diff --git a/builtin/providers/pagerduty/config.go b/builtin/providers/pagerduty/config.go index 00f55e71c..d8b083bfc 100644 --- a/builtin/providers/pagerduty/config.go +++ b/builtin/providers/pagerduty/config.go @@ -1,6 +1,7 @@ package pagerduty import ( + "fmt" "log" "github.com/PagerDuty/go-pagerduty" @@ -8,13 +9,40 @@ import ( // Config defines the configuration options for the PagerDuty client type Config struct { + // The PagerDuty API V2 token Token string + + // Skip validation of the token against the PagerDuty API + SkipCredsValidation bool } +const invalidCreds = ` + +No valid credentials found for PagerDuty provider. +Please see https://www.terraform.io/docs/providers/pagerduty/index.html +for more information on providing credentials for this provider. +` + // Client returns a new PagerDuty client func (c *Config) Client() (*pagerduty.Client, error) { + // Validate that the PagerDuty token is set + if c.Token == "" { + return nil, fmt.Errorf(invalidCreds) + } + client := pagerduty.NewClient(c.Token) + if !c.SkipCredsValidation { + // Validate the credentials by calling the abilities endpoint, + // if we get a 401 response back we return an error to the user + if _, err := client.ListAbilities(); err != nil { + if isUnauthorized(err) { + return nil, fmt.Errorf(fmt.Sprintf("%s\n%s", err, invalidCreds)) + } + return nil, err + } + } + log.Printf("[INFO] PagerDuty client configured") return client, nil diff --git a/builtin/providers/pagerduty/config_test.go b/builtin/providers/pagerduty/config_test.go new file mode 100644 index 000000000..4f43d736c --- /dev/null +++ b/builtin/providers/pagerduty/config_test.go @@ -0,0 +1,28 @@ +package pagerduty + +import ( + "testing" +) + +// Test config with an empty token +func TestConfigEmptyToken(t *testing.T) { + config := Config{ + Token: "", + } + + if _, err := config.Client(); err == nil { + t.Fatalf("expected error, but got nil") + } +} + +// Test config with invalid token but with SkipCredsValidation +func TestConfigSkipCredsValidation(t *testing.T) { + config := Config{ + Token: "foo", + SkipCredsValidation: true, + } + + if _, err := config.Client(); err != nil { + t.Fatalf("error: expected the client to not fail: %v", err) + } +} diff --git a/builtin/providers/pagerduty/errors.go b/builtin/providers/pagerduty/errors.go index 2e8efee5b..fc9d579d6 100644 --- a/builtin/providers/pagerduty/errors.go +++ b/builtin/providers/pagerduty/errors.go @@ -9,3 +9,7 @@ func isNotFound(err error) bool { return false } + +func isUnauthorized(err error) bool { + return strings.Contains(err.Error(), "HTTP response code: 401") +} diff --git a/builtin/providers/pagerduty/provider.go b/builtin/providers/pagerduty/provider.go index 55dc01819..96a2f338e 100644 --- a/builtin/providers/pagerduty/provider.go +++ b/builtin/providers/pagerduty/provider.go @@ -16,6 +16,12 @@ func Provider() terraform.ResourceProvider { Required: true, DefaultFunc: schema.EnvDefaultFunc("PAGERDUTY_TOKEN", nil), }, + + "skip_credentials_validation": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, }, DataSourcesMap: map[string]*schema.Resource{ @@ -40,7 +46,11 @@ func Provider() terraform.ResourceProvider { } func providerConfigure(data *schema.ResourceData) (interface{}, error) { - config := Config{Token: data.Get("token").(string)} + config := Config{ + Token: data.Get("token").(string), + SkipCredsValidation: data.Get("skip_credentials_validation").(bool), + } + log.Println("[INFO] Initializing PagerDuty client") return config.Client() } diff --git a/website/source/docs/providers/pagerduty/index.html.markdown b/website/source/docs/providers/pagerduty/index.html.markdown index ca834d6e0..5b34c7c2f 100644 --- a/website/source/docs/providers/pagerduty/index.html.markdown +++ b/website/source/docs/providers/pagerduty/index.html.markdown @@ -39,3 +39,4 @@ resource "pagerduty_user" "earline" { The following arguments are supported: * `token` - (Required) The v2 authorization token. See [API Documentation](https://v2.developer.pagerduty.com/docs/authentication) for more information. +* `skip_credentials_validation` - (Optional) Skip validation of the token against the PagerDuty API.