From 82675bcad7b3f247a82dfaa928a74cacaf183a6b Mon Sep 17 00:00:00 2001 From: = Date: Sun, 2 Jun 2024 23:25:33 +0530 Subject: [PATCH 1/4] feat: added authentication with infisical cli --- go.mod | 29 ++++++------- go.sum | 62 ++++++++++------------------ internal/client/client.go | 41 ++++++++++++++---- internal/client/login.go | 20 +++++++++ internal/cliuser/cliuser.go | 68 ++++++++++++++++++++++++++++++ internal/cliuser/config.go | 78 +++++++++++++++++++++++++++++++++++ internal/cliuser/keyring.go | 34 +++++++++++++++ internal/provider/provider.go | 16 ++++++- 8 files changed, 282 insertions(+), 66 deletions(-) create mode 100644 internal/cliuser/cliuser.go create mode 100644 internal/cliuser/config.go create mode 100644 internal/cliuser/keyring.go diff --git a/go.mod b/go.mod index 452e087..2d0d0ea 100644 --- a/go.mod +++ b/go.mod @@ -4,12 +4,10 @@ go 1.19 require ( github.com/go-resty/resty/v2 v2.7.0 - github.com/hashicorp-demoapp/hashicups-client-go v0.1.0 github.com/hashicorp/terraform-plugin-docs v0.15.0 github.com/hashicorp/terraform-plugin-framework v1.3.0 - github.com/hashicorp/terraform-plugin-go v0.15.0 - github.com/hashicorp/terraform-plugin-log v0.9.0 - github.com/hashicorp/terraform-plugin-testing v1.2.0 + github.com/zalando/go-keyring v0.2.3 + golang.org/x/crypto v0.8.0 ) require ( @@ -17,30 +15,30 @@ require ( github.com/Masterminds/semver/v3 v3.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.2 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect - github.com/agext/levenshtein v1.2.2 // indirect + github.com/alessio/shellescape v1.4.2 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/armon/go-radix v1.0.0 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect github.com/cloudflare/circl v1.3.3 // indirect + github.com/danieljoos/wincred v1.2.1 // indirect + github.com/dvsekhvalnov/jose2go v1.5.0 // indirect github.com/fatih/color v1.15.0 // indirect + github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/go-cmp v0.5.9 // indirect github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect github.com/hashicorp/go-hclog v1.5.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.4.10 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hc-install v0.5.2 // indirect - github.com/hashicorp/hcl/v2 v2.16.2 // indirect - github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/terraform-exec v0.18.1 // indirect github.com/hashicorp/terraform-json v0.16.0 // indirect - github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 // indirect + github.com/hashicorp/terraform-plugin-go v0.15.0 // indirect + github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.0 // indirect github.com/hashicorp/terraform-svchost v0.1.0 // indirect github.com/hashicorp/yamux v0.1.1 // indirect @@ -51,25 +49,24 @@ require ( github.com/mitchellh/cli v1.1.5 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect - github.com/mitchellh/go-wordwrap v1.0.0 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/mtibben/percent v0.2.1 // indirect github.com/oklog/run v1.1.0 // indirect github.com/posener/complete v1.2.3 // indirect github.com/russross/blackfriday v1.6.0 // indirect github.com/shopspring/decimal v1.3.1 // indirect github.com/spf13/cast v1.5.0 // indirect - github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/zclconf/go-cty v1.13.2 // indirect - golang.org/x/crypto v0.8.0 // indirect golang.org/x/mod v0.10.0 // indirect golang.org/x/net v0.10.0 // indirect - golang.org/x/sys v0.8.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.11.0 // indirect golang.org/x/text v0.9.0 // indirect - google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect google.golang.org/grpc v1.55.0 // indirect google.golang.org/protobuf v1.30.0 // indirect ) + +replace github.com/zalando/go-keyring => github.com/Infisical/go-keyring v1.0.2 diff --git a/go.sum b/go.sum index 1935d1b..c3cd92f 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +github.com/Infisical/go-keyring v1.0.2 h1:dWOkI/pB/7RocfSJgGXbXxLDcVYsdslgjEPmVhb+nl8= +github.com/Infisical/go-keyring v1.0.2/go.mod h1:LWOnn/sw9FxDW/0VY+jHFAfOFEe03xmwBVSfJnBowto= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= @@ -9,9 +11,8 @@ github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VM github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= -github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= -github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= -github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= +github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0= +github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= @@ -23,9 +24,13 @@ github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= +github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dvsekhvalnov/jose2go