Merge pull request #15 from moulip/jpa-develop

added http basic authentication

.gitignore

@@ -13,3 +13,4 @@ terraform-provider-wallix-bastion
 
 # Editor config
 .vscode/
+terraform-provider-bastion

bastion/client.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/tls"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -21,6 +22,7 @@ type Client struct {
 	bastionIP         string
 	bastionToken      string
 	bastionUser       string
+	bastionPwd        string
 }
 
 var defaultHTTPClient *http.Client //nolint:gochecknoglobals
@@ -46,8 +48,14 @@ func (c *Client) newRequest(ctx context.Context, uri string, method string, json
 	req, err := http.NewRequestWithContext(ctx, method, url, body)
 	req.Header.Add("Content-Type", "application/json; charset=utf-8")
 	req.Header.Add("User-Agent", "terraform-provider-wallix-bastion")
-	req.Header.Add("X-Auth-Key", c.bastionToken)
-	req.Header.Add("X-Auth-User", c.bastionUser)
+	if c.bastionToken != "" {
+		req.Header.Add("X-Auth-Key", c.bastionToken)
+		req.Header.Add("X-Auth-User", c.bastionUser)
+	} else {
+		rawcreds := c.bastionUser + ":" + c.bastionPwd
+		encodedcreds := base64.StdEncoding.EncodeToString([]byte(rawcreds))
+		req.Header.Add("Authorization", "Basic "+encodedcreds)
+	}
 	if err != nil {
 		return "", http.StatusInternalServerError, fmt.Errorf("preparing http request: %w", err)
 	}

bastion/config.go

@@ -11,6 +11,7 @@ type Config struct {
 	bastionIP         string
 	bastionToken      string
 	bastionUser       string
+	bastionPwd        string
 }
 
 // Client: read information to connect on wallix bastion.
@@ -21,6 +22,7 @@ func (c *Config) Client() (*Client, diag.Diagnostics) {
 		bastionToken:      c.bastionToken,
 		bastionUser:       c.bastionUser,
 		bastionAPIVersion: c.bastionAPIVersion,
+		bastionPwd:        c.bastionPwd,
 	}
 
 	return cl, nil

bastion/provider.go

@@ -37,13 +37,18 @@ func Provider() *schema.Provider {
 			},
 			"token": {
 				Type:        schema.TypeString,
-				Required:    true,
+				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_TOKEN", nil),
 			},
 			"user": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_USER", "admin"),
+				DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_USER", nil),
+			},
+			"password": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_PASSWORD", nil),
 			},
 			"api_version": {
 				Type:        schema.TypeString,
@@ -106,6 +111,7 @@ func configureProvider(
 		bastionPort:       d.Get("port").(int),
 		bastionToken:      d.Get("token").(string),
 		bastionUser:       d.Get("user").(string),
+		bastionPwd:        d.Get("password").(string),
 	}
 
 	return config.Client()

docs/index.md

@@ -8,7 +8,7 @@ The following arguments are supported in the `provider` block:
   This is the target for bastion API connection (ip or dns name).  
   It can also be sourced from the `WALLIX_BASTION_HOST` environment variable.
 
-- **token** (Required)  
+- **token** (Optional)  
   This is the token to authenticate on bastion API.  
   It can also be sourced from the `WALLIX_BASTION_TOKEN` environment variable.  
 
@@ -20,9 +20,16 @@ The following arguments are supported in the `provider` block:
 - **user** (Optional)  
   This is the username used to authenticate on bastion API.  
   It can also be sourced from the `WALLIX_BASTION_USER` environment variable.  
-  Defaults to `admin`.
+
+- **password** (Optional)
+  This is the password used to authenticate against Bastion API.
+  It can also be sourced from the `WALLIX_BASTION_PASSWORD`environment variable.
 
 - **api_version** (Optional)  
   This is the version of api used to call api.  
   It can also be sourced from the `WALLIX_BASTION_API_VERSION` environment variable.  
   Defaults to `v3.3`.
+
+- You have to specify either the API key **OR** the user/password couple. The latter is
+  the recommanded authentication method. Create a dedicated account in the Bastion with the
+  needed permissions according to which resources you plan to use.