Skip to content

Commit

Permalink
Make type assertions more defensive on the secret manager datasources (
Browse files Browse the repository at this point in the history
…#11990) (#20255)

[upstream:61269cf1023057d2a5ba80fa6a1b6e408e4d57a1]

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored Nov 8, 2024
1 parent cca9872 commit 74c815e
Show file tree
Hide file tree
Showing 5 changed files with 98 additions and 57 deletions.
2 changes: 2 additions & 0 deletions .changelog/11990.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
```release-note:none
```
Original file line number Diff line number Diff line change
Expand Up @@ -70,19 +70,27 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
return err
}

fv, err := tpgresource.ParseProjectFieldValue("secrets", d.Get("secret").(string), "project", d, config, false)
dSecret, ok := d.Get("secret").(string)
if !ok {
return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret"))
}

fv, err := tpgresource.ParseProjectFieldValue("secrets", dSecret, "project", d, config, false)
if err != nil {
return err
}
if d.Get("project").(string) != "" && d.Get("project").(string) != fv.Project {
return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), fv.Project)
}
project := fv.Project
if dProject, ok := d.Get("project").(string); !ok {
return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project"))
} else if dProject != "" && dProject != project {
return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project)
}

if err := d.Set("project", project); err != nil {
return fmt.Errorf("Error setting project: %s", err)
return fmt.Errorf("error setting project: %s", err)
}
if err := d.Set("secret", fv.Name); err != nil {
return fmt.Errorf("Error setting secret: %s", err)
return fmt.Errorf("error setting secret: %s", err)
}

var url string
Expand All @@ -109,21 +117,26 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
UserAgent: userAgent,
})
if err != nil {
return fmt.Errorf("Error retrieving available secret manager secret versions: %s", err.Error())
return fmt.Errorf("error retrieving available secret manager secret versions: %s", err.Error())
}

secretVersionRegex := regexp.MustCompile("projects/(.+)/secrets/(.+)/versions/(.+)$")

parts := secretVersionRegex.FindStringSubmatch(version["name"].(string))
nameValue, ok := version["name"]
if !ok {
return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.")
}

parts := secretVersionRegex.FindStringSubmatch(nameValue.(string))
// should return [full string, project number, secret name, version number]
if len(parts) != 4 {
panic(fmt.Sprintf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", version["name"].(string)))
return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string))
}

log.Printf("[DEBUG] Received Google SecretManager Version: %q", version)

if err := d.Set("version", parts[3]); err != nil {
return fmt.Errorf("Error setting version: %s", err)
return fmt.Errorf("error setting version: %s", err)
}

url = fmt.Sprintf("%s:access", url)
Expand All @@ -135,22 +148,22 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
UserAgent: userAgent,
})
if err != nil {
return fmt.Errorf("Error retrieving available secret manager secret version access: %s", err.Error())
return fmt.Errorf("error retrieving available secret manager secret version access: %s", err.Error())
}

if err := d.Set("create_time", version["createTime"].(string)); err != nil {
return fmt.Errorf("Error setting create_time: %s", err)
return fmt.Errorf("error setting create_time: %s", err)
}
if version["destroyTime"] != nil {
if err := d.Set("destroy_time", version["destroyTime"].(string)); err != nil {
return fmt.Errorf("Error setting destroy_time: %s", err)
return fmt.Errorf("error setting destroy_time: %s", err)
}
}
if err := d.Set("name", version["name"].(string)); err != nil {
return fmt.Errorf("Error setting name: %s", err)
if err := d.Set("name", nameValue.(string)); err != nil {
return fmt.Errorf("error setting name: %s", err)
}
if err := d.Set("enabled", true); err != nil {
return fmt.Errorf("Error setting enabled: %s", err)
return fmt.Errorf("error setting enabled: %s", err)
}

data := resp["payload"].(map[string]interface{})
Expand All @@ -165,9 +178,9 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
secretData = string(payloadData)
}
if err := d.Set("secret_data", secretData); err != nil {
return fmt.Errorf("Error setting secret_data: %s", err)
return fmt.Errorf("error setting secret_data: %s", err)
}

