-
Notifications
You must be signed in to change notification settings - Fork 302
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'hashicorp:main' into feature/application-conditional-fi…
…lter
- Loading branch information
Showing
23 changed files
with
585 additions
and
435 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
package provider | ||
|
||
import ( | ||
"encoding/base64" | ||
"fmt" | ||
"log" | ||
"os" | ||
"strings" | ||
|
||
"github.com/hashicorp/terraform-provider-azuread/internal/tf/pluginsdk" | ||
) | ||
|
||
// logEntry avoids log entries showing up in test output | ||
func logEntry(f string, v ...interface{}) { | ||
if os.Getenv("TF_LOG") == "" { | ||
return | ||
} | ||
|
||
if os.Getenv("TF_ACC") != "" { | ||
return | ||
} | ||
|
||
log.Printf(f, v...) | ||
} | ||
|
||
func decodeCertificate(clientCertificate string) ([]byte, error) { | ||
var pfx []byte | ||
if clientCertificate != "" { | ||
out := make([]byte, base64.StdEncoding.DecodedLen(len(clientCertificate))) | ||
n, err := base64.StdEncoding.Decode(out, []byte(clientCertificate)) | ||
if err != nil { | ||
return pfx, fmt.Errorf("could not decode client certificate data: %v", err) | ||
} | ||
pfx = out[:n] | ||
} | ||
return pfx, nil | ||
} | ||
|
||
func getOidcToken(d *pluginsdk.ResourceData) (*string, error) { | ||
idToken := d.Get("oidc_token").(string) | ||
|
||
if path := d.Get("oidc_token_file_path").(string); path != "" { | ||
fileTokenRaw, err := os.ReadFile(path) | ||
|
||
if err != nil { | ||
return nil, fmt.Errorf("reading OIDC Token from file %q: %v", path, err) | ||
} | ||
|
||
fileToken := strings.TrimSpace(string(fileTokenRaw)) | ||
|
||
if idToken != "" && idToken != fileToken { | ||
return nil, fmt.Errorf("mismatch between supplied OIDC token and supplied OIDC token file contents - please either remove one or ensure they match") | ||
} | ||
|
||
idToken = fileToken | ||
} | ||
|
||
return &idToken, nil | ||
} | ||
|
||
func getClientId(d *pluginsdk.ResourceData) (*string, error) { | ||
clientId := strings.TrimSpace(d.Get("client_id").(string)) | ||
|
||
if path := d.Get("client_id_file_path").(string); path != "" { | ||
fileClientIdRaw, err := os.ReadFile(path) | ||
|
||
if err != nil { | ||
return nil, fmt.Errorf("reading Client ID from file %q: %v", path, err) | ||
} | ||
|
||
fileClientId := strings.TrimSpace(string(fileClientIdRaw)) | ||
|
||
if clientId != "" && clientId != fileClientId { | ||
return nil, fmt.Errorf("mismatch between supplied Client ID and supplied Client ID file contents - please either remove one or ensure they match") | ||
} | ||
|
||
clientId = fileClientId | ||
} | ||
|
||
return &clientId, nil | ||
} | ||
|
||
func getClientSecret(d *pluginsdk.ResourceData) (*string, error) { | ||
clientSecret := strings.TrimSpace(d.Get("client_secret").(string)) | ||
|
||
if path := d.Get("client_secret_file_path").(string); path != "" { | ||
fileSecretRaw, err := os.ReadFile(path) | ||
|
||
if err != nil { | ||
return nil, fmt.Errorf("reading Client Secret from file %q: %v", path, err) | ||
} | ||
|
||
fileSecret := strings.TrimSpace(string(fileSecretRaw)) | ||
|
||
if clientSecret != "" && clientSecret != fileSecret { | ||
return nil, fmt.Errorf("mismatch between supplied Client Secret and supplied Client Secret file contents - please either remove one or ensure they match") | ||
} | ||
|
||
clientSecret = fileSecret | ||
} | ||
|
||
return &clientSecret, nil | ||
} | ||
|
||
func getTenantId(d *pluginsdk.ResourceData) (*string, error) { | ||
tenantId := strings.TrimSpace(d.Get("tenant_id").(string)) | ||
|
||
if d.Get("use_aks_workload_identity").(bool) && os.Getenv("AZURE_TENANT_ID") != "" { | ||
aksTenantId := os.Getenv("AZURE_TENANT_ID") | ||
if tenantId != "" && tenantId != aksTenantId { | ||
return nil, fmt.Errorf("mismatch between supplied Tenant ID and that provided by AKS Workload Identity - please remove, ensure they match, or disable use_aks_workload_identity") | ||
} | ||
tenantId = aksTenantId | ||
} | ||
|
||
return &tenantId, nil | ||
} |
Oops, something went wrong.