go b/codefresh/resource_account_idp.go index fc0267c6..025215d0 100644 --- a/codefresh/resource_account_idp.go +++ b/codefresh/resource_account_idp.go @@ -8,6 +8,7 @@ import ( "github.com/codefresh-io/terraform-provider-codefresh/codefresh/cfclient" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/internal/datautil" + "github.com/codefresh-io/terraform-provider-codefresh/codefresh/internal/idp" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -51,16 +52,14 @@ func resourceAccountIdp() *schema.Resource { }), ), // Defined in resource_idp, as schema is the same for global and account scoped IDPs - Schema: idpSchema, + Schema: idp.IdpSchema, } } func resourceAccountIDPCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) id, err := client.CreateIDP(mapResourceToAccountIDP(d), false) - if err != nil { log.Printf("[DEBUG] Error while creating idp. Error = %v", err) return err @@ -71,7 +70,6 @@ func resourceAccountIDPCreate(d *schema.ResourceData, meta interface{}) error { } func resourceAccountIDPRead(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) idpID := d.Id() @@ -79,7 +77,6 @@ func resourceAccountIDPRead(d *schema.ResourceData, meta interface{}) error { var err error cfClientIDP, err = client.GetAccountIdpByID(idpID) - if err != nil { if err.Error() == fmt.Sprintf("[ERROR] IDP with ID %s isn't found.", d.Id()) { d.SetId("") @@ -91,7 +88,6 @@ func resourceAccountIDPRead(d *schema.ResourceData, meta interface{}) error { } err = mapAccountIDPToResource(*cfClientIDP, d) - if err != nil { log.Printf("[DEBUG] Error while getting mapping response to IDP object. Error = %v", err) return err @@ -104,7 +100,6 @@ func resourceAccountIDPDelete(d *schema.ResourceData, meta interface{}) error { client := meta.(*cfclient.Client) err := client.DeleteIDPAccount(d.Id()) - if err != nil { log.Printf("[DEBUG] Error while deleting account level IDP. Error = %v", err) return err @@ -114,11 +109,9 @@ func resourceAccountIDPDelete(d *schema.ResourceData, meta interface{}) error { } func resourceAccountIDPUpdate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) err := client.UpdateIDP(mapResourceToAccountIDP(d), false) - if err != nil { log.Printf("[DEBUG] Error while updating idp. Error = %v", err) return err @@ -136,7 +129,7 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e d.Set("login_url", cfClientIDP.LoginUrl) d.Set("client_type", cfClientIDP.ClientType) - if cfClientIDP.ClientType == "github" { + if cfClientIDP.ClientType == idp.GitHub { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, // Codefresh API Returns the client secret as an encrypted string on the server side @@ -150,10 +143,10 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e "api_path_prefix": cfClientIDP.ApiPathPrefix, }} - d.Set("github", attributes) + d.Set(idp.GitHub, attributes) } - if cfClientIDP.ClientType == "gitlab" { + if cfClientIDP.ClientType == idp.GitLab { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("gitlab.0.client_secret"), @@ -162,10 +155,10 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e "api_url": cfClientIDP.ApiURL, }} - d.Set("gitlab", attributes) + d.Set(idp.GitLab, attributes) } - if cfClientIDP.ClientType == "okta" { + if cfClientIDP.ClientType == idp.Okta { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("okta.0.client_secret"), @@ -178,7 +171,7 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e d.Set("okta", attributes) } - if cfClientIDP.ClientType == "google" { + if cfClientIDP.ClientType == idp.Google { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("google.0.client_secret"), @@ -188,23 +181,22 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e "sync_field": cfClientIDP.SyncField, }} - d.Set("google", attributes) + d.Set(idp.Google, attributes) } - if cfClientIDP.ClientType == "auth0" { + if cfClientIDP.ClientType == idp.Auth0 { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("auth0.0.client_secret"), "domain": cfClientIDP.ClientHost, }} - d.Set("auth0", attributes) + d.Set(idp.Auth0, attributes) } - if cfClientIDP.ClientType == "azure" { + if cfClientIDP.ClientType == idp.Azure { syncInterval, err := strconv.Atoi(cfClientIDP.SyncInterval) - if err != nil { return err } @@ -218,10 +210,10 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e "tenant": cfClientIDP.Tenant, }} - d.Set("azure", attributes) + d.Set(idp.Azure, attributes) } - if