d.SetId(version["name"].(string))
d.SetId(nameValue.(string))
return nil
}
Original file line number Diff line number Diff line change
Expand Up @@ -58,19 +58,28 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta
return err
}

fv, err := tpgresource.ParseProjectFieldValue("secrets", d.Get("secret").(string), "project", d, config, false)
dSecret, ok := d.Get("secret").(string)
if !ok {
return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret"))
}

fv, err := tpgresource.ParseProjectFieldValue("secrets", dSecret, "project", d, config, false)
if err != nil {
return err
}
if d.Get("project").(string) != "" && d.Get("project").(string) != fv.Project {
return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), fv.Project)
}

project := fv.Project
if dProject, ok := d.Get("project").(string); !ok {
return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project"))
} else if dProject != "" && dProject != project {
return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project)
}

if err := d.Set("project", project); err != nil {
return fmt.Errorf("Error setting project: %s", err)
return fmt.Errorf("error setting project: %s", err)
}
if err := d.Set("secret", fv.Name); err != nil {
return fmt.Errorf("Error setting secret: %s", err)
return fmt.Errorf("error setting secret: %s", err)
}

var url string
Expand All @@ -97,25 +106,29 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta
UserAgent: userAgent,
})
if err != nil {
return fmt.Errorf("Error retrieving available secret manager secret version access: %s", err.Error())
return fmt.Errorf("error retrieving available secret manager secret version access: %s", err.Error())
}

if err := d.Set("name", resp["name"].(string)); err != nil {
return fmt.Errorf("Error setting name: %s", err)
nameValue, ok := resp["name"]
if !ok {
return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.")
}
if err := d.Set("name", nameValue.(string)); err != nil {
return fmt.Errorf("error setting name: %s", err)
}

secretVersionRegex := regexp.MustCompile("projects/(.+)/secrets/(.+)/versions/(.+)$")

parts := secretVersionRegex.FindStringSubmatch(resp["name"].(string))
parts := secretVersionRegex.FindStringSubmatch(nameValue.(string))
// should return [full string, project number, secret name, version number]
if len(parts) != 4 {
panic(fmt.Sprintf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", resp["name"].(string)))
return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string))
}

log.Printf("[DEBUG] Received Google SecretManager Version: %q", parts[3])

if err := d.Set("version", parts[3]); err != nil {
return fmt.Errorf("Error setting version: %s", err)
return fmt.Errorf("error setting version: %s", err)
}

data := resp["payload"].(map[string]interface{})
Expand All @@ -130,9 +143,9 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta
secretData = string(payloadData)
}
if err := d.Set("secret_data", secretData); err != nil {
return fmt.Errorf("Error setting secret_data: %s", err)
return fmt.Errorf("error setting secret_data: %s", err)
}

d.SetId(resp["name"].(string))
d.SetId(nameValue.(string))
return nil
}
Original file line number Diff line number Diff line change
Expand Up @@ -88,38 +88,46 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
}

secretRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)$")
parts := secretRegex.FindStringSubmatch(d.Get("secret").(string))
dSecret, ok := d.Get("secret").(string)
if !ok {
return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret"))
}
parts := secretRegex.FindStringSubmatch(dSecret)

var project string

// if reference of the secret is provided in the secret field
if len(parts) == 4 {
// Store values of project to set in state
project = parts[1]
if d.Get("project").(string) != "" && d.Get("project").(string) != parts[1] {
return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), parts[1])
if dProject, ok := d.Get("project").(string); !ok {
return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project"))
} else if dProject != "" && dProject != project {
return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project)
}
if d.Get("location").(string) != "" && d.Get("location").(string) != parts[2] {
return fmt.Errorf("The location set on this secret version (%s) is not equal to the location where this secret exists (%s).", d.Get("location").(string), parts[2])
if dLocation, ok := d.Get("location").(string); !ok {
return fmt.Errorf("wrong type for location (%T), expected string", d.Get("location"))
} else if dLocation != "" && dLocation != parts[2] {
return fmt.Errorf("location field value (%s) does not match location of secret (%s).", dLocation, parts[2])
}
if err := d.Set("location", parts[2]); err != nil {
return fmt.Errorf("Error setting location: %s", err)
return fmt.Errorf("error setting location: %s", err)
}
if err := d.Set("secret", parts[3]); err != nil {
return fmt.Errorf("Error setting secret: %s", err)
return fmt.Errorf("error setting secret: %s", err)
}
} else { // if secret name is provided in the secret field
// Store values of project to set in state
project, err = tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for Secret: %s", err)
return fmt.Errorf("error fetching project for Secret: %s", err)
}
if d.Get("location").(string) == "" {
return fmt.Errorf("Location must be set when providing only secret name")
if dLocation, ok := d.Get("location").(string); ok && dLocation == "" {
return fmt.Errorf("location must be set when providing only secret name")
}
}
if err := d.Set("project", project); err != nil {
return fmt.Errorf("Error setting project: %s", err)
return fmt.Errorf("error setting project: %s", err)
}

