From afb9b2f784dacccc57a4394f78e5034423a5cba7 Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Mon, 2 Oct 2023 16:09:00 +0200 Subject: [PATCH 1/5] r/*: reduced compute and memory usage to prepare the JSON payload when creating or updating resource --- CHANGELOG.md | 4 + bastion/resource_application.go | 44 +-- bastion/resource_authdomain_ad.go | 16 +- bastion/resource_authdomain_azuread.go | 16 +- bastion/resource_authdomain_ldap.go | 16 +- bastion/resource_authorization.go | 18 +- bastion/resource_cluster.go | 40 +- bastion/resource_connection_policy.go | 16 +- bastion/resource_device.go | 26 +- .../resource_device_localdomain_account.go | 19 +- bastion/resource_device_service.go | 27 +- bastion/resource_domain_account.go | 16 +- bastion/resource_ldapdomain.go | 15 +- bastion/resource_profile.go | 43 +-- bastion/resource_targetgroup.go | 348 +++++++++--------- bastion/resource_timeframe.go | 59 +-- bastion/resource_user.go | 16 +- bastion/resource_usergroup.go | 44 ++- 18 files changed, 407 insertions(+), 376 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 08b7804..18c6417 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # changelog +BUG FIXES: + +* reduced compute and memory usage to prepare the JSON payload when creating or updating resource + ## 0.11.0 (September 26, 2023) FEATURES: diff --git a/bastion/resource_application.go b/bastion/resource_application.go index 3e98b9e..5231951 100644 --- a/bastion/resource_application.go +++ b/bastion/resource_application.go @@ -326,20 +326,22 @@ func prepareApplicationJSON(d *schema.ResourceData) jsonApplication { Parameters: d.Get("parameters").(string), Target: d.Get("target").(string), } - for _, v := range d.Get("paths").(*schema.Set).List() { - m := v.(map[string]interface{}) - jsonData.Paths = append(jsonData.Paths, jsonApplicationPath{ - Target: m["target"].(string), - Program: m["program"].(string), - WorkingDir: m["working_dir"].(string), - }) - } - if len(d.Get("global_domains").(*schema.Set).List()) > 0 { - for _, v := range d.Get("global_domains").(*schema.Set).List() { - jsonData.GlobalDomains = append(jsonData.GlobalDomains, v.(string)) + + listPaths := d.Get("paths").(*schema.Set).List() + jsonData.Paths = make([]jsonApplicationPath, len(listPaths)) + for i, v := range listPaths { + paths := v.(map[string]interface{}) + jsonData.Paths[i] = jsonApplicationPath{ + Target: paths["target"].(string), + Program: paths["program"].(string), + WorkingDir: paths["working_dir"].(string), } - } else { - jsonData.GlobalDomains = make([]string, 0) + } + + listGlobalDomains := d.Get("global_domains").(*schema.Set).List() + jsonData.GlobalDomains = make([]string, len(listGlobalDomains)) + for i, v := range listGlobalDomains { + jsonData.GlobalDomains[i] = v.(string) } return jsonData @@ -377,13 +379,13 @@ func fillApplication(d *schema.ResourceData, jsonData jsonApplication) { if tfErr := d.Set("connection_policy", jsonData.ConnectionPolicy); tfErr != nil { panic(tfErr) } - paths := make([]map[string]interface{}, 0) - for _, v := range jsonData.Paths { - paths = append(paths, map[string]interface{}{ + paths := make([]map[string]interface{}, len(jsonData.Paths)) + for i, v := range jsonData.Paths { + paths[i] = map[string]interface{}{ "target": v.Target, "program": v.Program, "working_dir": v.WorkingDir, - }) + } } if tfErr := d.Set("paths", paths); tfErr != nil { panic(tfErr) @@ -400,9 +402,9 @@ func fillApplication(d *schema.ResourceData, jsonData jsonApplication) { if tfErr := d.Set("parameters", jsonData.Parameters); tfErr != nil { panic(tfErr) } - localDomains := make([]map[string]interface{}, 0) - for _, v := range *jsonData.LocalDomains { - localDomains = append(localDomains, map[string]interface{}{ + localDomains := make([]map[string]interface{}, len(*jsonData.LocalDomains)) + for i, v := range *jsonData.LocalDomains { + localDomains[i] = map[string]interface{}{ "id": v.ID, "admin_account": v.AdminAccount, "domain_name": v.DomainName, @@ -410,7 +412,7 @@ func fillApplication(d *schema.ResourceData, jsonData jsonApplication) { "enable_password_change": v.EnablePasswordChange, "password_change_policy": v.PasswordChangePolicy, "password_change_plugin": v.PasswordChangePlugin, - }) + } pluginParameters, _ := json.Marshal(v.PasswordChangePluginParameters) //nolint: errchkjson localDomains[len(localDomains)-1]["password_change_plugin_parameters"] = string(pluginParameters) } diff --git a/bastion/resource_authdomain_ad.go b/bastion/resource_authdomain_ad.go index 6055b12..4ec82a5 100644 --- a/bastion/resource_authdomain_ad.go +++ b/bastion/resource_authdomain_ad.go @@ -315,7 +315,6 @@ func prepareAuthDomainADJSON(d *schema.ResourceData) jsonAuthDomainAD { AuthDomainName: d.Get("auth_domain_name").