v1.5.0 h1:3j8ya4Z4kMCwT5nXIKFSV84YS+HdqSSO0VsTQxaLAeM= +github.com/dvsekhvalnov/jose2go v1.5.0/go.mod h1:QsHjhyTlD/lAVqn/NSbVZmSCGeDehTB/mPZadG+mhXU= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= @@ -37,22 +42,17 @@ github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8 github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk= github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY= github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I= -github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= -github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= +github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hashicorp-demoapp/hashicups-client-go v0.1.0 h1:5eUmjDEqF4viZHLwS9UKSqwDHJ2T9ZQamqSf5dn+qcE= -github.com/hashicorp-demoapp/hashicups-client-go v0.1.0/go.mod h1:fJF8CZhWlImByx49t7RZvuoxskStDwqIWi5/GOSJqGI= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -61,8 +61,6 @@ github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuD github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= -github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= @@ -77,10 +75,6 @@ github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mO github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/hc-install v0.5.2 h1:SfwMFnEXVVirpwkDuSF5kymUOhrUxrTq3udEseZdOD0= github.com/hashicorp/hc-install v0.5.2/go.mod h1:9QISwe6newMWIfEiXpzuu1k9HAGtQYgnSH8H9T8wmoI= -github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1a0= -github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng= -github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/terraform-exec v0.18.1 h1:LAbfDvNQU1l0NOQlTuudjczVhHj061fNX5H8XZxHlH4= github.com/hashicorp/terraform-exec v0.18.1/go.mod h1:58wg4IeuAJ6LVsLUeD2DWZZoc/bYi6dzhLHzxM41980= github.com/hashicorp/terraform-json v0.16.0 h1:UKkeWRWb23do5LNAFlh/K3N0ymn1qTOO8c+85Albo3s= @@ -93,10 +87,6 @@ github.com/hashicorp/terraform-plugin-go v0.15.0 h1:1BJNSUFs09DS8h/XNyJNJaeusQuW github.com/hashicorp/terraform-plugin-go v0.15.0/go.mod h1:tk9E3/Zx4RlF/9FdGAhwxHExqIHHldqiQGt20G6g+nQ= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 h1:G9WAfb8LHeCxu7Ae8nc1agZlQOSCUWsb610iAogBhCs= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1/go.mod h1:xcOSYlRVdPLmDUoqPhO9fiO/YCN/l6MGYeTzGt5jgkQ= -github.com/hashicorp/terraform-plugin-testing v1.2.0 h1:pASRAe6BOZFO4xSGQr9WzitXit0nrQAYDk8ziuRfn9E= -github.com/hashicorp/terraform-plugin-testing v1.2.0/go.mod h1:+8bp3O7xUb1UtBcdknrGdVRIuTw4b62TYSIgXHqlyew= github.com/hashicorp/terraform-registry-address v0.2.0 h1:92LUg03NhfgZv44zpNTLBGIbiyTokQCDcdH5BhVHT3s= github.com/hashicorp/terraform-registry-address v0.2.0/go.mod h1:478wuzJPzdmqT6OGbB/iH82EDcI8VFM4yujknh/1nIs= github.com/hashicorp/terraform-svchost v0.1.0 h1:0+RcgZdZYNd81Vw7tu62g9JiLLvbOigp7QtyNh6CjXk= @@ -112,12 +102,10 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= @@ -136,13 +124,13 @@ github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa1 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= -github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mtibben/percent v0.2.1 h1:5gssi8Nqo8QU/r2pynCm+hBQHpkB/uNK7BJCFogWdzs= +github.com/mtibben/percent v0.2.1/go.mod h1:KG9uO+SZkUp+VkRHsCdYQV3XSZrrSpR3O9ibNBTZrns= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= @@ -163,15 +151,13 @@ github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= -github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= -github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= @@ -188,12 +174,10 @@ golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -207,20 +191,18 @@ golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= +golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= @@ -230,8 +212,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b h1:QRR6H1YWRnHb4Y/HeNFCTJLFVxaq6wH4YuVdsUOr75U= +gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/internal/client/client.go b/internal/client/client.go index cc8b5e6..2f19e2d 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -2,6 +2,9 @@ package infisicalclient import ( "fmt" + "slices" + "strings" + "terraform-provider-infisical/internal/cliuser" "github.com/go-resty/resty/v2" ) @@ -15,9 +18,11 @@ type AuthStrategyType string var AuthStrategy = struct { SERVICE_TOKEN AuthStrategyType UNIVERSAL_MACHINE_IDENTITY AuthStrategyType + USER_PROFILE AuthStrategyType }{ SERVICE_TOKEN: "SERVICE_TOKEN", UNIVERSAL_MACHINE_IDENTITY: "UNIVERSAL_MACHINE_IDENTITY", + USER_PROFILE: "USER_PROFILE", } type Config struct { @@ -32,11 +37,25 @@ type Config struct { ClientId string ClientSecret string + Profile string + EnvSlug string SecretsPath string HttpClient *resty.Client // By default a client will be created } +func (c *Client) ValidateAuthMode(modes []AuthStrategyType) (bool, error) { + if slices.Contains(modes, c.Config.AuthStrategy) { + return true, nil + } + + var authErrorString []string + for _, mode := range modes { + authErrorString = append(authErrorString, string(mode)) + } + return false, fmt.Errorf("Only %s authentication is supported", strings.Join(authErrorString, ",")) +} + func NewClient(cnf Config) (*Client, error) { if cnf.HttpClient == nil { cnf.HttpClient = resty.New() @@ -46,13 +65,7 @@ func NewClient(cnf Config) (*Client, error) { // Add more auth strategies here later var usingServiceToken = cnf.ServiceToken != "" var usingUniversalAuth = cnf.ClientId != "" && cnf.ClientSecret != "" - - // Check if the user got multiple configured authentication methods, or none set at all. - if usingServiceToken && usingUniversalAuth { - return nil, fmt.Errorf("you have configured multiple authentication methods, please only use one") - } else if !usingServiceToken && !usingUniversalAuth { - return nil, fmt.Errorf("you must configure a authentication method such as service tokens or Universal Auth before making calls") - } + var usingInfisicalProfile = cnf.Profile != "" if usingUniversalAuth { token, err := Client{cnf}.UniversalMachineIdentityAuth() @@ -66,9 +79,21 @@ func NewClient(cnf Config) (*Client, error) { } else if usingServiceToken { cnf.HttpClient.SetAuthToken(cnf.ServiceToken) cnf.AuthStrategy = AuthStrategy.SERVICE_TOKEN + } else if usingInfisicalProfile { + token, err := cliuser.GetCurrentLoggedInUserDetails(cnf.Profile) + if err != nil { + return nil, fmt.Errorf("Unable to authenticate with user profile. [err=%s]", err) + } + _, err = Client{cnf}.CheckJWTIsValid(token) + if err != nil { + return nil, fmt.Errorf("Unable to authenticate with user profile. [err=%s]", err) + } + + cnf.HttpClient.SetAuthToken(token) + cnf.AuthStrategy = AuthStrategy.USER_PROFILE } else { // If no auth strategy is set, then we should return an error - return nil, fmt.Errorf("you must configure a authentication method such as service tokens or Universal Auth before making calls") + return nil, fmt.Errorf("you must configure a authentication method such as service tokens or Universal Auth or infisical login before making calls") } // These two if statements were a part of an older migration. diff --git a/internal/client/login.go b/internal/client/login.go index 885b0b9..4401d30 100644 --- a/internal/client/login.go +++ b/internal/client/login.go @@ -43,3 +43,23 @@ func (client Client) GetServiceTokenDetailsV2() (GetServiceTokenDetailsResponse, return tokenDetailsResponse, nil } + +func (client Client) CheckJWTIsValid(token string) (map[string]any, error) { + var tokenDetailsResponse map[string]any + response, err := client.Config.HttpClient. + R(). + SetResult(&tokenDetailsResponse). + SetHeader("User-Agent", USER_AGENT). + SetAuthToken(token). + Post("api/v1/auth/checkAuth") + + if err != nil { + return nil, fmt.Errorf("CallGetServiceTokenDetails: Unable to complete api request [err=%s]", err) + } + + if response.IsError() { + return nil, fmt.Errorf("CallGetServiceTokenDetails: Unsuccessful response: [response=%s]", response) + } + + return tokenDetailsResponse, nil +} diff --git a/internal/cliuser/cliuser.go b/internal/cliuser/cliuser.go new file mode 100644 index 0000000..668a901 --- /dev/null +++ b/internal/cliuser/cliuser.go @@ -0,0 +1,68 @@ +package cliuser + +import ( + "encoding/json" + "errors" + "fmt" + "strings" + + "github.com/zalando/go-keyring" +) + +type UserCredentials struct { + Email string `json:"email"` + PrivateKey string `json:"privateKey"` + JTWToken string `json:"JTWToken"` + RefreshToken string `json:"RefreshToken"` +} + +func GetCurrentLoggedInUserDetails(profile string) (string, error) { + if ConfigFileExists() { + configFile, err := GetConfigFile() + if err != nil { + return "", fmt.Errorf("getCurrentLoggedInUserDetails: unable to get logged in user from config file [err=%s]", err) + } + + if configFile.LoggedInUserEmail == "" { + return "", errors.New("Login user not found. Try infisical login.") + } + + if configFile.LoggedInUserEmail != profile { + return "", errors.New("User profile not found. Try infisical login.") + } + + userCreds, err := GetUserCredsFromKeyRing(configFile.LoggedInUserEmail) + if err != nil { + if strings.Contains(err.Error(), "credentials not found in system keyring") { + return "", errors.New("we couldn't find your logged in details, try running [infisical login] then try again") + } else { + return "", fmt.Errorf("failed to fetch credentials from keyring because [err=%s]", err) + } + } + return userCreds.JTWToken, nil + } + + return "", errors.New("Config file not found. Try infisical login.") +} + +func GetUserCredsFromKeyRing(userEmail string) (credentials UserCredentials, err error) { + credentialsValue, err := GetValueInKeyring(userEmail) + if err != nil { + if err == keyring.ErrUnsupportedPlatform { + return UserCredentials{}, errors.New("your OS does not support keyring. Consider using a service token https://infisical.com/docs/documentation/platform/token") + } else if err == keyring.ErrNotFound { + return UserCredentials{}, errors.New("credentials not found in system keyring") + } else { + return UserCredentials{}, fmt.Errorf("something went wrong, failed to retrieve value from system keyring [error=%v]", err) + } + } + + var userCredentials UserCredentials + + err = json.Unmarshal([]byte(credentialsValue), &userCredentials) + if err != nil { + return UserCredentials{}, fmt.Errorf("getUserCredsFromKeyRing: Something went wrong when unmarshalling user creds [err=%s]", err) + } + + return userCredentials, err +} diff --git a/internal/cliuser/config.go b/internal/cliuser/config.go new file mode 100644 index 0000000..7a42498 --- /dev/null +++ b/internal/cliuser/config.go @@ -0,0 +1,78 @@ +package cliuser + +import ( + "encoding/json" + "fmt" + "os" +) + +const ( + CONFIG_FOLDER_NAME = ".infisical" + CONFIG_FILE_NAME = "infisical-config.json" +) + +type LoggedInUser struct { + Email string `json:"email"` + Domain string `json:"domain"` +} + +// The file struct for Infisical config file +type ConfigFile struct { + LoggedInUserEmail string `json:"loggedInUserEmail"` + LoggedInUserDomain string `json:"LoggedInUserDomain,omitempty"` + LoggedInUsers []LoggedInUser `json:"loggedInUsers,omitempty"` + VaultBackendType string `json:"vaultBackendType,omitempty"` +} + +func GetHomeDir() (string, error) { + directory, err := os.UserHomeDir() + return directory, err +} + +func GetFullConfigFilePath() (fullPathToFile string, fullPathToDirectory string, err error) { + homeDir, err := GetHomeDir() + if err != nil { + return "", "", err + } + + fullPath := fmt.Sprintf("%s/%s/%s", homeDir, CONFIG_FOLDER_NAME, CONFIG_FILE_NAME) + fullDirPath := fmt.Sprintf("%s/%s", homeDir, CONFIG_FOLDER_NAME) + return fullPath, fullDirPath, err +} + +func GetConfigFile() (ConfigFile, error) { + fullConfigFilePath, _, err := GetFullConfigFilePath() + if err != nil { + return ConfigFile{}, err + } + + configFileAsBytes, err := os.ReadFile(fullConfigFilePath) + if err != nil { + if err, ok := err.(*os.PathError); ok { + return ConfigFile{}, nil + } else { + return ConfigFile{}, err + } + } + + var configFile ConfigFile + err = json.Unmarshal(configFileAsBytes, &configFile) + if err != nil { + return ConfigFile{}, err + } + + return configFile, nil +} + +func ConfigFileExists() bool { + fullConfigFileURI, _, err := GetFullConfigFilePath() + if err != nil { + return false + } + + if _, err := os.Stat(fullConfigFileURI); err == nil { + return true + } else { + return false + } +} diff --git a/internal/cliuser/keyring.go b/internal/cliuser/keyring.go new file mode 100644 index 0000000..471c7b4 --- /dev/null +++ b/internal/cliuser/keyring.go @@ -0,0 +1,34 @@ +package cliuser + +import ( + "fmt" + "github.com/zalando/go-keyring" +) + +const MAIN_KEYRING_SERVICE = "infisical-cli" + +func GetCurrentVaultBackend() (string, error) { + configFile, err := GetConfigFile() + if err != nil { + return "", fmt.Errorf("getCurrentVaultBackend: unable to get config file [err=%s]", err) + } + + if configFile.VaultBackendType == "" { + return "auto", nil + } + + if configFile.VaultBackendType != "auto" && configFile.VaultBackendType != "file" { + return "auto", nil + } + + return configFile.VaultBackendType, nil +} + +func GetValueInKeyring(key string) (string, error) { + currentVaultBackend, err := GetCurrentVaultBackend() + if err != nil { + return "", fmt.Errorf("Unable to get current vault. Tip: run [infisical reset] then try again. %w", err) + } + + return keyring.Get(currentVaultBackend, MAIN_KEYRING_SERVICE, key) +} diff --git a/internal/provider/provider.go b/internal/provider/provider.go index dfe4d03..856af4b 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -42,6 +42,8 @@ type infisicalProviderModel struct { Host types.String `tfsdk:"host"` ServiceToken types.String `tfsdk:"service_token"` + Profile types.String `tfsdk:"profile"` + ClientId types.String `tfsdk:"client_id"` ClientSecret types.String `tfsdk:"client_secret"` } @@ -66,7 +68,11 @@ func (p *infisicalProvider) Schema(ctx context.Context, _ provider.SchemaRequest Sensitive: true, Description: " (DEPRECATED, USE MACHINE IDENTITY), Used to fetch/modify secrets for a given project", }, - + "profile": schema.StringAttribute{ + Optional: true, + Description: "Email or username of the user to use. The user credentials are fetched from system keyring that gets saved from cli infisical login.", + Sensitive: true, + }, "client_id": schema.StringAttribute{ Optional: true, Sensitive: true, @@ -105,6 +111,8 @@ func (p *infisicalProvider) Configure(ctx context.Context, req provider.Configur clientId := os.Getenv("INFISICAL_UNIVERSAL_AUTH_CLIENT_ID") clientSecret := os.Getenv("INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET") + userProfile := os.Getenv("INFISICAL_USER_PROFILE") + if !config.Host.IsNull() { host = config.Host.ValueString() } @@ -121,6 +129,10 @@ func (p *infisicalProvider) Configure(ctx context.Context, req provider.Configur clientSecret = config.ClientSecret.ValueString() } + if !config.Profile.IsNull() { + userProfile = config.Profile.ValueString() + } + // set default to cloud infisical if host is empty if host == "" { host = "https://app.infisical.com" @@ -130,7 +142,7 @@ func (p *infisicalProvider) Configure(ctx context.Context, req provider.Configur return } - client, err := infisical.NewClient(infisical.Config{HostURL: host, ServiceToken: serviceToken, ClientId: clientId, ClientSecret: clientSecret}) + client, err := infisical.NewClient(infisical.Config{HostURL: host, ServiceToken: serviceToken, ClientId: clientId, ClientSecret: clientSecret, Profile: userProfile}) if err != nil { resp.Diagnostics.AddError( From b6f3b54d5a2ef82cd77a7950cd1cb1c5285a0213 Mon Sep 17 00:00:00 2001 From: = Date: Sun, 2 Jun 2024 23:25:55 +0530 Subject: [PATCH 2/4] feat: added new auth validation to all resources --- .../datasource/projects_data_source.go | 7 +++--- .../datasource/secrets_data_source.go | 2 +- .../resource/project_identity_resource.go | 17 ++++++------- .../project_identity_specific_privilege.go | 17 ++++++------- .../provider/resource/project_resource.go | 25 +++++++++---------- .../resource/project_role_resource.go | 17 ++++++------- .../resource/project_user_resource.go | 17 ++++++------- internal/provider/resource/secret_resource.go | 8 +++--- 8 files changed, 52 insertions(+), 58 deletions(-) diff --git a/internal/provider/datasource/projects_data_source.go b/internal/provider/datasource/projects_data_source.go index d9b1d80..e902cca 100644 --- a/internal/provider/datasource/projects_data_source.go +++ b/internal/provider/datasource/projects_data_source.go @@ -144,11 +144,10 @@ func (d *ProjectsDataSource) Configure(ctx context.Context, req datasource.Confi } func (d *ProjectsDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { - - if d.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := d.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( - "Unable to create project", - "Only Machine Identity authentication is supported for this operation", + "Unable to read project", + err.Error(), ) return } diff --git a/internal/provider/datasource/secrets_data_source.go b/internal/provider/datasource/secrets_data_source.go index 63092e0..a62baea 100644 --- a/internal/provider/datasource/secrets_data_source.go +++ b/internal/provider/datasource/secrets_data_source.go @@ -140,7 +140,7 @@ func (d *SecretsDataSource) Read(ctx context.Context, req datasource.ReadRequest for _, secret := range plainTextSecrets { data.Secrets[secret.Key] = InfisicalSecretDetails{Value: types.StringValue(secret.Value), Comment: types.StringValue(secret.Comment), SecretType: types.StringValue(secret.Type)} } - } else if d.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + } else if d.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY || d.client.Config.AuthStrategy == infisical.AuthStrategy.USER_PROFILE { secrets, err := d.client.GetRawSecrets(data.FolderPath.ValueString(), data.EnvSlug.ValueString(), data.WorkspaceId.ValueString()) if err != nil { resp.Diagnostics.AddError( diff --git a/internal/provider/resource/project_identity_resource.go b/internal/provider/resource/project_identity_resource.go index 2f00e66..1becc7b 100644 --- a/internal/provider/resource/project_identity_resource.go +++ b/internal/provider/resource/project_identity_resource.go @@ -171,10 +171,10 @@ func (r *ProjectIdentityResource) Configure(_ context.Context, req resource.Conf // Create creates the resource and sets the initial Terraform state. func (r *ProjectIdentityResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to create project identity", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -304,10 +304,10 @@ func (r *ProjectIdentityResource) Create(ctx context.Context, req resource.Creat // Read refreshes the Terraform state with the latest data. func (r *ProjectIdentityResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to read project