Skip to content

Commit

Permalink
fix: Mask user password and Fix oidc auth mapping
Browse files Browse the repository at this point in the history
  • Loading branch information
uanid committed Jan 15, 2024
1 parent 88fa32b commit 0d6801f
Show file tree
Hide file tree
Showing 20 changed files with 120 additions and 62 deletions.
2 changes: 1 addition & 1 deletion examples/data-sources/bluechip_account/data-source.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
data "bluechip_account" "current" {
metadata {
name = "test2"
name = "test2"
namespace = "default"
}
}
2 changes: 1 addition & 1 deletion examples/data-sources/bluechip_cidr/data-source.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
data "bluechip_cidr" "current" {
metadata {
name = "my-test"
name = "my-test"
namespace = "default"
}
}
6 changes: 3 additions & 3 deletions examples/data-sources/bluechip_cidrs/data-source.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ resource "bluechip_cidr" "c1" {
metadata {
name = "cidr1"
namespace = "default"
labels = {
labels = {
"foo" = "bar"
}
annotations = {
Expand All @@ -19,11 +19,11 @@ resource "bluechip_cidr" "c2" {
metadata {
name = "cidr2"
namespace = "default"
labels = {
labels = {
"foo" = "bar"
}
annotations = {
"office" = "true"
"office" = "true"
"bluechip.example.com/location" = "tokyo"
}
}
Expand Down
2 changes: 1 addition & 1 deletion examples/data-sources/bluechip_cluster/data-source.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
data "bluechip_cluster" "current" {
metadata {
name = "test"
name = "test"
namespace = "default"
}
}
2 changes: 1 addition & 1 deletion examples/data-sources/bluechip_image/data-source.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
data "bluechip_image" "current" {
metadata {
name = "my-test"
name = "my-test"
namespace = "default"
}
}
4 changes: 2 additions & 2 deletions examples/data-sources/bluechip_images/data-source.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
data "bluechip_images" "current" {
filter {
operator = "equals"
field = "spec.commitHash"
value = "6874ece755439b5b3473b5b910fb4938751d6689"
field = "spec.commitHash"
value = "6874ece755439b5b3473b5b910fb4938751d6689"
}
namespace = "pubg"
}
2 changes: 1 addition & 1 deletion examples/data-sources/bluechip_rolebinding/data-source.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
data "bluechip_rolebinding" "current" {
metadata {
name = "my-test"
name = "my-test"
namespace = "default"
}
}
2 changes: 1 addition & 1 deletion examples/data-sources/bluechip_rolebindings/data-source.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ data "bluechip_rolebindings" "current" {
filter {
operator = "equals"
key = "metadata.name"
value = ""
value = ""
}
namespace = "pubg"
}
12 changes: 6 additions & 6 deletions examples/resources/bluechip_account/resource.tf
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
resource "bluechip_account" "current" {
metadata {
name = "test2"
name = "test2"
namespace = "default"
}
spec {
account_id = "12398213"
account_id = "12398213"
display_name = "test"
description = "test"
alias = "test"
vendor = "AWS"
regions = ["test"]
description = "test"
alias = "test"
vendor = "AWS"
regions = ["test"]
}
}
2 changes: 1 addition & 1 deletion examples/resources/bluechip_cidr/resource.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
resource "bluechip_cidr" "current" {
metadata {
name = "my-test"
name = "my-test"
namespace = "default"
}
spec {
Expand Down
22 changes: 11 additions & 11 deletions examples/resources/bluechip_cluster/resource.tf
Original file line number Diff line number Diff line change
@@ -1,28 +1,28 @@
resource "bluechip_cluster" "current" {
metadata {
name = "test"
name = "test"
namespace = "default"
}
spec {
project = "pubg"
environment = "dev"
project = "pubg"
environment = "dev"
organization_unit = "devops"
platform = "pc"
platform = "pc"
pubg {
infra = "common"
site = "devops"
site = "devops"
}
vendor {
name = "AWS"
name = "AWS"
account_id = "12398213"
engine = "EKS"
region = "ap-northeast-2"
engine = "EKS"
region = "ap-northeast-2"
}
kubernetes {
endpoint = "https://api.devops.dev.pubg.com"
ca_cert = "-----BEGIN CERTIFI"
endpoint = "https://api.devops.dev.pubg.com"
ca_cert = "-----BEGIN CERTIFI"
sa_issuer = "https://login.microsoftonline.com/1a27bdbf-e6cc-4e33-85d2-e1c81bad930a/v2.0"
version = "1.28"
version = "1.28"
}
}
}
12 changes: 6 additions & 6 deletions examples/resources/bluechip_image/resource.tf
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
resource "bluechip_image" "current" {
metadata {
name = "my-test"
name = "my-test"
namespace = "default"
}
spec {
app = "my-test"
timestamp = 1398329823
app = "my-test"
timestamp = 1398329823
commit_hash = "1234567890"
repository = "test"
tag = "test"
branch = "test"
repository = "test"
tag = "test"
branch = "test"
}
}
32 changes: 26 additions & 6 deletions examples/resources/bluechip_oidcauth/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,32 @@ resource "bluechip_oidcauth" "current" {
name = "my-test"
}
spec {
username_claim= "sub"
username_prefix= "string"
issuer = "https://accounts.google.com/"
client_id = "string"
username_claim = "sub"
username_prefix = "string"
issuer = "https://accounts.google.com/"
client_id = "string"
required_claims = ["string"]
groups_claim = "string"
groups_prefix = "string"
groups_claim = "string"
groups_prefix = "string"
attribute_mapping {
from = "namespace_path"
from_path_resolver = "bare"
to = "namespace_path"
}
attribute_mapping {
from = "project_path"
from_path_resolver = "bare"
to = "project_path"
}
attribute_mapping {
from = "pipeline_source"
from_path_resolver = "bare"
to = "pipeline_source"
}
attribute_mapping {
from = "ref_path"
from_path_resolver = "bare"
to = "ref_path"
}
}
}
2 changes: 1 addition & 1 deletion examples/resources/bluechip_rolebinding/resource.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
resource "bluechip_rolebinding" "current" {
metadata {
name = "my-test"
name = "my-test"
namespace = "default"
}
spec {
Expand Down
2 changes: 1 addition & 1 deletion examples/resources/bluechip_user/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ resource "bluechip_user" "current" {
}
spec {
password = "tetete"
groups = ["asdf"]
groups = ["asdf"]
}
}
6 changes: 3 additions & 3 deletions examples/resources/bluechip_vendor/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ resource "bluechip_vendor" "current" {
}
spec {
display_name = "asdf"
code_name = "AWS"
short_name = "aws"
regions = ["asdf"]
code_name = "AWS"
short_name = "aws"
regions = ["asdf"]
}
}
20 changes: 20 additions & 0 deletions internal/services/oidcauths/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,26 @@ resource "bluechip_oidcauth" "current" {
required_claims = ["string"]
groups_claim = "string"
groups_prefix = "string"
attribute_mapping {
from = "namespace_path"
from_path_resolver = "bare"
to = "namespace_path"
}
attribute_mapping {
from = "project_path"
from_path_resolver = "bare"
to = "project_path"
}
attribute_mapping {
from = "pipeline_source"
from_path_resolver = "bare"
to = "pipeline_source"
}
attribute_mapping {
from = "ref_path"
from_path_resolver = "bare"
to = "ref_path"
}
}
}
`
43 changes: 30 additions & 13 deletions internal/services/oidcauths/type.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,11 @@ func (t SpecType) Schema() *schema.Schema {
Required: !t.Computed,
Computed: t.Computed,
},
"from_path_resolver": {
Type: schema.TypeString,
Optional: !t.Computed,
Computed: t.Computed,
},
"to": {
Type: schema.TypeString,
Required: !t.Computed,
Expand Down Expand Up @@ -98,28 +103,40 @@ func (t SpecType) Expand(ctx context.Context, d *schema.ResourceData, out *bluec
out.GroupsPrefix = fwtype.String(attr["groups_prefix"].(string))
}
if attr["attribute_mapping"] != nil {
rawAttributeMappings := fwflex.ExpandMapList(attr["attribute_mapping"].([]any))
for _, rawAttributeMapping := range rawAttributeMappings {
out.AttributeMapping = append(out.AttributeMapping, bluechip_models.AttributeMapping{
for _, rawAttributeMapping := range fwflex.ExpandMapList(attr["attribute_mapping"].([]any)) {
mapping := bluechip_models.AttributeMapping{
From: rawAttributeMapping["from"].(string),
To: rawAttributeMapping["to"].(string),
})
}
if rawAttributeMapping["from_path_resolver"] != nil {
mapping.FromPathResolver = rawAttributeMapping["from_path_resolver"].(string)
}
out.AttributeMapping = append(out.AttributeMapping, mapping)
}
}
return nil
}

