Merge pull request #10105 from hashicorp/f-chef-key_material

provider/chef: Migrate Chef to use KEY_MATERIAL rather than using a Pem file

builtin/providers/chef/provider.go

@@ -17,25 +17,31 @@ import (
 func Provider() terraform.ResourceProvider {
 	return &schema.Provider{
 		Schema: map[string]*schema.Schema{
-			"server_url": &schema.Schema{
+			"server_url": {
 				Type:        schema.TypeString,
 				Required:    true,
 				DefaultFunc: schema.EnvDefaultFunc("CHEF_SERVER_URL", nil),
 				Description: "URL of the root of the target Chef server or organization.",
 			},
-			"client_name": &schema.Schema{
+			"client_name": {
 				Type:        schema.TypeString,
 				Required:    true,
 				DefaultFunc: schema.EnvDefaultFunc("CHEF_CLIENT_NAME", nil),
 				Description: "Name of a registered client within the Chef server.",
 			},
-			"private_key_pem": &schema.Schema{
+			"private_key_pem": {
 				Type:        schema.TypeString,
-				Required:    true,
+				Optional:    true,
 				DefaultFunc: providerPrivateKeyEnvDefault,
+				Deprecated:  "Please use key_material instead",
 				Description: "PEM-formatted private key for client authentication.",
 			},
-			"allow_unverified_ssl": &schema.Schema{
+			"key_material": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("CHEF_KEY_MATERIAL", ""),
+			},
+			"allow_unverified_ssl": {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Description: "If set, the Chef client will permit unverifiable SSL certificates.",
@@ -60,12 +66,19 @@ func Provider() terraform.ResourceProvider {
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	config := &chefc.Config{
 		Name:    d.Get("client_name").(string),
-		Key:     d.Get("private_key_pem").(string),
 		BaseURL: d.Get("server_url").(string),
 		SkipSSL: d.Get("allow_unverified_ssl").(bool),
 		Timeout: 10 * time.Second,
 	}
 
+	if v, ok := d.GetOk("private_key_pem"); ok {
+		config.Key = v.(string)
+	}
+
+	if v, ok := d.GetOk("key_material"); ok {
+		config.Key = v.(string)
+	}
+
 	return chefc.NewClient(config)
 }
 

builtin/providers/chef/provider_test.go

@@ -56,7 +56,7 @@ func testAccPreCheck(t *testing.T) {
 	if v := os.Getenv("CHEF_CLIENT_NAME"); v == "" {
 		t.Fatal("CHEF_CLIENT_NAME must be set for acceptance tests")
 	}
-	if v := os.Getenv("CHEF_PRIVATE_KEY_FILE"); v == "" {
-		t.Fatal("CHEF_PRIVATE_KEY_FILE must be set for acceptance tests")
+	if v := os.Getenv("CHEF_KEY_MATERIAL"); v == "" {
+		t.Fatal("CHEF_KEY_MATERIAL must be set for acceptance tests")
 	}
 }

website/source/docs/providers/chef/index.html.markdown

@@ -23,7 +23,7 @@ provider "chef" {
 
      // You can set up a "Client" within the Chef Server management console.
      client_name = "terraform"
-     private_key_pem = "${file(\"chef-terraform.pem\")}"
+     key_material = "${file("chef-terraform.pem")}"
 }
 
 # Create a Chef Environment
@@ -51,9 +51,9 @@ The following arguments are supported:
 * `client_name` - (Required) The name of the client account to use when making
   requests. This must have been already configured on the Chef server.
   May be provided instead via the ``CHEF_CLIENT_NAME`` environment variable.
-* `private_key_pem` - (Required) The PEM-formatted private key belonging to
+* `key_material` - (Required) The PEM-formatted private key contents belonging to
   the configured client. This is issued by the server when a new client object
-  is created. May be provided instead in a file whose path is in the
+  is created. May be provided via the
   ``CHEF_PRIVATE_KEY_FILE`` environment variable.
 * `allow_unverified_ssl` - (Optional) Boolean indicating whether to make
   requests to a Chef server whose SSL certicate cannot be verified. Defaults