Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ENG-12435: Uptake of new Listener API with override repo tls flag and tls mode. #441

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

gengdahlCyral
Copy link
Contributor

@gengdahlCyral gengdahlCyral commented Aug 21, 2023

Description of the change

The background to the changes made in the Cyral Terraform Provider is the updated listener API from ENG-12432 {{baseUrl}}/sidecars/:sidecarID/listeners.

This API has been extended with two primitive attributes:

  • Override repo client tls settings {true,false} Optional, server generated if omitted (false)
  • TLS mode {allow,require,disable} Optional, server generated if omitted (allow)
    These two settings applies to any listener regardless of the repo type it is associated to.

Short description of changes in this PR:
Updated Makefile and Sidecar Listener

In the Makefile:

  • Added a new target up-deps to update module and test dependencies to the latest minor and patch levels.

In cyral/data_source_cyral_sidecar_listener.go:

  • Made adjustments to the code structure for better readability and maintainability.

In cyral/resource_cyral_sidecar_listener.go:

  • Added fields override_repo_client_tls_settings and tls_mode to SidecarListener struct.
  • Updated the ReadFromSchema and WriteToSchema methods to handle the new fields.

In cyral/resource_cyral_sidecar_listener_test.go:

  • Added test cases to cover the new fields override_repo_client_tls_settings and tls_mode.

In docs/data-sources/sidecar_listener.md:

  • Documented the new field override_repo_client_tls_settings and tls_mode.

In docs/resources/sidecar_listener.md:

  • Documented the new field override_repo_client_tls_settings and tls_mode.

This PR introduces improvements to the Makefile and adjusts the Sidecar Listener resource code to support new fields related to TLS settings and repository client overrides. Test cases and documentation have been updated accordingly.

Type of change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklists

Development

  • Lint rules pass locally
  • The code changed/added as part of this pull request has been covered with tests
  • All tests related to the changed code pass in development

Code review

  • This pull request has a descriptive title and information useful to a reviewer. There may be a screenshot or screencast attached
  • Jira issue referenced in commit message and/or PR title

Testing

Created listener without giving tls_mode or override_repo_client_tls_settings, default values where generated by server ok
updated with incorrect tls_mode -> API error returned (expected)
updated with correct parameters -> listener updated
listed listeners, tls fields where shown.

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Copy link
Contributor

@VictorGFM VictorGFM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good @gengdahlCyral, I just have a few suggestions to improve the resource usability and the docs a little bit.

Description: "TLS mode. " +
"Default value generated by API if not provided. " +
"Note! This field is in effect only if OverrideRepoClientTlsSettings is set to true or the listener " +
"is a SMART port (enabled in more than one binding). " +
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Is there a link in our public doc regarding smart ports? Might be interesting to add this link in this description as a reference for customers that want to understand how it works. I would also recommend adding a reference to the cyral_repository_binding resource here, something like:

Suggested change
"is a SMART port (enabled in more than one binding). " +
"is a SMART port (enabled in more than one binding - see [`cyral_repository_binding`](../resources/repository_binding.md)). " +

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding the link to our public docs, please refer to the latest version instead of some specific release.

Optional: true,
Computed: true,
},
TlsModeKey: {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gengdahlCyral could you please also add validation for the possible values that are valid for this field? I understand that the API already does this validation and that it is easier to maintain if we don't duplicate the validation here in the terraform provider, but since the validation messages returned by the API are often not clear enough, adding a validation that is computed during the terraform plan instead of during the execution, and that also provides a proper message that explicitly mentions the error and which values are allowed for this field would improve the terraform provider UX overall, which is something we are aiming for in a recent conversation that I had with @wcmjunior. The validation could be something like:

ValidateFunc: validation.StringInSlice(tlsModes(), false),

TlsModeKey: {
Description: "TLS mode. " +
"Default value generated by API if not provided. " +
"Note! This field is in effect only if OverrideRepoClientTlsSettings is set to true or the listener " +
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"Note! This field is in effect only if OverrideRepoClientTlsSettings is set to true or the listener " +
"Note! This field is in effect only if `override_repo_client_tls_settings` is set to `true` or the listener " +

@wcmjunior wcmjunior changed the title ENG-12435 -Uptake of new Listener API with override repo tls flag and tls mode. ENG-12435: Uptake of new Listener API with override repo tls flag and tls mode. Aug 28, 2023
@gengdahlCyral gengdahlCyral marked this pull request as ready for review September 8, 2023 19:26
@gengdahlCyral gengdahlCyral marked this pull request as draft September 11, 2023 05:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants