From 34ebf138f5b1d9499451070750e0089e0ddc03c4 Mon Sep 17 00:00:00 2001 From: Julien Date: Thu, 7 Mar 2024 10:54:27 +0100 Subject: [PATCH 1/2] added http basic authentication --- .gitignore | 1 + bastion/client.go | 12 ++++++++++-- bastion/config.go | 2 ++ bastion/provider.go | 10 ++++++++-- docs/index.md | 12 ++++++++++-- 5 files changed, 31 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 080d4da..d779d76 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ terraform-provider-wallix-bastion # Editor config .vscode/ +terraform-provider-bastion diff --git a/bastion/client.go b/bastion/client.go index ed7465c..ed58b29 100644 --- a/bastion/client.go +++ b/bastion/client.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "crypto/tls" + "encoding/base64" "encoding/json" "fmt" "io" @@ -21,6 +22,7 @@ type Client struct { bastionIP string bastionToken string bastionUser string + bastionPwd string } var defaultHTTPClient *http.Client //nolint:gochecknoglobals @@ -46,8 +48,14 @@ func (c *Client) newRequest(ctx context.Context, uri string, method string, json req, err := http.NewRequestWithContext(ctx, method, url, body) req.Header.Add("Content-Type", "application/json; charset=utf-8") req.Header.Add("User-Agent", "terraform-provider-wallix-bastion") - req.Header.Add("X-Auth-Key", c.bastionToken) - req.Header.Add("X-Auth-User", c.bastionUser) + if c.bastionToken != "" { + req.Header.Add("X-Auth-Key", c.bastionToken) + req.Header.Add("X-Auth-User", c.bastionUser) + } else { + rawcreds := c.bastionUser + ":" + c.bastionPwd + encoded_creds := base64.StdEncoding.EncodeToString([]byte(rawcreds)) + req.Header.Add("Authorization", "Basic "+encoded_creds) + } if err != nil { return "", http.StatusInternalServerError, fmt.Errorf("preparing http request: %w", err) } diff --git a/bastion/config.go b/bastion/config.go index 693e6c2..ca02bd7 100644 --- a/bastion/config.go +++ b/bastion/config.go @@ -11,6 +11,7 @@ type Config struct { bastionIP string bastionToken string bastionUser string + bastionPwd string } // Client: read information to connect on wallix bastion. @@ -21,6 +22,7 @@ func (c *Config) Client() (*Client, diag.Diagnostics) { bastionToken: c.bastionToken, bastionUser: c.bastionUser, bastionAPIVersion: c.bastionAPIVersion, + bastionPwd: c.bastionPwd, } return cl, nil diff --git a/bastion/provider.go b/bastion/provider.go index 95e0a23..8a99c23 100644 --- a/bastion/provider.go +++ b/bastion/provider.go @@ -37,13 +37,18 @@ func Provider() *schema.Provider { }, "token": { Type: schema.TypeString, - Required: true, + Optional: true, DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_TOKEN", nil), }, "user": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_USER", "admin"), + DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_USER", nil), + }, + "password": { + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("WALLIX_BASTION_PASSWORD", nil), }, "api_version": { Type: schema.TypeString, @@ -106,6 +111,7 @@ func configureProvider( bastionPort: d.Get("port").(int), bastionToken: d.Get("token").(string), bastionUser: d.Get("user").(string), + bastionPwd: d.Get("password").(string), } return config.Client() diff --git a/docs/index.md b/docs/index.md index 086f51a..1d1f108 100644 --- a/docs/index.md +++ b/docs/index.md @@ -8,7 +8,7 @@ The following arguments are supported in the `provider` block: This is the target for bastion API connection (ip or dns name). It can also be sourced from the `WALLIX_BASTION_HOST` environment variable. -- **token** (Required) +- **token** (Optional) This is the token to authenticate on bastion API. It can also be sourced from the `WALLIX_BASTION_TOKEN` environment variable. @@ -20,9 +20,17 @@ The following arguments are supported in the `provider` block: - **user** (Optional) This is the username used to authenticate on bastion API. It can also be sourced from the `WALLIX_BASTION_USER` environment variable. - Defaults to `admin`. + +- **password** (Optional) + This is the password used to authenticate against Bastion API. + It can also be sourced from the `WALLIX_BASTION_PASSWORD`environment variable. + - **api_version** (Optional) This is the version of api used to call api. It can also be sourced from the `WALLIX_BASTION_API_VERSION` environment variable. Defaults to `v3.3`. + +- You have to specify either the API key **OR** the user/password couple. The latter is + the recommanded authentication method. Create a dedicated account in the Bastion with the + needed permissions according to which resources you plan to use. \ No newline at end of file From 4152a2ebad10accbe8e6c0c45e34d9f829417821 Mon Sep 17 00:00:00 2001 From: bsimon Date: Fri, 8 Mar 2024 14:09:36 +0100 Subject: [PATCH 2/2] Fixed lint issues on go code + markdown --- bastion/client.go | 4 ++-- docs/index.md | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/bastion/client.go b/bastion/client.go index ed58b29..3b01082 100644 --- a/bastion/client.go +++ b/bastion/client.go @@ -53,8 +53,8 @@ func (c *Client) newRequest(ctx context.Context, uri string, method string, json req.Header.Add("X-Auth-User", c.bastionUser) } else { rawcreds := c.bastionUser + ":" + c.bastionPwd - encoded_creds := base64.StdEncoding.EncodeToString([]byte(rawcreds)) - req.Header.Add("Authorization", "Basic "+encoded_creds) + encodedcreds := base64.StdEncoding.EncodeToString([]byte(rawcreds)) + req.Header.Add("Authorization", "Basic "+encodedcreds) } if err != nil { return "", http.StatusInternalServerError, fmt.Errorf("preparing http request: %w", err) diff --git a/docs/index.md b/docs/index.md index 1d1f108..12ec003 100644 --- a/docs/index.md +++ b/docs/index.md @@ -25,7 +25,6 @@ The following arguments are supported in the `provider` block: This is the password used to authenticate against Bastion API. It can also be sourced from the `WALLIX_BASTION_PASSWORD`environment variable. - - **api_version** (Optional) This is the version of api used to call api. It can also be sourced from the `WALLIX_BASTION_API_VERSION` environment variable. @@ -33,4 +32,4 @@ The following arguments are supported in the `provider` block: - You have to specify either the API key **OR** the user/password couple. The latter is the recommanded authentication method. Create a dedicated account in the Bastion with the - needed permissions according to which resources you plan to use. \ No newline at end of file + needed permissions according to which resources you plan to use.