Sweep managed workloads resources (#12)

78a9d1a0 · Andrew Reed · GitHub · 0fd8a3f7 · 78a9d1a0 · 78a9d1a0
Unverified Commit 78a9d1a0 authored 1 year ago by Andrew Reed Committed by GitHub 1 year ago
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+## 0.4.0
+
+BUG FIXES:
+* Hosted provisioner webhooks will have a secret of type null rather than type unknown after creation.
+
 ## 0.3.0

 FEATURES:

--- a/internal/apiclient/v20230301/api.gen.go
+++ b/internal/apiclient/v20230301/api.gen.go
--- a/internal/apiserver/v20230301/api.gen.go
+++ b/internal/apiserver/v20230301/api.gen.go
--- a/internal/provider/agent_configuration/resource_test.go
+++ b/internal/provider/agent_configuration/resource_test.go
@@ -42,7 +42,7 @@ func TestAccAgentConfigurationResource(t *testing.T) {
 	config1 := fmt.Sprintf(`
 resource "smallstep_authority" "agents" {
 	subdomain = %q
-	name = "Agents Authority"
+	name = "tfprovider-agents-authority"
 	type = "devops"
 	admin_emails = ["andrew@smallstep.com"]
 }
@@ -59,7 +59,7 @@ resource "smallstep_provisioner" "agents" {
 resource "smallstep_agent_configuration" "agent1" {
 	authority_id = smallstep_authority.agents.id
 	provisioner_name = smallstep_provisioner.agents.name
-	name = "Agent1"
+	name = "tfprovider Agent1"
 	attestation_slug = "anythinggoes"
 	depends_on = [smallstep_provisioner.agents]
 }`, slug, root)
@@ -69,7 +69,7 @@ resource "smallstep_agent_configuration" "agent1" {
 	config2 := fmt.Sprintf(`
 resource "smallstep_authority" "agents" {
 	subdomain = %q
-	name = "Agents Authority"
+	name = "tfprovider-agents-authority"
 	type = "devops"
 	admin_emails = ["andrew@smallstep.com"]
 }
@@ -86,7 +86,7 @@ resource "smallstep_provisioner" "agents" {
 resource "smallstep_agent_configuration" "agent1" {
 	authority_id = smallstep_authority.agents.id
 	provisioner_name = smallstep_provisioner.agents.name
-	name = "Agent 1"
+	name = "tfprovider Agent 1"
 	attestation_slug = "anythinggoes2"
 	depends_on = [smallstep_provisioner.agents]
 }`, slug2, root)
@@ -98,7 +98,7 @@ resource "smallstep_agent_configuration" "agent1" {
 				Config: config1,
 				Check: helper.ComposeAggregateTestCheckFunc(
 					helper.TestMatchResourceAttr("smallstep_agent_configuration.agent1", "id", regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)),
-					helper.TestCheckResourceAttr("smallstep_agent_configuration.agent1", "name", "Agent1"),
+					helper.TestCheckResourceAttr("smallstep_agent_configuration.agent1", "name", "tfprovider Agent1"),
 					helper.TestMatchResourceAttr("smallstep_agent_configuration.agent1", "authority_id", regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)),
 					helper.TestCheckResourceAttr("smallstep_agent_configuration.agent1", "provisioner_name", "Agents"),
 					helper.TestCheckResourceAttr("smallstep_agent_configuration.agent1", "attestation_slug", "anythinggoes"),
@@ -107,7 +107,7 @@ resource "smallstep_agent_configuration" "agent1" {
 			{
 				Config: config2,
 				Check: helper.ComposeAggregateTestCheckFunc(
-					helper.TestCheckResourceAttr("smallstep_agent_configuration.agent1", "name", "Agent 1"),
+					helper.TestCheckResourceAttr("smallstep_agent_configuration.agent1", "name", "tfprovider Agent 1"),
 				),
 				ConfigPlanChecks: helper.ConfigPlanChecks{
 					PreApply: []plancheck.PlanCheck{