cfClientIDP.ClientType == "onelogin" { + if cfClientIDP.ClientType == idp.OneLogin { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("onelogin.0.client_secret"), @@ -234,10 +226,10 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e "app_id": cfClientIDP.AppId, }} - d.Set("onelogin", attributes) + d.Set(idp.OneLogin, attributes) } - if cfClientIDP.ClientType == "keycloak" { + if cfClientIDP.ClientType == idp.Keycloak { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("keycloak.0.client_secret"), @@ -245,12 +237,11 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e "realm": cfClientIDP.Realm, }} - d.Set("keycloak", attributes) + d.Set(idp.Keycloak, attributes) } - if cfClientIDP.ClientType == "saml" { + if cfClientIDP.ClientType == idp.SAML { syncInterval, err := strconv.Atoi(cfClientIDP.SyncInterval) - if err != nil { return err } @@ -269,10 +260,10 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e "access_token": d.Get("saml.0.access_token"), }} - d.Set("saml", attributes) + d.Set(idp.SAML, attributes) } - if cfClientIDP.ClientType == "ldap" { + if cfClientIDP.ClientType == idp.LDAP { attributes := []map[string]interface{}{{ "url": cfClientIDP.Url, "password": d.Get("ldap.0.password"), @@ -284,14 +275,13 @@ func mapAccountIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) e "search_base_for_sync": cfClientIDP.SearchBaseForSync, }} - d.Set("ldap", attributes) + d.Set(idp.LDAP, attributes) } return nil } func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { - cfClientIDP := &cfclient.IDP{ ID: d.Id(), DisplayName: d.Get("display_name").(string), @@ -301,8 +291,8 @@ func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { LoginUrl: d.Get("login_url").(string), } - if _, ok := d.GetOk("github"); ok { - cfClientIDP.ClientType = "github" + if _, ok := d.GetOk(idp.GitHub); ok { + cfClientIDP.ClientType = idp.GitHub cfClientIDP.ClientId = d.Get("github.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("github.0.client_secret").(string) cfClientIDP.AuthURL = d.Get("github.0.authentication_url").(string) @@ -312,8 +302,8 @@ func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.ApiPathPrefix = d.Get("github.0.api_path_prefix").(string) } - if _, ok := d.GetOk("gitlab"); ok { - cfClientIDP.ClientType = "gitlab" + if _, ok := d.GetOk(idp.GitLab); ok { + cfClientIDP.ClientType = idp.GitLab cfClientIDP.ClientId = d.Get("gitlab.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("gitlab.0.client_secret").(string) cfClientIDP.AuthURL = d.Get("gitlab.0.authentication_url").(string) @@ -321,8 +311,8 @@ func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.ApiURL = d.Get("gitlab.0.api_url").(string) } - if _, ok := d.GetOk("okta"); ok { - cfClientIDP.ClientType = "okta" + if _, ok := d.GetOk(idp.Okta); ok { + cfClientIDP.ClientType = idp.Okta cfClientIDP.ClientId = d.Get("okta.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("okta.0.client_secret").(string) cfClientIDP.ClientHost = d.Get("okta.0.client_host").(string) @@ -331,8 +321,8 @@ func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.Access_token = d.Get("okta.0.access_token").(string) } - if _, ok := d.GetOk("google"); ok { - cfClientIDP.ClientType = "google" + if _, ok := d.GetOk(idp.Google); ok { + cfClientIDP.ClientType = idp.Google cfClientIDP.ClientId = d.Get("google.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("google.0.client_secret").(string) cfClientIDP.KeyFile = d.Get("google.0.json_keyfile").(string) @@ -341,15 +331,15 @@ func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.SyncField = d.Get("google.0.sync_field").(string) } - if _, ok := d.GetOk("auth0"); ok { - cfClientIDP.ClientType = "auth0" + if _, ok := d.GetOk(idp.Auth0); ok { + cfClientIDP.ClientType = idp.Auth0 cfClientIDP.ClientId = d.Get("auth0.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("auth0.0.client_secret").(string) cfClientIDP.ClientHost = d.Get("auth0.0.domain").(string) } - if _, ok := d.GetOk("azure"); ok { - cfClientIDP.ClientType = "azure" + if _, ok := d.GetOk(idp.Azure); ok { + cfClientIDP.ClientType = idp.Azure cfClientIDP.ClientId = d.Get("azure.0.app_id").(string) cfClientIDP.ClientSecret = d.Get("azure.0.client_secret").(string) cfClientIDP.AppId = d.Get("azure.0.object_id").