identity", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -377,10 +377,10 @@ func (r *ProjectIdentityResource) Read(ctx context.Context, req resource.ReadReq // Update updates the resource and sets the updated Terraform state on success. func (r *ProjectIdentityResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to update project identity", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -525,11 +525,10 @@ func (r *ProjectIdentityResource) Update(ctx context.Context, req resource.Updat // Delete deletes the resource and removes the Terraform state on success. func (r *ProjectIdentityResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { - - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to delete project identity", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } diff --git a/internal/provider/resource/project_identity_specific_privilege.go b/internal/provider/resource/project_identity_specific_privilege.go index 5feab73..ddbd57b 100644 --- a/internal/provider/resource/project_identity_specific_privilege.go +++ b/internal/provider/resource/project_identity_specific_privilege.go @@ -169,10 +169,10 @@ func (r *projectIdentitySpecificPrivilegeResourceResource) Configure(_ context.C // Create creates the resource and sets the initial Terraform state. func (r *projectIdentitySpecificPrivilegeResourceResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to create project identity specific privilege", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -291,10 +291,10 @@ func (r *projectIdentitySpecificPrivilegeResourceResource) Create(ctx context.Co // Read refreshes the Terraform state with the latest data. func (r *projectIdentitySpecificPrivilegeResourceResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to read project identity specific privilege", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -420,10 +420,10 @@ func (r *projectIdentitySpecificPrivilegeResourceResource) Read(ctx context.Cont // Update updates the resource and sets the updated Terraform state on success. func (r *projectIdentitySpecificPrivilegeResourceResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to update project identity specific privilege", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -543,11 +543,10 @@ func (r *projectIdentitySpecificPrivilegeResourceResource) Update(ctx context.Co // Delete deletes the resource and removes the Terraform state on success. func (r *projectIdentitySpecificPrivilegeResourceResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { - - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to delete project identity specific privilege", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } diff --git a/internal/provider/resource/project_resource.go b/internal/provider/resource/project_resource.go index 5c733b8..d4b3ea1 100644 --- a/internal/provider/resource/project_resource.go +++ b/internal/provider/resource/project_resource.go @@ -30,10 +30,10 @@ type projectResource struct { // projectResourceSourceModel describes the data source data model. type projectResourceModel struct { - Slug types.String `tfsdk:"slug"` - ID types.String `tfsdk:"id"` - Name types.String `tfsdk:"name"` - LastUpdated types.String `tfsdk:"last_updated"` + Slug types.String `tfsdk:"slug"` + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + LastUpdated types.String `tfsdk:"last_updated"` } // Metadata returns the resource type name. @@ -88,10 +88,10 @@ func (r *projectResource) Configure(_ context.Context, req resource.ConfigureReq // Create creates the resource and sets the initial Terraform state. func (r *projectResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to create project", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -132,10 +132,10 @@ func (r *projectResource) Create(ctx context.Context, req resource.CreateRequest // Read refreshes the Terraform state with the latest data. func (r *projectResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to read project", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -175,10 +175,10 @@ func (r *projectResource) Read(ctx context.Context, req resource.ReadRequest, re // Update updates the resource and sets the updated Terraform state on success. func (r *projectResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to update project", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -232,11 +232,10 @@ func (r *projectResource) Update(ctx context.Context, req resource.UpdateRequest // Delete deletes the resource and removes the Terraform state on success. func (r *projectResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { - - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to delete project", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } diff --git a/internal/provider/resource/project_role_resource.go b/internal/provider/resource/project_role_resource.go index b24dade..8e8cc65 100644 --- a/internal/provider/resource/project_role_resource.go +++ b/internal/provider/resource/project_role_resource.go @@ -139,10 +139,10 @@ func (r *projectRoleResource) Configure(_ context.Context, req resource.Configur // Create creates the resource and sets the initial Terraform state. func (r *projectRoleResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to create project role", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -206,10 +206,10 @@ func (r *projectRoleResource) Create(ctx context.Context, req resource.CreateReq // Read refreshes the Terraform state with the latest data. func (r *projectRoleResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to read project role", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -319,10 +319,10 @@ func (r *projectRoleResource) Read(ctx context.Context, req resource.ReadRequest // Update updates the resource and sets the updated Terraform state on success. func (r *projectRoleResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to update project role", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -399,11 +399,10 @@ func (r *projectRoleResource) Update(ctx context.Context, req resource.UpdateReq // Delete deletes the resource and removes the Terraform state on success. func (r *projectRoleResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { - - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to delete project role", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } diff --git a/internal/provider/resource/project_user_resource.go b/internal/provider/resource/project_user_resource.go index 74148e5..5ba9190 100644 --- a/internal/provider/resource/project_user_resource.go +++ b/internal/provider/resource/project_user_resource.go @@ -177,10 +177,10 @@ func (r *ProjectUserResource) Configure(_ context.Context, req resource.Configur // Create creates the resource and sets the initial Terraform state. func (r *ProjectUserResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to create project user", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -324,10 +324,10 @@ func (r *ProjectUserResource) Create(ctx context.Context, req resource.CreateReq // Read refreshes the Terraform state with the latest data. func (r *ProjectUserResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to read project user", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -399,10 +399,10 @@ func (r *ProjectUserResource) Read(ctx context.Context, req resource.ReadRequest // Update updates the resource and sets the updated Terraform state on success. func (r *ProjectUserResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to update project user", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } @@ -546,11 +546,10 @@ func (r *ProjectUserResource) Update(ctx context.Context, req resource.UpdateReq // Delete deletes the resource and removes the Terraform state on success. func (r *ProjectUserResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { - - if r.client.Config.AuthStrategy != infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + if isValid, err := r.client.ValidateAuthMode([]infisical.AuthStrategyType{infisical.AuthStrategy.USER_PROFILE, infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY}); !isValid { resp.Diagnostics.AddError( "Unable to delete project user", - "Only Machine Identity authentication is supported for this operation", + err.Error(), ) return } diff --git a/internal/provider/resource/secret_resource.go b/internal/provider/resource/secret_resource.go index 8d84ef8..4705579 100644 --- a/internal/provider/resource/secret_resource.go +++ b/internal/provider/resource/secret_resource.go @@ -198,7 +198,7 @@ func (r *secretResource) Create(ctx context.Context, req resource.CreateRequest, // Set state to fully populated data plan.WorkspaceId = types.StringValue(serviceTokenDetails.Workspace) - } else if r.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + } else if r.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY || r.client.Config.AuthStrategy == infisical.AuthStrategy.USER_PROFILE { err := r.client.CreateRawSecretsV3(infisical.CreateRawSecretV3Request{ Environment: plan.EnvSlug.ValueString(), WorkspaceID: plan.WorkspaceId.ValueString(), @@ -377,7 +377,7 @@ func (r *secretResource) Read(ctx context.Context, req resource.ReadRequest, res state.Name = types.StringValue(string(plainTextKey)) state.Value = types.StringValue(string(plainTextValue)) - } else if r.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + } else if r.