--- a/internal/provider/agent_configuration/sweep_test.go
+++ b/internal/provider/agent_configuration/sweep_test.go
+package agent_configuration
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	v20230301 "github.com/smallstep/terraform-provider-smallstep/internal/apiclient/v20230301"
+	"github.com/smallstep/terraform-provider-smallstep/internal/provider/utils"
+)
+
+func init() {
+	resource.AddTestSweepers("smallstep_agent_configuration", &resource.Sweeper{
+		Name: "smallstep_agent_configuration",
+		F: func(region string) error {
+			ctx := context.Background()
+
+			client, err := utils.SmallstepAPIClientFromEnv()
+			if err != nil {
+				return err
+			}
+
+			resp, err := client.ListAgentConfigurations(ctx, &v20230301.ListAgentConfigurationsParams{})
+			if err != nil {
+				return err
+			}
+			defer resp.Body.Close()
+			if resp.StatusCode != http.StatusOK {
+				body, _ := io.ReadAll(resp.Body)
+				return fmt.Errorf("failed to list agents: %d: %s", resp.StatusCode, body)
+			}
+			var list []*v20230301.AgentConfiguration
+			if err := json.NewDecoder(resp.Body).Decode(&list); err != nil {
+				return err
+			}
+
+			for _, ec := range list {
+				if !strings.HasPrefix(ec.Name, "tfprovider") {
+					continue
+				}
+				resp, err := client.DeleteAgentConfiguration(ctx, *ec.Id, &v20230301.DeleteAgentConfigurationParams{})
+				if err != nil {
+					return err
+				}
+				defer resp.Body.Close()
+				if resp.StatusCode != http.StatusNoContent {
+					body, _ := io.ReadAll(resp.Body)
+					return fmt.Errorf("failed to delete agent configuration %q: %d: %s", ec.Name, resp.StatusCode, body)
+				}
+				log.Printf("Successfully swept %s\n", ec.Name)
+			}
+
+			return nil
+		},
+	})
+}
--- a/internal/provider/endpoint_configuration/resource_test.go
+++ b/internal/provider/endpoint_configuration/resource_test.go
@@ -42,7 +42,7 @@ func TestAccAgentConfigurationResource(t *testing.T) {
 	config1 := fmt.Sprintf(`
 resource "smallstep_authority" "agents" {
 	subdomain = %q
-	name = "Agents Authority"
+	name = "tfprovider-agents-authority"
 	type = "devops"
 	admin_emails = ["andrew@smallstep.com"]
 }
@@ -57,7 +57,7 @@ resource "smallstep_provisioner" "agents" {
 }

 resource "smallstep_endpoint_configuration" "ep1" {
-	name = "My DB"
+	name = "tfprovider My DB"
 	kind = "WORKLOAD"

 	# this would generally be a different authority
@@ -135,7 +135,7 @@ resource "smallstep_endpoint_configuration" "ep1" {
 	config2 := fmt.Sprintf(`
 resource "smallstep_authority" "agents" {
 	subdomain = %q
-	name = "Agents Authority"
+	name = "tfprovider-agents-authority"
 	type = "devops"
 	admin_emails = ["andrew@smallstep.com"]
 }
@@ -150,7 +150,7 @@ resource "smallstep_provisioner" "agents" {
 }