(string) @@ -358,8 +348,8 @@ func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.SyncInterval = strconv.Itoa(d.Get("azure.0.sync_interval").(int)) } - if _, ok := d.GetOk("onelogin"); ok { - cfClientIDP.ClientType = "onelogin" + if _, ok := d.GetOk(idp.OneLogin); ok { + cfClientIDP.ClientType = idp.OneLogin cfClientIDP.ClientId = d.Get("onelogin.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("onelogin.0.client_secret").(string) cfClientIDP.ClientHost = d.Get("onelogin.0.domain").(string) @@ -368,16 +358,16 @@ func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.ApiClientSecret = d.Get("onelogin.0.api_client_secret").(string) } - if _, ok := d.GetOk("keycloak"); ok { - cfClientIDP.ClientType = "keycloak" + if _, ok := d.GetOk(idp.Keycloak); ok { + cfClientIDP.ClientType = idp.Keycloak cfClientIDP.ClientId = d.Get("keycloak.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("keycloak.0.client_secret").(string) cfClientIDP.Host = d.Get("keycloak.0.host").(string) cfClientIDP.Realm = d.Get("keycloak.0.realm").(string) } - if _, ok := d.GetOk("saml"); ok { - cfClientIDP.ClientType = "saml" + if _, ok := d.GetOk(idp.SAML); ok { + cfClientIDP.ClientType = idp.SAML cfClientIDP.SamlProvider = d.Get("saml.0.provider").(string) cfClientIDP.EntryPoint = d.Get("saml.0.endpoint").(string) cfClientIDP.ApplicationCert = d.Get("saml.0.application_certificate").(string) @@ -392,8 +382,8 @@ func mapResourceToAccountIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.Access_token = d.Get("saml.0.access_token").(string) } - if _, ok := d.GetOk("ldap"); ok { - cfClientIDP.ClientType = "ldap" + if _, ok := d.GetOk(idp.LDAP); ok { + cfClientIDP.ClientType = idp.LDAP cfClientIDP.Url = d.Get("ldap.0.url").(string) cfClientIDP.Password = d.Get("ldap.0.password").(string) cfClientIDP.DistinguishedName = d.Get("ldap.0.distinguished_name").(string) diff --git a/codefresh/resource_idp.go b/codefresh/resource_idp.go index 994cac9c..49af78a9 100644 --- a/codefresh/resource_idp.go +++ b/codefresh/resource_idp.go @@ -5,510 +5,15 @@ import ( "errors" "fmt" "log" - "regexp" "strconv" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/cfclient" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/internal/datautil" + "github.com/codefresh-io/terraform-provider-codefresh/codefresh/internal/idp" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) -var supportedIdps = []string{"github", "gitlab", "okta", "google", "auth0", "azure", "onelogin", "keycloak", "saml", "ldap"} -var idpSchema = map[string]*schema.Schema{ - "display_name": { - Description: "The display name for the IDP.", - Type: schema.TypeString, - Required: true, - }, - "name": { - Description: "Name of the IDP, will be generated if not set", - Type: schema.TypeString, - Computed: true, - Optional: true, - }, - "client_type": { - Description: "Type of the IDP. Derived from idp specific config object (github, gitlab etc)", - Type: schema.TypeString, - Computed: true, - ForceNew: true, - }, - "redirect_url": { - Description: "API Callback url for the identity provider", - Type: schema.TypeString, - Computed: true, - }, - "redirect_ui_url": { - Description: "UI Callback url for the identity provider", - Type: schema.TypeString, - Computed: true, - }, - "login_url": { - Description: "Login url using the IDP to Codefresh", - Type: schema.TypeString, - Computed: true, - }, - "github": { - Description: "Settings for GitHub IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "client_id": { - Type: schema.TypeString, - Description: "Client ID from Github", - Required: true, - }, - "client_secret": { - Type: schema.TypeString, - Description: "Client secret from GitHub", - Required: true, - Sensitive: true, - }, - "authentication_url": { - Type: schema.TypeString, - Description: "Authentication url, Defaults to https://github.com/login/oauth/authorize", - Optional: true, - Default: "https://github.com/login/oauth/authorize", - }, - "token_url": { - Type: schema.TypeString, - Description: "GitHub token endpoint url, Defaults to https://github.com/login/oauth/access_token", - Optional: true, - Default: "https://github.com/login/oauth/access_token", - }, - "user_profile_url": { - Type: schema.TypeString, - Description: "GitHub user profile url, Defaults to https://api.github.com/user", - Optional: true, - Default: "https://api.github.com/user", - }, - "api_host": { - Type: schema.TypeString, - Description: "GitHub API host, Defaults to api.github.com", - Optional: true, - Default: "api.github.com", - }, - "api_path_prefix": { - Type: schema.TypeString, - Description: "GitHub API url path prefix, defaults to /", - Optional: true, - Default: "/", - }, - }, - }, - }, - "gitlab": { - Description: "Settings for GitLab IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "client_id": { - Type: schema.TypeString, - Description: "Client ID from Gitlab", - Required: true, - }, - "client_secret": { - Type: schema.TypeString, - Description: "Client secret from Gitlab", - Required: true, - Sensitive: true, - }, - "authentication_url": { - Type: schema.TypeString, - Description: "Authentication url, Defaults to https://gitlab.com", - Optional: true, - Default: "https://gitlab.com", - }, - "user_profile_url": { - Type: schema.TypeString, - Description: "User profile url, Defaults to https://gitlab.com/api/v4/user", - Optional: true, - Default: "https://gitlab.com/api/v4/user", - }, - "api_url": { - Type: schema.TypeString, - Description: "Base url for Gitlab API, Defaults to https://gitlab.com/api/v4/", - Optional: true, - Default: "https://gitlab.com/api/v4/", - }, - }, - }, - }, - "okta": { - Description: "Settings for Okta IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "client_id": { - Type: schema.TypeString, - Description: "Client ID in Okta, must be unique across all identity providers in Codefresh", - Required: true, - }, - "client_secret": { - Type: schema.TypeString, - Description: "Client secret in Okta", - Required: true, - Sensitive: true, - }, - "client_host": { - Type: schema.TypeString, - Description: "The OKTA organization URL, for example, https://.okta.com", - ValidateFunc: validation.StringMatch(regexp.MustCompile(`^(https?:\/\/)(\S+)(\.okta(preview|-emea)?\.com$)`), "must be a valid okta url"), - Required: true, - }, - "app_id": { - Type: schema.TypeString, - Description: "The Codefresh application ID in your OKTA organization", - Optional: true, - }, - "sync_mirror_accounts": { - Type: schema.TypeList, - Description: "The names of the additional Codefresh accounts to be synced from Okta", - Optional: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "access_token": { - Type: schema.TypeString, - Description: "The Okta API token generated in Okta, used to sync groups and their users from Okta to Codefresh", - Optional: true, - }, - }, - }, - }, - "google": { - Description: "Settings for Google IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "client_id": { - Type: schema.TypeString, - Description: "Client ID in Google, must be unique across all identity providers in Codefresh", - Required: true, - }, - "client_secret": { - Type: schema.TypeString, - Description: "Client secret in Google", - Required: true, - Sensitive: true, - }, - "admin_email": { - Type: schema.TypeString, - Description: "Email of a user with admin permissions on google, relevant only for synchronization", - Optional: true, - }, - "json_keyfile": { - Type: schema.TypeString, - Description: "JSON keyfile for google service account used for synchronization", - Optional: true, - }, - "allowed_groups_for_sync": { - Type: schema.TypeString, - Description: "Comma separated list of groups to sync", - Optional: true, - }, - "sync_field": { - Type: schema.TypeString, - Description: "Relevant for custom schema-based synchronization only. See Codefresh documentation", - Optional: true, - }, - }, - }, - }, - "auth0": { - Description: "Settings for Auth0 IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "client_id": { - Type: schema.TypeString, - Description: "Client ID from Auth0", - Required: true, - }, - "client_secret": { - Type: schema.TypeString, - Description: "Client secret from Auth0", - Required: true, - Sensitive: true, - }, - "domain": { - Type: schema.TypeString, - Description: "The domain of the Auth0 application", - Required: true, - }, - }, - }, - }, - "azure": { - Description: "Settings for Azure IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "client_secret": { - Type: schema.TypeString, - Description: "Client secret from Azure", - Required: true, - Sensitive: true, - }, - "app_id": { - Type: schema.TypeString, - Description: "The Application ID from your Enterprise Application Properties in Azure AD", - Required: true, - }, - "tenant": { - Type: schema.TypeString, - Description: "Azure tenant", - Optional: true, - }, - "object_id": { - Type: schema.TypeString, - Description: "The Object ID from your Enterprise Application Properties in Azure AD", - Optional: true, - }, - "autosync_teams_and_users": { - Type: schema.TypeBool, - Description: "Set to true to sync user accounts in Azure AD to your Codefresh account", - Optional: true, - Default: false, - }, - "sync_interval": { - Type: schema.TypeInt, - Description: "Sync interval in hours for syncing user accounts in Azure AD to your Codefresh account. If not set the sync inteval will be 12 hours", - Optional: true, - }, - }, - }, - }, - "onelogin": { - Description: "Settings for onelogin IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "client_id": { - Type: schema.TypeString, - Description: "Client ID from Onelogin", - Required: true, - }, - "client_secret": { - Type: schema.TypeString, - Description: "Client secret from Onelogin", - Required: true, - Sensitive: true, - }, - "domain": { - Type: schema.TypeString, - Description: "The domain to be used for authentication", - Required: true, - }, - "app_id": { - Type: schema.TypeString, - Description: "The Codefresh application ID in your Onelogin", - Optional: true, - }, - "api_client_id": { - Type: schema.TypeString, - Description: "Client ID for onelogin API, only needed if syncing users and groups from Onelogin", - Optional: true, - }, - "api_client_secret": { - Type: schema.TypeString, - Description: "Client secret for onelogin API, only needed if syncing users and groups from Onelogin", - Optional: true, - // When onelogin IDP is created on account level, after the first apply the client secret is returned obfuscated - //DiffSuppressFunc: surpressObfuscatedFields(), - }, - }, - }, - }, - "keycloak": { - Description: "Settings for Keycloak IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "client_id": { - Type: schema.TypeString, - Description: "Client ID from Keycloak", - Required: true, - }, - "client_secret": { - Type: schema.TypeString, - Description: "Client secret from Keycloak", - Required: true, - Sensitive: true, - }, - "host": { - Type: schema.TypeString, - Description: "The Keycloak URL", - Required: true, - ValidateFunc: validation.StringMatch(regexp.MustCompile(`^(https?:\/\/)(\S+)$`), "must be a valid url"), - }, - "realm": { - Type: schema.TypeString, - Description: "The Realm ID for Codefresh in Keycloak. Defaults to master", - Optional: true, - Default: "master", - }, - }, - }, - }, - "saml": { - Description: "Settings for SAML IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "endpoint": { - Type: schema.TypeString, - Description: "The SSO endpoint of your Identity Provider", - Required: true, - }, - "application_certificate": { - Type: schema.TypeString, - Description: "The security certificate of your Identity Provider. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand", - Required: true, - Sensitive: true, - }, - "provider": { - Type: schema.TypeString, - Description: "SAML provider. Currently supported values - GSuite, okta or empty string for generic provider. Defaults to empty string", - Optional: true, - Default: "", - ValidateFunc: validation.StringInSlice([]string{"", "okta", "GSuite"}, false), - }, - "allowed_groups_for_sync": { - Type: schema.TypeString, - Description: "Valid for GSuite only: Comma separated list of groups to sync", - Optional: true, - }, - "autosync_teams_and_users": { - Type: schema.TypeBool, - Description: "Valid for Okta/GSuite: Set to true to sync user accounts and teams in okta/gsuite to your Codefresh account", - Optional: true, - Default: false, - }, - "sync_interval": { - Type: schema.TypeInt, - Description: "Valid for Okta/GSuite: Sync interval in hours for syncing user accounts in okta/gsuite to your Codefresh account. If not set the sync inteval will be 12 hours", - Optional: true, - }, - "activate_users_after_sync": { - Type: schema.TypeBool, - Description: "Valid for Okta only: If set to true, Codefresh will automatically invite and activate new users added during the automated sync, without waiting for the users to accept the invitations. Defaults to false", - Optional: true, - Default: false, - }, - "app_id": { - Type: schema.TypeString, - Description: "Valid for Okta only: The Codefresh application ID in Okta", - Optional: true, - }, - "client_host": { - Type: schema.TypeString, - Description: "Valid for Okta only: OKTA organization URL, for example, https://.okta.com", - Optional: true, - }, - "json_keyfile": { - Type: schema.TypeString, - Description: "Valid for GSuite only: JSON keyfile for google service account used for synchronization", - Optional: true, - }, - "admin_email": { - Type: schema.TypeString, - Description: "Valid for GSuite only: Email of a user with admin permissions on google, relevant only for synchronization", - Optional: true, - }, - "access_token": { - Type: schema.TypeString, - Description: "Valid for Okta only: The Okta API token generated in Okta, used to sync groups and their users from Okta to Codefresh", - Optional: true, - }, - }, - }, - }, - "ldap": { - Description: "Settings for Keycloak IDP", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: supportedIdps, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "url": { - Type: schema.TypeString, - Description: "ldap server url", - Required: true, - ValidateFunc: validation.StringMatch(regexp.MustCompile(`^ldap(s?):\/\/`), "must be a valid ldap url (must start with ldap:// or ldaps://)"), - }, - "password": { - Type: schema.TypeString, - Description: "The password of the user defined in Distinguished name that will be used to search other users", - Required: true, - Sensitive: true, - }, - "distinguished_name": { - Type: schema.TypeString, - Description: "The username to be used to search other users in LDAP notation (combination of cn, ou,dc)", - Optional: true, - Computed: true, - }, - "search_base": { - Type: schema.TypeString, - Description: "The search-user scope in LDAP notation", - Required: true, - }, - "search_filter": { - Type: schema.TypeString, - Description: "The attribute by which to search for the user on the LDAP server. By default, set to uid. For the Azure LDAP server, set this field to sAMAccountName", - Optional: true, - }, - "certificate": { - Type: schema.TypeString, - Description: "For ldaps only: The security certificate of the LDAP server. Do not convert to base64 or any other encoding", - Optional: true, - }, - "allowed_groups_for_sync": { - Type: schema.TypeString, - Description: "To sync only by specified groups - specify a comma separated list of groups, by default all groups will be synced", - Optional: true, - }, - "search_base_for_sync": { - Type: schema.TypeString, - Description: "Synchronize using a custom search base, by deafult seach_base is used", - Optional: true, - }, - }, - }, - }, -} - func resourceIdp() *schema.Resource { return &schema.Resource{ Description: "Codefresh global level identity provider. Requires Codefresh admin token, hence is relevant only for on-prem deployments of Codefresh", @@ -536,16 +41,14 @@ func resourceIdp() *schema.Resource { } }), ), - Schema: idpSchema, + Schema: idp.IdpSchema, } } func resourceIDPCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) id, err := client.CreateIDP(mapResourceToIDP(d), true) - if err != nil { log.Printf("[DEBUG] Error while creating idp. Error = %v", err) return err @@ -556,7 +59,6 @@ func resourceIDPCreate(d *schema.ResourceData, meta interface{}) error { } func resourceIDPRead(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) idpID := d.Id() @@ -564,7 +66,6 @@ func resourceIDPRead(d *schema.ResourceData, meta interface{}) error { var err error cfClientIDP, err = client.GetIdpByID(idpID) - if err != nil { if err.Error() == fmt.Sprintf("[ERROR] IDP with ID %s isn't found.", d.Id()) { d.SetId("") @@ -576,7 +77,6 @@ func resourceIDPRead(d *schema.ResourceData, meta interface{}) error { } err = mapIDPToResource(*cfClientIDP, d) - if err != nil { log.Printf("[DEBUG] Error while getting mapping response to IDP object. Error = %v", err) return err @@ -593,7 +93,6 @@ func resourceIDPDelete(d *schema.ResourceData, meta interface{}) error { var err error cfClientIDP, err = client.GetIdpByID(idpID) - if err != nil { log.Printf("[DEBUG] Error while getting IDP. Error = %v", err) return err @@ -604,7 +103,6 @@ func resourceIDPDelete(d *schema.ResourceData, meta interface{}) error { } err = client.DeleteIDP(d.Id()) - if err != nil { log.Printf("[DEBUG] Error while deleting IDP. Error = %v", err) return err @@ -614,11 +112,9 @@ func resourceIDPDelete(d *schema.ResourceData, meta interface{}) error { } func