From 4a8d33d01fecdbd606838a000284df709e425d83 Mon Sep 17 00:00:00 2001 From: sgal Date: Tue, 20 Aug 2024 16:18:38 -0500 Subject: [PATCH] force delete kmip objects under kmip adapter --- go.mod | 2 +- go.sum | 6 ++++-- .../kms/data_source_ibm_kms_kmip_object.go | 4 ++-- ibm/service/kms/resource_ibm_kms_key.go | 16 +++++++++------- ibm/service/kms/resource_ibm_kms_key_alias.go | 19 ++++++++++--------- .../kms/resource_ibm_kms_key_policies.go | 9 +++++---- ibm/service/kms/resource_ibm_kms_key_rings.go | 18 +++++++++--------- .../kms/resource_ibm_kms_kmip_adapter.go | 15 +++++++++++---- .../kms/resource_ibm_kms_kmip_client_cert.go | 7 ++++--- ibm/service/kms/resource_ibm_kp_key.go | 7 ++++--- 10 files changed, 59 insertions(+), 44 deletions(-) diff --git a/go.mod b/go.mod index d73aaa801d..8a208477c6 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/IBM/ibm-cos-sdk-go-config/v2 v2.1.0 github.com/IBM/ibm-hpcs-tke-sdk v0.0.0-20211109141421-a4b61b05f7d1 github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta - github.com/IBM/keyprotect-go-client v0.14.0 + github.com/IBM/keyprotect-go-client v0.15.1 github.com/IBM/logs-go-sdk v0.3.0 github.com/IBM/logs-router-go-sdk v1.0.3 github.com/IBM/networking-go-sdk v0.48.0 diff --git a/go.sum b/go.sum index ad0cb7525e..354c6d2a0a 100644 --- a/go.sum +++ b/go.sum @@ -164,8 +164,8 @@ github.com/IBM/ibm-hpcs-tke-sdk v0.0.0-20211109141421-a4b61b05f7d1/go.mod h1:M2J github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta h1:P1fdIfKsD9xvJQ5MHIEztPS9yfNf9x+VDTamaYcmqcs= github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta/go.mod h1:MLVNHMYoKsvovJZ4v1gQCpIYtRDHTtoIHK6XztDZGsU= github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI= -github.com/IBM/keyprotect-go-client v0.14.0 h1:GqgK3BdczA/w7+B1RxEPLya0w9S/ZXi5YWKAxdW8vHQ= -github.com/IBM/keyprotect-go-client v0.14.0/go.mod h1:cAt714Vnwnd03mmkBHHSJlDNRVthdRmJB6RePd4/B8Q= +github.com/IBM/keyprotect-go-client v0.15.1 h1:m4qzqF5zOumRxKZ8s7vtK7A/UV/D278L8xpRG+WgT0s= +github.com/IBM/keyprotect-go-client v0.15.1/go.mod h1:asXtHwL/4uCHA221Vd/7SkXEi2pcRHDzPyyksc1DthE= github.com/IBM/logs-go-sdk v0.3.0 h1:FHzTCCMyp9DvQGXgkppzcOPywC4ggt7x8xu0MR5h8xI= github.com/IBM/logs-go-sdk v0.3.0/go.mod h1:yv/GCXC4/p+MZEeXl4xjZAOMvDAVRwu61WyHZFKFXQM= github.com/IBM/logs-router-go-sdk v1.0.3 h1:VO64OpANNouxS/0kvUeBpENKWxYx3TYnoNzW8OycMb0= @@ -1604,6 +1604,7 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= @@ -2035,6 +2036,7 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= diff --git a/ibm/service/kms/data_source_ibm_kms_kmip_object.go b/ibm/service/kms/data_source_ibm_kms_kmip_object.go index a6cf04d7c4..32f1035421 100644 --- a/ibm/service/kms/data_source_ibm_kms_kmip_object.go +++ b/ibm/service/kms/data_source_ibm_kms_kmip_object.go @@ -92,7 +92,7 @@ func DataSourceIBMKMSKMIPObject() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - Description: "The id of the KMIP adapter that contains the cert", + Description: "The id of the KMIP adapter that contains the kmip object", ForceNew: true, ExactlyOneOf: []string{"adapter_id", "adapter_name"}, } @@ -100,7 +100,7 @@ func DataSourceIBMKMSKMIPObject() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - Description: "The name of the KMIP adapter that contains the cert", + Description: "The name of the KMIP adapter that contains the kmip object", ForceNew: true, ExactlyOneOf: []string{"adapter_id", "adapter_name"}, } diff --git a/ibm/service/kms/resource_ibm_kms_key.go b/ibm/service/kms/resource_ibm_kms_key.go index f0211380e0..cc41d005cf 100644 --- a/ibm/service/kms/resource_ibm_kms_key.go +++ b/ibm/service/kms/resource_ibm_kms_key.go @@ -281,9 +281,10 @@ func resourceIBMKmsKeyExists(d *schema.ResourceData, meta interface{}) (bool, er _, err = kpAPI.GetKey(context.Background(), keyid) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 { - return false, nil + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 { + return false, nil + } } return false, err } @@ -455,10 +456,11 @@ func populateSchemaData(d *schema.ResourceData, meta interface{}) (*kp.Client, e ctx := context.Background() key, err := kpAPI.GetKey(ctx, keyid) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 || kpError.StatusCode == 409 { - d.SetId("") - return nil, nil + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 || kpError.StatusCode == 409 { + d.SetId("") + return nil, nil + } } return nil, fmt.Errorf("[ERROR] Get Key failed with error while reading Key: %s", err) } else if key.State == 5 { //Refers to Deleted state of the Key diff --git a/ibm/service/kms/resource_ibm_kms_key_alias.go b/ibm/service/kms/resource_ibm_kms_key_alias.go index 6cd7b78564..507a20a9b8 100644 --- a/ibm/service/kms/resource_ibm_kms_key_alias.go +++ b/ibm/service/kms/resource_ibm_kms_key_alias.go @@ -98,10 +98,11 @@ func resourceIBMKmsKeyAliasRead(d *schema.ResourceData, meta interface{}) error } key, err := kpAPI.GetKey(context.Background(), keyid) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 || kpError.StatusCode == 409 { - d.SetId("") - return nil + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 || kpError.StatusCode == 409 { + d.SetId("") + return nil + } } return fmt.Errorf("[ERROR] Get Key failed with error while reading policies: %s", err) } else if key.State == 5 { //Refers to Deleted state of the Key @@ -129,12 +130,12 @@ func resourceIBMKmsKeyAliasDelete(d *schema.ResourceData, meta interface{}) erro } err1 := kpAPI.DeleteKeyAlias(context.Background(), id[0], keyid) if err1 != nil { - kpError := err1.(*kp.Error) - if kpError.StatusCode == 404 { - return nil - } else { - return fmt.Errorf(" failed to Destroy alias with error: %s", err1) + if kpError, ok := err1.(*kp.Error); ok { + if kpError.StatusCode == 404 { + return nil + } } + return fmt.Errorf(" failed to Destroy alias with error: %s", err1) } return nil } diff --git a/ibm/service/kms/resource_ibm_kms_key_policies.go b/ibm/service/kms/resource_ibm_kms_key_policies.go index 5b3d726221..1fbd3918f7 100644 --- a/ibm/service/kms/resource_ibm_kms_key_policies.go +++ b/ibm/service/kms/resource_ibm_kms_key_policies.go @@ -213,10 +213,11 @@ func resourceIBMKmsKeyPolicyRead(context context.Context, d *schema.ResourceData } key, err := kpAPI.GetKey(context, keyid) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 || kpError.StatusCode == 409 { - d.SetId("") - return nil + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 || kpError.StatusCode == 409 { + d.SetId("") + return nil + } } return diag.Errorf("Get Key failed with error while reading policies: %s", err) } else if key.State == 5 { //Refers to Deleted state of the Key diff --git a/ibm/service/kms/resource_ibm_kms_key_rings.go b/ibm/service/kms/resource_ibm_kms_key_rings.go index 271f004503..81f3e03d45 100644 --- a/ibm/service/kms/resource_ibm_kms_key_rings.go +++ b/ibm/service/kms/resource_ibm_kms_key_rings.go @@ -123,10 +123,11 @@ func resourceIBMKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { } _, err = kpAPI.GetKeyRings(context.Background()) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 || kpError.StatusCode == 409 { - d.SetId("") - return nil + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 || kpError.StatusCode == 409 { + d.SetId("") + return nil + } } return fmt.Errorf("[ERROR] Get Key Rings failed with error: %s", err) } @@ -151,11 +152,10 @@ func resourceIBMKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error err = kpAPI.DeleteKeyRing(context.Background(), id[0], kp.WithForce(true)) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 { - return nil - } else { - return fmt.Errorf(" failed to Destroy key ring with error: %s", err) + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 { + return nil + } } } return nil diff --git a/ibm/service/kms/resource_ibm_kms_kmip_adapter.go b/ibm/service/kms/resource_ibm_kms_kmip_adapter.go index d125ee8c6e..a7b7d93486 100644 --- a/ibm/service/kms/resource_ibm_kms_kmip_adapter.go +++ b/ibm/service/kms/resource_ibm_kms_kmip_adapter.go @@ -169,8 +169,14 @@ func resourceIBMKmsKMIPAdapterDelete(d *schema.ResourceData, meta interface{}) e } for _, object := range objects.Objects { - err = kpAPI.DeleteKMIPObject(ctx, adapterID, object.ID) + err = kpAPI.DeleteKMIPObject(ctx, adapterID, object.ID, kp.WithForce(true)) if err != nil { + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 || kpError.StatusCode == 410 { + // if the kmip object is already deleted, do not error out + continue + } + } return fmt.Errorf("[ERROR] Failed to delete KMIP object associated with adapter (%s): %s", adapterID, err, @@ -194,9 +200,10 @@ func resourceIBMKmsKMIPAdapterExists(d *schema.ResourceData, meta interface{}) ( ctx := context.Background() _, err = kpAPI.GetKMIPAdapter(ctx, adapterID) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 { - return false, nil + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 { + return false, nil + } } return false, wrapError(err, "Error checking adapter existence") } diff --git a/ibm/service/kms/resource_ibm_kms_kmip_client_cert.go b/ibm/service/kms/resource_ibm_kms_kmip_client_cert.go index a51e5db0ce..bd648597ba 100644 --- a/ibm/service/kms/resource_ibm_kms_kmip_client_cert.go +++ b/ibm/service/kms/resource_ibm_kms_kmip_client_cert.go @@ -158,9 +158,10 @@ func resourceIBMKmsKMIPClientCertExists(d *schema.ResourceData, meta interface{} ctx := context.Background() _, err = kpAPI.GetKMIPClientCertificate(ctx, adapterID, certID) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 { - return false, nil + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 { + return false, nil + } } return false, wrapError(err, "Error checking KMIP Client Certificate existence") } diff --git a/ibm/service/kms/resource_ibm_kp_key.go b/ibm/service/kms/resource_ibm_kp_key.go index 5797bd7a08..18a7396e09 100644 --- a/ibm/service/kms/resource_ibm_kp_key.go +++ b/ibm/service/kms/resource_ibm_kp_key.go @@ -267,9 +267,10 @@ func resourceIBMKeyExists(d *schema.ResourceData, meta interface{}) (bool, error // keyid := d.Id() _, err = api.GetKey(context.Background(), keyid) if err != nil { - kpError := err.(*kp.Error) - if kpError.StatusCode == 404 { - return false, nil + if kpError, ok := err.(*kp.Error); ok { + if kpError.StatusCode == 404 { + return false, nil + } } return false, err }