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY || r.client.Config.AuthStrategy == infisical.AuthStrategy.USER_PROFILE { // Get refreshed order value from HashiCups response, err := r.client.GetSingleRawSecretByNameV3(infisical.GetSingleSecretByNameV3Request{ SecretName: state.Name.ValueString(), @@ -511,7 +511,7 @@ func (r *secretResource) Update(ctx context.Context, req resource.UpdateRequest, // Set state to fully populated data plan.WorkspaceId = types.StringValue(serviceTokenDetails.Workspace) - } else if r.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + } else if r.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY || r.client.Config.AuthStrategy == infisical.AuthStrategy.USER_PROFILE { err := r.client.UpdateRawSecretV3(infisical.UpdateRawSecretByNameV3Request{ Environment: plan.EnvSlug.ValueString(), WorkspaceID: plan.WorkspaceId.ValueString(), @@ -577,7 +577,7 @@ func (r *secretResource) Delete(ctx context.Context, req resource.DeleteRequest, ) return } - } else if r.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY { + } else if r.client.Config.AuthStrategy == infisical.AuthStrategy.UNIVERSAL_MACHINE_IDENTITY || r.client.Config.AuthStrategy == infisical.AuthStrategy.USER_PROFILE { err := r.client.DeleteRawSecretV3(infisical.DeleteRawSecretV3Request{ SecretName: state.Name.ValueString(), SecretPath: state.FolderPath.ValueString(), From 3f1bbeb0f1bfc283a409d9ed685da0a78e1ac86c Mon Sep 17 00:00:00 2001 From: = Date: Sun, 2 Jun 2024 23:29:10 +0530 Subject: [PATCH 3/4] feat: resolved lint errors --- internal/cliuser/config.go | 7 +++---- internal/provider/resource/project_identity_resource.go | 2 +- internal/provider/resource/project_user_resource.go | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/internal/cliuser/config.go b/internal/cliuser/config.go index 7a42498..49471ee 100644 --- a/internal/cliuser/config.go +++ b/internal/cliuser/config.go @@ -16,7 +16,7 @@ type LoggedInUser struct { Domain string `json:"domain"` } -// The file struct for Infisical config file +// The file struct for Infisical config file. type ConfigFile struct { LoggedInUserEmail string `json:"loggedInUserEmail"` LoggedInUserDomain string `json:"LoggedInUserDomain,omitempty"` @@ -48,11 +48,10 @@ func GetConfigFile() (ConfigFile, error) { configFileAsBytes, err := os.ReadFile(fullConfigFilePath) if err != nil { - if err, ok := err.(*os.PathError); ok { - return ConfigFile{}, nil - } else { + if err, ok := err.(*os.PathError); !ok { return ConfigFile{}, err } + return ConfigFile{}, nil } var configFile ConfigFile diff --git a/internal/provider/resource/project_identity_resource.go b/internal/provider/resource/project_identity_resource.go index 1becc7b..dae0810 100644 --- a/internal/provider/resource/project_identity_resource.go +++ b/internal/provider/resource/project_identity_resource.go @@ -491,7 +491,7 @@ func (r *ProjectIdentityResource) Update(ctx context.Context, req resource.Updat IsTemporary: types.BoolValue(el.IsTemporary), TemporaryAccesStartTime: types.StringValue(el.TemporaryAccessStartTime.Format(time.RFC3339)), } - + if el.CustomRoleId != "" { val.RoleSlug = types.StringValue(el.CustomRoleSlug) } diff --git a/internal/provider/resource/project_user_resource.go b/internal/provider/resource/project_user_resource.go index 5ba9190..e88a844 100644 --- a/internal/provider/resource/project_user_resource.go +++ b/internal/provider/resource/project_user_resource.go @@ -286,7 +286,7 @@ func (r *ProjectUserResource) Create(ctx context.Context, req resource.CreateReq CustomRoleID: types.StringValue(el.CustomRoleId), IsTemporary: types.BoolValue(el.IsTemporary), TemporaryAccesStartTime: types.StringValue(el.TemporaryAccessStartTime.Format(time.RFC3339)), - } + } if el.CustomRoleId != "" { val.RoleSlug = types.StringValue(el.CustomRoleSlug) From 95da2b47662119df410c97c81e659004c3d81cae Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 2 Jul 2024 16:17:23 +0200 Subject: [PATCH 4/4] Fix: Secrets data source with user login --- internal/client/secrets.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/client/secrets.go b/internal/client/secrets.go index 5b1182e..2c9d705 100644 --- a/internal/client/secrets.go +++ b/internal/client/secrets.go @@ -277,7 +277,7 @@ func (client Client) GetPlainTextSecretsViaServiceToken(secretFolderPath string, } func (client Client) GetRawSecrets(secretFolderPath string, envSlug string, workspaceId string) ([]RawV3Secret, error) { - if client.Config.ClientId == "" || client.Config.ClientSecret == "" { + if (client.Config.ClientId == "" || client.Config.ClientSecret == "") && client.Config.AuthStrategy != AuthStrategy.USER_PROFILE { return nil, fmt.Errorf("client ID and client secret must be defined to fetch secrets with machine identity") }