resourceIDPUpdate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) err := client.UpdateIDP(mapResourceToIDP(d), true) - if err != nil { log.Printf("[DEBUG] Error while updating idp. Error = %v", err) return err @@ -636,7 +132,7 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("login_url", cfClientIDP.LoginUrl) d.Set("client_type", cfClientIDP.ClientType) - if cfClientIDP.ClientType == "github" { + if cfClientIDP.ClientType == idp.GitHub { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, // Codefresh API Returns the client secret as an encrypted string on the server side @@ -653,7 +149,7 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("github", attributes) } - if cfClientIDP.ClientType == "gitlab" { + if cfClientIDP.ClientType == idp.GitLab { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("gitlab.0.client_secret"), @@ -665,7 +161,7 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("gitlab", attributes) } - if cfClientIDP.ClientType == "okta" { + if cfClientIDP.ClientType == idp.Okta { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("okta.0.client_secret"), @@ -678,7 +174,7 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("okta", attributes) } - if cfClientIDP.ClientType == "google" { + if cfClientIDP.ClientType == idp.Google { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("google.0.client_secret"), @@ -691,7 +187,7 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("google", attributes) } - if cfClientIDP.ClientType == "auth0" { + if cfClientIDP.ClientType == idp.Auth0 { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("auth0.0.client_secret"), @@ -701,10 +197,9 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("auth0", attributes) } - if cfClientIDP.ClientType == "azure" { + if cfClientIDP.ClientType == idp.Azure { syncInterval, err := strconv.Atoi(cfClientIDP.SyncInterval) - if err != nil { return err } @@ -721,7 +216,7 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("azure", attributes) } - if cfClientIDP.ClientType == "onelogin" { + if cfClientIDP.ClientType == idp.OneLogin { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("onelogin.0.client_secret"), @@ -735,7 +230,7 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("onelogin", attributes) } - if cfClientIDP.ClientType == "keycloak" { + if cfClientIDP.ClientType == idp.Keycloak { attributes := []map[string]interface{}{{ "client_id": cfClientIDP.ClientId, "client_secret": d.Get("keycloak.0.client_secret"), @@ -746,9 +241,8 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("keycloak", attributes) } - if cfClientIDP.ClientType == "saml" { + if cfClientIDP.ClientType == idp.SAML { syncInterval, err := strconv.Atoi(cfClientIDP.SyncInterval) - if err != nil { return err } @@ -770,7 +264,7 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { d.Set("saml", attributes) } - if cfClientIDP.ClientType == "ldap" { + if cfClientIDP.ClientType == idp.LDAP { attributes := []map[string]interface{}{{ "url": cfClientIDP.Url, "password": d.Get("ldap.0.password"), @@ -789,7 +283,6 @@ func mapIDPToResource(cfClientIDP cfclient.IDP, d *schema.ResourceData) error { } func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { - cfClientIDP := &cfclient.IDP{ ID: d.Id(), DisplayName: d.Get("display_name").(string), @@ -799,8 +292,8 @@ func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { LoginUrl: d.Get("login_url").(string), } - if _, ok := d.GetOk("github"); ok { - cfClientIDP.ClientType = "github" + if _, ok := d.GetOk(idp.GitHub); ok { + cfClientIDP.ClientType = idp.GitHub cfClientIDP.ClientId = d.Get("github.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("github.0.client_secret").(string) cfClientIDP.AuthURL = d.Get("github.0.authentication_url").(string) @@ -810,8 +303,8 @@ func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.ApiPathPrefix = d.Get("github.0.api_path_prefix").(string) } - if _, ok := d.GetOk("gitlab"); ok { - cfClientIDP.ClientType = "gitlab" + if _, ok := d.GetOk(idp.GitLab); ok { + cfClientIDP.ClientType = idp.GitLab cfClientIDP.ClientId = d.Get("gitlab.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("gitlab.0.client_secret").(string) cfClientIDP.AuthURL = d.Get("gitlab.0.authentication_url").(string) @@ -819,8 +312,8 @@ func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.ApiURL = d.Get("gitlab.0.api_url").