 resource "smallstep_endpoint_configuration" "ep1" {
-	name = "SSH"
+	name = "tfprovider SSH"
 	kind = "PEOPLE"
 	authority_id = smallstep_authority.agents.id
 	provisioner_name = smallstep_provisioner.agents.name
@@ -179,7 +179,7 @@ resource "smallstep_endpoint_configuration" "ep1" {
 				Config: config1,
 				Check: helper.ComposeAggregateTestCheckFunc(
 					helper.TestMatchResourceAttr("smallstep_endpoint_configuration.ep1", "id", regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)),
-					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "name", "My DB"),
+					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "name", "tfprovider My DB"),
 					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "kind", "WORKLOAD"),
 					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "certificate_info.type", "X509"),
 					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "certificate_info.duration", "168h"),
@@ -215,7 +215,7 @@ resource "smallstep_endpoint_configuration" "ep1" {
 				Config: config2,
 				Check: helper.ComposeAggregateTestCheckFunc(
 					helper.TestMatchResourceAttr("smallstep_endpoint_configuration.ep1", "id", regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)),
-					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "name", "SSH"),
+					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "name", "tfprovider SSH"),
 					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "kind", "PEOPLE"),
 					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "certificate_info.type", "SSH_USER"),
 					helper.TestCheckResourceAttr("smallstep_endpoint_configuration.ep1", "key_info.type", "DEFAULT"),
@@ -233,24 +233,6 @@ resource "smallstep_endpoint_configuration" "ep1" {
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
-			/*
-				{
-					Config: config2,
-					Check: helper.ComposeAggregateTestCheckFunc(
-						helper.TestCheckResourceAttr("smallstep_agent_configuration.agent1", "name", "Agent 1"),
-					),
-					ConfigPlanChecks: helper.ConfigPlanChecks{
-						PreApply: []plancheck.PlanCheck{
-							plancheck.ExpectResourceAction("smallstep_agent_configuration.agent1", plancheck.ResourceActionUpdate),
-						},
-					},
-				},
-				{
-					ResourceName:      "smallstep_agent_configuration.agent1",
-					ImportState:       true,
-					ImportStateVerify: true,
-				},
-			*/
 		},
 	})
 }
--- a/internal/provider/endpoint_configuration/sweep_test.go
+++ b/internal/provider/endpoint_configuration/sweep_test.go
+package endpoint_configuration
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	v20230301 "github.com/smallstep/terraform-provider-smallstep/internal/apiclient/v20230301"
+	"github.com/smallstep/terraform-provider-smallstep/internal/provider/utils"
+)
+
+func init() {
+	resource.AddTestSweepers("smallstep_endpoint_configuration", &resource.Sweeper{
+		Name: "smallstep_endpoint_configuration",
+		F: func(region string) error {
+			ctx := context.Background()
+
+			client, err := utils.SmallstepAPIClientFromEnv()
+			if err != nil {
+				return err
+			}
+
+			resp, err := client.ListEndpointConfigurations(ctx, &v20230301.ListEndpointConfigurationsParams{})
+			if err != nil {
+				return err
+			}
+			defer resp.Body.Close()
+			if resp.StatusCode != http.StatusOK {
+				body, _ := io.ReadAll(resp.Body)
+				return fmt.Errorf("failed to list endpoints: %d: %s", resp.StatusCode, body)
+			}
+			var list []*v20230301.EndpointConfiguration
+			if err := json.NewDecoder(resp.Body).Decode(&list); err != nil {
+				return err
+			}
+
+			for _, ec := range list {
+				if !strings.HasPrefix(ec.Name, "tfprovider") {
+					continue
+				}
+				resp, err := client.DeleteEndpointConfiguration(ctx, *ec.Id, &v20230301.DeleteEndpointConfigurationParams{})
+				if err != nil {
+					return err
+				}
+				defer resp.Body.Close()
+				if resp.StatusCode != http.StatusNoContent {
+					body, _ := io.ReadAll(resp.Body)
+					return fmt.Errorf("failed to delete endpoint configuration %q: %d: %s", ec.Name, resp.StatusCode, body)
+				}
+				log.Printf("Successfully swept %s\n", ec.Name)
+			}
+
+			return nil
+		},
+	})
+}
--- a/internal/provider/managed_configuration/resource_test.go
+++ b/internal/provider/managed_configuration/resource_test.go
@@ -48,7 +48,7 @@ func TestAccManagedConfigurationResource(t *testing.T) {
 	config := fmt.Sprintf(`
 resource "smallstep_authority" "authority" {
 	subdomain = %q
-	name = "Managed Workloads Authority"
+	name = "tfprovider-managed-workloads-authority"
 	type = "devops"
 	admin_emails = ["andrew@smallstep.com"]
 }
@@ -65,13 +65,13 @@ resource "smallstep_provisioner" "provisioner" {
 resource "smallstep_agent_configuration" "agent1" {
 	authority_id = smallstep_authority.authority.id
 	provisioner_name = smallstep_provisioner.provisioner.name
-	name = "Agent1"
+	name = "tfprovider Agent1"
 	attestation_slug = "attestationslug"
 	depends_on = [smallstep_provisioner.provisioner]
 }

 resource "smallstep_endpoint_configuration" "ep1" {
-	name = "My DB"
+	name = "tfprovider My DB"
 	kind = "WORKLOAD"
 	authority_id = smallstep_authority.authority.id
 	provisioner_name = smallstep_provisioner.provisioner.name
@@ -88,7 +88,7 @@ resource "smallstep_endpoint_configuration" "ep1" {

 resource "smallstep_managed_configuration" "mc" {
 	agent_configuration_id = smallstep_agent_configuration.agent1.id
-	name = "Multiple Endpoints"
+	name = "tfprovider Multiple Endpoints"
 	host_id = %q
 	managed_endpoints = [
 		{
@@ -106,7 +106,7 @@ resource "smallstep_managed_configuration" "mc" {
 	config2 := fmt.Sprintf(`
 resource "smallstep_authority" "authority" {
 	subdomain = %q
-	name = "Managed Workloads Authority"
+	name = "tfprovider-managed-workloads-authority"
 	type = "devops"
 	admin_emails = ["andrew@smallstep.com"]
 }
@@ -123,14 +123,14 @@ resource "smallstep_provisioner" "provisioner" {
 resource "smallstep_agent_configuration" "agent2" {
 	authority_id = smallstep_authority.authority.id
 	provisioner_name = smallstep_provisioner.provisioner.name
-	name = "Agent1"
+	name = "tfprovider Agent1"
 	attestation_slug = "attestationslug"
 	depends_on = [smallstep_provisioner.provisioner]
 }


 resource "smallstep_endpoint_configuration" "ep2" {
-	name = "SSH"
+	name = "tfprovider SSH"
 	kind = "PEOPLE"
 	authority_id = smallstep_authority.authority.id
 	provisioner_name = smallstep_provisioner.provisioner.name
@@ -147,7 +147,7 @@ resource "smallstep_endpoint_configuration" "ep2" {