var url string
Expand Down Expand Up @@ -148,20 +156,25 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
})

if err != nil {
return fmt.Errorf("Error retrieving available secret manager regional secret versions: %s", err.Error())
return fmt.Errorf("error retrieving available secret manager regional secret versions: %s", err.Error())
}

nameValue, ok := secretVersion["name"]
if !ok {
return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.")
}

secretVersionRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)/versions/(.+)$")
parts = secretVersionRegex.FindStringSubmatch(secretVersion["name"].(string))
parts = secretVersionRegex.FindStringSubmatch(nameValue.(string))

if len(parts) != 5 {
return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/{{version}}", secretVersion["name"].(string))
return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string))
}

log.Printf("[DEBUG] Received Google Secret Manager Regional Secret Version: %q", secretVersion)

if err := d.Set("version", parts[4]); err != nil {
return fmt.Errorf("Error setting version: %s", err)
return fmt.Errorf("error setting version: %s", err)
}

url = fmt.Sprintf("%s:access", url)
Expand All @@ -174,29 +187,29 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
})

if err != nil {
return fmt.Errorf("Error retrieving available secret manager regional secret version access: %s", err.Error())
return fmt.Errorf("error retrieving available secret manager regional secret version access: %s", err.Error())
}

if err := d.Set("customer_managed_encryption", flattenSecretManagerRegionalRegionalSecretVersionCustomerManagedEncryption(secretVersion["customerManagedEncryption"], d, config)); err != nil {
return fmt.Errorf("Error setting customer_managed_encryption: %s", err)
return fmt.Errorf("error setting customer_managed_encryption: %s", err)
}

if err := d.Set("create_time", secretVersion["createTime"].(string)); err != nil {
return fmt.Errorf("Error setting create_time: %s", err)
return fmt.Errorf("error setting create_time: %s", err)
}

if secretVersion["destroyTime"] != nil {
if err := d.Set("destroy_time", secretVersion["destroyTime"].(string)); err != nil {
return fmt.Errorf("Error setting destroy_time: %s", err)
return fmt.Errorf("error setting destroy_time: %s", err)
}
}

if err := d.Set("name", secretVersion["name"].(string)); err != nil {
return fmt.Errorf("Error setting name: %s", err)
if err := d.Set("name", nameValue.(string)); err != nil {
return fmt.Errorf("error setting name: %s", err)
}

if err := d.Set("enabled", true); err != nil {
return fmt.Errorf("Error setting enabled: %s", err)
return fmt.Errorf("error setting enabled: %s", err)
}

data := resp["payload"].(map[string]interface{})
Expand All @@ -211,9 +224,9 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
secretData = string(payloadData)
}
if err := d.Set("secret_data", secretData); err != nil {
return fmt.Errorf("Error setting secret_data: %s", err)
return fmt.Errorf("error setting secret_data: %s", err)
}

d.SetId(secretVersion["name"].(string))
d.SetId(nameValue.(string))
return nil
}
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionAccessRead(d *schema.Re
if dProject, ok := d.Get("project").(string); !ok {
return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project"))
} else if dProject != "" && dProject != project {
return fmt.Errorf("project field value (%s) does not match project of secret (%s).", d.Get("project").(string), project)
return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project)
}
if dLocation, ok := d.Get("location").(string); !ok {
return fmt.Errorf("wrong type for location (%T), expected string", d.Get("location"))
Expand Down

0 comments on commit 74c815e

Please sign in to comment.