(string) } - if _, ok := d.GetOk("okta"); ok { - cfClientIDP.ClientType = "okta" + if _, ok := d.GetOk(idp.Okta); ok { + cfClientIDP.ClientType = idp.Okta cfClientIDP.ClientId = d.Get("okta.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("okta.0.client_secret").(string) cfClientIDP.ClientHost = d.Get("okta.0.client_host").(string) @@ -829,8 +322,8 @@ func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.Access_token = d.Get("okta.0.access_token").(string) } - if _, ok := d.GetOk("google"); ok { - cfClientIDP.ClientType = "google" + if _, ok := d.GetOk(idp.Google); ok { + cfClientIDP.ClientType = idp.Google cfClientIDP.ClientId = d.Get("google.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("google.0.client_secret").(string) cfClientIDP.KeyFile = d.Get("google.0.json_keyfile").(string) @@ -839,15 +332,15 @@ func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.SyncField = d.Get("google.0.sync_field").(string) } - if _, ok := d.GetOk("auth0"); ok { - cfClientIDP.ClientType = "auth0" + if _, ok := d.GetOk(idp.Auth0); ok { + cfClientIDP.ClientType = idp.Auth0 cfClientIDP.ClientId = d.Get("auth0.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("auth0.0.client_secret").(string) cfClientIDP.ClientHost = d.Get("auth0.0.domain").(string) } - if _, ok := d.GetOk("azure"); ok { - cfClientIDP.ClientType = "azure" + if _, ok := d.GetOk(idp.Azure); ok { + cfClientIDP.ClientType = idp.Azure cfClientIDP.ClientId = d.Get("azure.0.app_id").(string) cfClientIDP.ClientSecret = d.Get("azure.0.client_secret").(string) cfClientIDP.AppId = d.Get("azure.0.object_id").(string) @@ -856,8 +349,8 @@ func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.SyncInterval = strconv.Itoa(d.Get("azure.0.sync_interval").(int)) } - if _, ok := d.GetOk("onelogin"); ok { - cfClientIDP.ClientType = "onelogin" + if _, ok := d.GetOk(idp.OneLogin); ok { + cfClientIDP.ClientType = idp.OneLogin cfClientIDP.ClientId = d.Get("onelogin.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("onelogin.0.client_secret").(string) cfClientIDP.ClientHost = d.Get("onelogin.0.domain").(string) @@ -866,16 +359,16 @@ func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.ApiClientSecret = d.Get("onelogin.0.api_client_secret").(string) } - if _, ok := d.GetOk("keycloak"); ok { - cfClientIDP.ClientType = "keycloak" + if _, ok := d.GetOk(idp.Keycloak); ok { + cfClientIDP.ClientType = idp.Keycloak cfClientIDP.ClientId = d.Get("keycloak.0.client_id").(string) cfClientIDP.ClientSecret = d.Get("keycloak.0.client_secret").(string) cfClientIDP.Host = d.Get("keycloak.0.host").(string) cfClientIDP.Realm = d.Get("keycloak.0.realm").(string) } - if _, ok := d.GetOk("saml"); ok { - cfClientIDP.ClientType = "saml" + if _, ok := d.GetOk(idp.SAML); ok { + cfClientIDP.ClientType = idp.SAML cfClientIDP.SamlProvider = d.Get("saml.0.provider").(string) cfClientIDP.EntryPoint = d.Get("saml.0.endpoint").(string) cfClientIDP.ApplicationCert = d.Get("saml.0.application_certificate").(string) @@ -890,8 +383,8 @@ func mapResourceToIDP(d *schema.ResourceData) *cfclient.IDP { cfClientIDP.Access_token = d.Get("saml.0.access_token").(string) } - if _, ok := d.GetOk("ldap"); ok { - cfClientIDP.ClientType = "ldap" + if _, ok := d.GetOk(idp.LDAP); ok { + cfClientIDP.ClientType = idp.LDAP cfClientIDP.Url = d.Get("ldap.0.url").(string) cfClientIDP.Password = d.Get("ldap.0.password").(string) cfClientIDP.DistinguishedName = d.Get("ldap.0.distinguished_name").(string) diff --git a/codefresh/resource_idp_accounts.go b/codefresh/resource_idp_accounts.go index 4509c1ee..dc625d17 100644 --- a/codefresh/resource_idp_accounts.go +++ b/codefresh/resource_idp_accounts.go @@ -38,7 +38,6 @@ Because of the current Codefresh API limitation it's impossible to remove accoun } func resourceIDPAccountsCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) accountIds := datautil.ConvertStringArr(d.Get("account_ids").(*schema.Set).List()) @@ -60,7 +59,6 @@ func resourceIDPAccountsCreate(d *schema.ResourceData, meta interface{}) error { } func resourceIDPAccountsRead(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) idpID := d.Id() @@ -94,7 +92,6 @@ func resourceIDPAccountsDelete(_ *schema.ResourceData, _ interface{}) error { } func resourceIDPAccountsUpdate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cfclient.Client) idpID := d.Id()