diff --git a/.gitignore b/.gitignore index 080d4da..d779d76 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ terraform-provider-wallix-bastion # Editor config .vscode/ +terraform-provider-bastion diff --git a/bastion/client.go b/bastion/client.go index ed7465c..3b01082 100644 --- a/bastion/client.go +++ b/bastion/client.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "crypto/tls" + "encoding/base64" "encoding/json" "fmt" "io" @@ -21,6 +22,7 @@ type Client struct { bastionIP string bastionToken string bastionUser string + bastionPwd string } var defaultHTTPClient *http.Client //nolint:gochecknoglobals @@ -46,8 +48,14 @@ func (c *Client) newRequest(ctx context.Context, uri string, method string, json req, err := http.NewRequestWithContext(ctx, method, url, body) req.Header.Add("Content-Type", "application/json; charset=utf-8") req.Header.Add("User-Agent", "terraform-provider-wallix-bastion") - req.Header.Add("X-Auth-Key", c.bastionToken) - req.Header.Add("X-Auth-User", c.bastionUser) + if c.bastionToken != "" { + req.Header.Add("X-Auth-Key", c.bastionToken) + req.Header.Add("X-Auth-User", c.bastionUser) + } else { + rawcreds := c.bastionUser + ":" + c.bastionPwd + encodedcreds := base64.StdEncoding.EncodeToString([]byte(rawcreds)) + req.Header.Add("Authorization", "Basic "+encodedcreds) + } if err != nil { return "", http.StatusInternalServerError, fmt.Errorf("preparing http request: %w", err) } diff --git a/bastion/config.go b/bastion/config.go index 693e6c2..ca02bd7 100644 --- a/bastion/config.go +++ b/bastion/config.go @@ -11,6 +11,7 @@ type Config struct { bastionIP string bastionToken string bastionUser string + bastionPwd string } // Client: read information to connect on wallix bastion. @@ -21,6 +22,7 @@ func (c *Config) Client() (*Client, diag.Diagnostics) { bastionToken: c.bastionToken, bastionUser: c.bastionUser, bastionAPIVersion: c.bastionAPIVersion, + bastionPwd: c.bastionPwd, } return cl, nil diff --git a/bastion/provider.go b/bastion/provider.go index 95e0a23..8a99c23 100644 --- a/bastion/provider.go +++ b/bastion/provider.go @@ -37,13 +37,18 @@ func Provider() *schema.Provider { }, "token": { Type: schema.TypeString, - Required: true, + Optional: true, DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_TOKEN", nil), }, "user": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_USER", "admin"), + DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_USER", nil), + }, + "password": { + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_PASSWORD", nil), }, "api_version": { Type: schema.TypeString, @@ -106,6 +111,7 @@ func configureProvider( bastionPort: d.Get("port").(int), bastionToken: d.Get("token").(string), bastionUser: d.Get("user").(string), + bastionPwd: d.Get("password").(string), } return config.Client() diff --git a/docs/index.md b/docs/index.md index 086f51a..12ec003 100644 --- a/docs/index.md +++ b/docs/index.md @@ -8,7 +8,7 @@ The following arguments are supported in the `provider` block: This is the target for bastion API connection (ip or dns name). It can also be sourced from the `WALLIX_BASTION_HOST` environment variable. -- **token** (Required) +- **token** (Optional) This is the token to authenticate on bastion API. It can also be sourced from the `WALLIX_BASTION_TOKEN` environment variable. @@ -20,9 +20,16 @@ The following arguments are supported in the `provider` block: - **user** (Optional) This is the username used to authenticate on bastion API. It can also be sourced from the `WALLIX_BASTION_USER` environment variable. - Defaults to `admin`. + +- **password** (Optional) + This is the password used to authenticate against Bastion API. + It can also be sourced from the `WALLIX_BASTION_PASSWORD`environment variable. - **api_version** (Optional) This is the version of api used to call api. It can also be sourced from the `WALLIX_BASTION_API_VERSION` environment variable. Defaults to `v3.3`. + +- You have to specify either the API key **OR** the user/password couple. The latter is + the recommanded authentication method. Create a dedicated account in the Bastion with the + needed permissions according to which resources you plan to use.