func (t SpecType) Flatten(in bluechip_models.OidcAuthSpec) map[string]any {
attr := map[string]any{
"username_claim": in.UsernameClaim,
"username_prefix": in.UsernamePrefix,
"issuer": in.Issuer,
"client_id": in.ClientId,
"required_claims": in.RequiredClaims,
"groups_claim": in.GroupsClaim,
"groups_prefix": in.GroupsPrefix,
"attribute_mapping": in.AttributeMapping,
"username_claim": in.UsernameClaim,
"username_prefix": in.UsernamePrefix,
"issuer": in.Issuer,
"client_id": in.ClientId,
"required_claims": in.RequiredClaims,
"groups_claim": in.GroupsClaim,
"groups_prefix": in.GroupsPrefix,
}
if len(in.AttributeMapping) > 0 {
var attributeMapping []map[string]any
for _, mapping := range in.AttributeMapping {
attributeMapping = append(attributeMapping, map[string]any{
"from": mapping.From,
"from_path_resolver": mapping.FromPathResolver,
"to": mapping.To,
})
}
attr["attribute_mapping"] = attributeMapping
}

return attr
}
2 changes: 1 addition & 1 deletion internal/services/users/type.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func (t SpecType) Expand(ctx context.Context, d *schema.ResourceData, out *bluec

func (t SpecType) Flatten(in bluechip_models.UserSpec) map[string]any {
attr := map[string]any{
"password": in.Password,
//"password": in.Password,
"groups": in.Groups,
"attributes": in.Attributes,
}
Expand Down
5 changes: 3 additions & 2 deletions pkg/bluechip_client/bluechip_models/resources.go
Original file line number Diff line number Diff line change
Expand Up @@ -177,8 +177,9 @@ type OidcAuthSpec struct {
}

type AttributeMapping struct {
From string `json:"from"`
To string `json:"to"`
From string `json:"from"`
FromPathResolver string `json:"fromPathResolver,omitempty"`
To string `json:"to"`
}

var _ ClusterApiResource[ClusterRoleBindingSpec] = &ClusterRoleBinding{}
Expand Down

0 comments on commit 0d6801f

Please sign in to comment.