From a4d03c9cd1559202414b479510c920fc87c2fdd2 Mon Sep 17 00:00:00 2001 From: Conor Mongey Date: Mon, 13 Feb 2017 18:53:45 +0000 Subject: [PATCH] provider/vault: vault_policy resource (#10980) * provider/vault: vault_policy resource * website: vault_policy resource * Refresh state when reading vault policy --- builtin/providers/vault/provider.go | 1 + builtin/providers/vault/resource_policy.go | 82 +++++++++++++ .../providers/vault/resource_policy_test.go | 115 ++++++++++++++++++ .../source/docs/providers/vault/r/policy.md | 36 ++++++ 4 files changed, 234 insertions(+) create mode 100644 builtin/providers/vault/resource_policy.go create mode 100644 builtin/providers/vault/resource_policy_test.go create mode 100644 website/source/docs/providers/vault/r/policy.md diff --git a/builtin/providers/vault/provider.go b/builtin/providers/vault/provider.go index 07c9bbe88..ceebd4acf 100644 --- a/builtin/providers/vault/provider.go +++ b/builtin/providers/vault/provider.go @@ -88,6 +88,7 @@ func Provider() terraform.ResourceProvider { ResourcesMap: map[string]*schema.Resource{ "vault_generic_secret": genericSecretResource(), + "vault_policy": policyResource(), }, } } diff --git a/builtin/providers/vault/resource_policy.go b/builtin/providers/vault/resource_policy.go new file mode 100644 index 000000000..0bf69c9f2 --- /dev/null +++ b/builtin/providers/vault/resource_policy.go @@ -0,0 +1,82 @@ +package vault + +import ( + "fmt" + "log" + + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/vault/api" +) + +func policyResource() *schema.Resource { + return &schema.Resource{ + Create: policyWrite, + Update: policyWrite, + Delete: policyDelete, + Read: policyRead, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: "Name of the policy", + }, + + "policy": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "The policy document", + }, + }, + } +} + +func policyWrite(d *schema.ResourceData, meta interface{}) error { + client := meta.(*api.Client) + + name := d.Get("name").(string) + policy := d.Get("policy").(string) + + log.Printf("[DEBUG] Writing policy %s to Vault", name) + err := client.Sys().PutPolicy(name, policy) + + if err != nil { + return fmt.Errorf("error writing to Vault: %s", err) + } + + d.SetId(name) + + return nil +} + +func policyDelete(d *schema.ResourceData, meta interface{}) error { + client := meta.(*api.Client) + + name := d.Id() + + log.Printf("[DEBUG] Deleting policy %s from Vault", name) + + err := client.Sys().DeletePolicy(name) + if err != nil { + return fmt.Errorf("error deleting from Vault: %s", err) + } + + return nil +} + +func policyRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*api.Client) + + name := d.Id() + + policy, err := client.Sys().GetPolicy(name) + + if err != nil { + return fmt.Errorf("error reading from Vault: %s", err) + } + + d.Set("policy", policy) + + return nil +} diff --git a/builtin/providers/vault/resource_policy_test.go b/builtin/providers/vault/resource_policy_test.go new file mode 100644 index 000000000..681912b86 --- /dev/null +++ b/builtin/providers/vault/resource_policy_test.go @@ -0,0 +1,115 @@ +package vault + +import ( + "fmt" + "testing" + + r "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + "github.com/hashicorp/vault/api" +) + +func TestResourcePolicy(t *testing.T) { + r.Test(t, r.TestCase{ + Providers: testProviders, + PreCheck: func() { testAccPreCheck(t) }, + Steps: []r.TestStep{ + r.TestStep{ + Config: testResourcePolicy_initialConfig, + Check: testResourcePolicy_initialCheck, + }, + r.TestStep{ + Config: testResourcePolicy_updateConfig, + Check: testResourcePolicy_updateCheck, + }, + }, + }) +} + +var testResourcePolicy_initialConfig = ` + +resource "vault_policy" "test" { + name = "dev-team" + policy = <