auth: properly handle caps

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@cern.ch>

ceph/resource_auth.go

@@ -34,13 +34,17 @@ func resourceAuth() *schema.Resource {
 			},
 
 			"caps": {
-				Type:        schema.TypeString,
+				Type: schema.TypeMap,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
 				Optional:    true,
 				Description: "The caps wanted for the entity",
 			},
 
 			"keyring": {
-				Type:        schema.TypeString,
+				Type: schema.TypeString,
+
 				Computed:    true,
 				Description: "The cephx keyring of the entity",
 			},
@@ -54,24 +58,39 @@ func resourceAuth() *schema.Resource {
 	}
 }
 
-const clientKeyringFormat = `
-[%s]
-%s
-`
+const clientKeyringFormat = `[%s]
+%s`
 
-func setResourceData(d *schema.ResourceData, authResponse authResponse) diag.Diagnostics {
-	if err := d.Set("key", authResponse.Key); err != nil {
+func setResourceData(d *schema.ResourceData, authResponses []authResponse) diag.Diagnostics {
+	if len(authResponses) == 0 {
+		return diag.Errorf("No data returned by ceph auth command")
+	}
+	if err := d.Set("key", authResponses[0].Key); err != nil {
 		return diag.Errorf("Unable to set key: %s", err)
 	}
 
-	keyring := fmt.Sprintf(clientKeyringFormat, authResponse.Entity, authResponse.Key)
+	keyring := fmt.Sprintf(clientKeyringFormat, authResponses[0].Entity, authResponses[0].Key)
 	if err := d.Set("keyring", keyring); err != nil {
 		return diag.Errorf("Unable to set keyring: %s", err)
 	}
+	if err := d.Set("caps", authResponses[0].Caps); err != nil {
+		return diag.Errorf("Unable to set caps: %s", err)
+	}
 
 	return nil
 }
 
+func toCapsArray(caps map[string]interface{}) []string {
+	var ret []string
+
+	for key, val := range caps {
+		ret = append(ret, key)
+		ret = append(ret, val.(string))
+	}
+
+	return ret
+}
+
 func resourceAuthCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn, err := meta.(*Config).GetCephConnection()
 	if err != nil {
@@ -83,6 +102,7 @@ func resourceAuthCreate(ctx context.Context, d *schema.ResourceData, meta interf
 		"prefix": "auth get-or-create",
 		"format": "json",
 		"entity": entity,
+		"caps":   toCapsArray(d.Get("caps").(map[string]interface{})),
 	})
 	if err != nil {
 		return diag.Errorf("Unable resource_auth unable to create get-or-create JSON command: %s", err)
@@ -93,14 +113,14 @@ func resourceAuthCreate(ctx context.Context, d *schema.ResourceData, meta interf
 		return diag.Errorf("Error resource_auth on get-or-create command: %s", err)
 	}
 
-	var authResponse authResponse
-	err = json.Unmarshal(buf, &authResponse)
+	var authResponses []authResponse
+	err = json.Unmarshal(buf, &authResponses)
 	if err != nil {
 		return diag.Errorf("Error unmarshal on get-or-create response: %s", err)
 	}
 
 	d.SetId(entity)
-	return setResourceData(d, authResponse)
+	return setResourceData(d, authResponses)
 }
 
 func resourceAuthRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
@@ -124,17 +144,38 @@ func resourceAuthRead(ctx context.Context, d *schema.ResourceData, meta interfac
 		return diag.Errorf("Error resource_auth on get command: %s", err)
 	}
 
-	var authResponse authResponse
-	err = json.Unmarshal(buf, &authResponse)
+	var authResponses []authResponse
+	err = json.Unmarshal(buf, &authResponses)
 	if err != nil {
-		return diag.Errorf("Error unmarshal on get-or-create response: %s", err)
+		return diag.Errorf("Error unmarshal on get response: %s", err)
 	}
 
-	return setResourceData(d, authResponse)
+	return setResourceData(d, authResponses)
 }
 
 func resourceAuthUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
-	return resourceAuthCreate(ctx, d, meta)
+	conn, err := meta.(*Config).GetCephConnection()
+	if err != nil {
+		return diag.Errorf("Unable to connect to Ceph: %s", err)
+	}
+	entity := d.Get("entity").(string)
+
+	command, err := json.Marshal(map[string]interface{}{
+		"prefix": "auth caps",
+		"format": "json",
+		"entity": entity,
+		"caps":   toCapsArray(d.Get("caps").(map[string]interface{})),
+	})
+	if err != nil {
+		return diag.Errorf("Unable resource_auth unable to create caps JSON command: %s", err)
+	}
+
+	_, _, err = conn.MonCommand(command)
+	if err != nil {
+		return diag.Errorf("Error resource_auth on caps command: %s", err)
+	}
+
+	return resourceAuthRead(ctx, d, meta)
 }
 
 func resourceAuthDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {

docs/index.md

@@ -20,6 +20,6 @@ description: |-
 - `cluster` (String) The name of the Ceph cluster to use.
 - `config_path` (String) Path to the ceph config
 - `entity` (String) The cephx entity to use to connect to Ceph (i.e.: client.admin).
-- `key` (String) The actual key (not a path to a file), to use to connect to Ceph. Using this ignore `config_path` and you must also specify `mon_host`
-- `keyring` (String) The actual keyring (not a path to a file), to use to connect to Ceph. Using this ignore `config_path` and you must also specify `mon_host`
-- `mon_host` (String) List of mon to connect to Ceph. This is only used with `keyring` or `key`, otherwise it is ignored.
+- `key` (String) The actual key (not a path to a file) to use to connect to Ceph.
+- `keyring` (String) The actual keyring (not a path to a file) to use to connect to Ceph.
+- `mon_host` (String) List of mon to connect to Ceph.

docs/resources/auth.md

@@ -21,7 +21,7 @@ description: |-
 
 ### Optional
 
-- `caps` (String) The caps wanted for the entity
+- `caps` (Map of String) The caps wanted for the entity
 
 ### Read-Only