 resource "smallstep_managed_configuration" "mc" {
 	agent_configuration_id = smallstep_agent_configuration.agent2.id
-	name = "Updated"
+	name = "tfprovider Updated"
 	host_id = %q
 	managed_endpoints = [
 		{
@@ -174,7 +174,7 @@ resource "smallstep_managed_configuration" "mc" {
 					// managed configuration
 					helper.TestMatchResourceAttr("smallstep_managed_configuration.mc", "id", regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)),
 					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "host_id", hostID),
-					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "name", "Multiple Endpoints"),
+					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "name", "tfprovider Multiple Endpoints"),
 					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "managed_endpoints.#", "1"),
 					helper.TestMatchResourceAttr("smallstep_managed_configuration.mc", "managed_endpoints.0.endpoint_configuration_id", regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)),
 					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "managed_endpoints.0.x509_certificate_data.common_name", "db"),
@@ -192,7 +192,7 @@ resource "smallstep_managed_configuration" "mc" {
 					// managed configuration
 					helper.TestMatchResourceAttr("smallstep_managed_configuration.mc", "id", regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)),
 					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "host_id", hostID2),
-					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "name", "Updated"),
+					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "name", "tfprovider Updated"),
 					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "managed_endpoints.#", "1"),
 					helper.TestMatchResourceAttr("smallstep_managed_configuration.mc", "managed_endpoints.0.endpoint_configuration_id", regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)),
 					helper.TestCheckResourceAttr("smallstep_managed_configuration.mc", "managed_endpoints.0.ssh_certificate_data.key_id", "abc"),

--- a/internal/provider/managed_configuration/sweep_test.go
+++ b/internal/provider/managed_configuration/sweep_test.go
+package managed_configuration
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	v20230301 "github.com/smallstep/terraform-provider-smallstep/internal/apiclient/v20230301"
+	"github.com/smallstep/terraform-provider-smallstep/internal/provider/utils"
+)
+
+func init() {
+	resource.AddTestSweepers("smallstep_managed_configuration", &resource.Sweeper{
+		Name: "smallstep_managed_configuration",
+		F: func(region string) error {
+			ctx := context.Background()
+
+			client, err := utils.SmallstepAPIClientFromEnv()
+			if err != nil {
+				return err
+			}
+
+			resp, err := client.ListManagedConfigurations(ctx, &v20230301.ListManagedConfigurationsParams{})
+			if err != nil {
+				return err
+			}
+			defer resp.Body.Close()
+			if resp.StatusCode != http.StatusOK {
+				body, _ := io.ReadAll(resp.Body)
+				return fmt.Errorf("failed to list configurations: %d: %s", resp.StatusCode, body)
+			}
+			var list []*v20230301.ManagedConfiguration
+			if err := json.NewDecoder(resp.Body).Decode(&list); err != nil {
+				return err
+			}
+
+			for _, mc := range list {
+				if !strings.HasPrefix(mc.Name, "tfprovider") {
+					continue
+				}
+				resp, err := client.DeleteManagedConfiguration(ctx, *mc.Id, &v20230301.DeleteManagedConfigurationParams{})
+				if err != nil {
+					return err
+				}
+				defer resp.Body.Close()
+				if resp.StatusCode != http.StatusNoContent {
+					body, _ := io.ReadAll(resp.Body)
+					return fmt.Errorf("failed to delete managed configuration %q: %d: %s", mc.Name, resp.StatusCode, body)
+				}
+				log.Printf("Successfully swept %s\n", mc.Name)
+			}
+
+			return nil
+		},
+	})
+}
--- a/internal/provider/webhook/model.go
+++ b/internal/provider/webhook/model.go
@@ -46,12 +46,17 @@ func fromAPI(ctx context.Context, webhook *v20230301.ProvisionerWebhook, state u
 	}

 	// secret is only set on the first response to a new webhook and is only set
-	// for EXTERNAL webhooks. If it's nil in the API response use state.
+	// for EXTERNAL webhooks. If it's nil in the API response use state for
+	// external and null for hosted webhooks.
 	if webhook.Secret == nil {
-		secretFromState := types.String{}
-		d := state.GetAttribute(ctx, path.Root("secret"), &secretFromState)
-		diags = append(diags, d...)
-		data.Secret = secretFromState
+		if webhook.ServerType == v20230301.EXTERNAL {
+			secretFromState := types.String{}
+			d := state.GetAttribute(ctx, path.Root("secret"), &secretFromState)
+			diags = append(diags, d...)
+			data.Secret = secretFromState
+		} else {
+			data.Secret = types.StringNull()
+		}
 	} else {
 		data.Secret = types.StringValue(utils.Deref(webhook.Secret))
 	}