(string), DefaultEmailDomain: d.Get("default_email_domain").(string), DefaultLanguage: d.Get("default_language").(string), - ExternalAuths: make([]string, 0), Description: d.Get("description").(string), CheckX509SanEmail: d.Get("check_x509_san_email").(bool), DisplayNameAttribute: d.Get("display_name_attribute").(string), @@ -325,15 +324,20 @@ func prepareAuthDomainADJSON(d *schema.ResourceData) jsonAuthDomainAD { LanguageAttribute: d.Get("language_attribute").(string), PubKeyAttribute: d.Get("pubkey_attribute").(string), SanDomainName: d.Get("san_domain_name").(string), - SecondaryAuth: make([]string, 0), X509Condition: d.Get("x509_condition").(string), X509SearchFilter: d.Get("x509_search_filter").(string), } - for _, v := range d.Get("external_auths").([]interface{}) { - jsonData.ExternalAuths = append(jsonData.ExternalAuths, v.(string)) + + listExternalAuths := d.Get("external_auths").([]interface{}) + jsonData.ExternalAuths = make([]string, len(listExternalAuths)) + for i, v := range listExternalAuths { + jsonData.ExternalAuths[i] = v.(string) } - for _, v := range d.Get("secondary_auth").([]interface{}) { - jsonData.SecondaryAuth = append(jsonData.SecondaryAuth, v.(string)) + + listSecondaryAuth := d.Get("secondary_auth").([]interface{}) + jsonData.SecondaryAuth = make([]string, len(listSecondaryAuth)) + for i, v := range listSecondaryAuth { + jsonData.SecondaryAuth[i] = v.(string) } return jsonData diff --git a/bastion/resource_authdomain_azuread.go b/bastion/resource_authdomain_azuread.go index 58c7d1b..064dd04 100644 --- a/bastion/resource_authdomain_azuread.go +++ b/bastion/resource_authdomain_azuread.go @@ -312,7 +312,6 @@ func prepareAuthDomainAzureADJSON(d *schema.ResourceData) jsonAuthDomainAzureAD DefaultEmailDomain: d.Get("default_email_domain").(string), DefaultLanguage: d.Get("default_language").(string), EntityID: d.Get("entity_id").(string), - ExternalAuths: make([]string, 0), Label: d.Get("label").(string), Certificate: d.Get("certificate").(string), ClientSecret: d.Get("client_secret").(string), @@ -320,13 +319,18 @@ func prepareAuthDomainAzureADJSON(d *schema.ResourceData) jsonAuthDomainAzureAD IsDefault: d.Get("is_default").(bool), Passphrase: d.Get("passphrase").(string), PrivateKey: d.Get("private_key").(string), - SecondaryAuth: make([]string, 0), } - for _, v := range d.Get("external_auths").([]interface{}) { - jsonData.ExternalAuths = append(jsonData.ExternalAuths, v.(string)) + + listExternalAuths := d.Get("external_auths").([]interface{}) + jsonData.ExternalAuths = make([]string, len(listExternalAuths)) + for i, v := range listExternalAuths { + jsonData.ExternalAuths[i] = v.(string) } - for _, v := range d.Get("secondary_auth").([]interface{}) { - jsonData.SecondaryAuth = append(jsonData.SecondaryAuth, v.(string)) + + listSecondaryAuth := d.Get("secondary_auth").([]interface{}) + jsonData.SecondaryAuth = make([]string, len(listSecondaryAuth)) + for i, v := range listSecondaryAuth { + jsonData.SecondaryAuth[i] = v.(string) } return jsonData diff --git a/bastion/resource_authdomain_ldap.go b/bastion/resource_authdomain_ldap.go index d473c83..a1b2b84 100644 --- a/bastion/resource_authdomain_ldap.go +++ b/bastion/resource_authdomain_ldap.go @@ -315,7 +315,6 @@ func prepareAuthDomainLdapJSON(d *schema.ResourceData) jsonAuthDomainLdap { AuthDomainName: d.Get("auth_domain_name").(string), DefaultEmailDomain: d.Get("default_email_domain").(string), DefaultLanguage: d.Get("default_language").(string), - ExternalAuths: make([]string, 0), Description: d.Get("description").(string), CheckX509SanEmail: d.Get("check_x509_san_email").(bool), DisplayNameAttribute: d.Get("display_name_attribute").(string), @@ -325,15 +324,20 @@ func prepareAuthDomainLdapJSON(d *schema.ResourceData) jsonAuthDomainLdap { LanguageAttribute: d.Get("language_attribute").(string), PubKeyAttribute: d.Get("pubkey_attribute").(string), SanDomainName: d.Get("san_domain_name").(string), - SecondaryAuth: make([]string, 0), X509Condition: d.Get("x509_condition").(string), X509SearchFilter: d.Get("x509_search_filter").(string), } - for _, v := range d.Get("external_auths").([]interface{}) { - jsonData.ExternalAuths = append(jsonData.ExternalAuths, v.(string)) + + listExternalAuths := d.Get("external_auths").([]interface{}) + jsonData.ExternalAuths = make([]string, len(listExternalAuths)) + for i, v := range listExternalAuths { + jsonData.ExternalAuths[i] = v.(string) } - for _, v := range d.Get("secondary_auth").([]interface{}) { - jsonData.SecondaryAuth = append(jsonData.SecondaryAuth, v.(string)) + + listSecondaryAuth := d.Get("secondary_auth").([]interface{}) + jsonData.SecondaryAuth = make([]string, len(listSecondaryAuth)) + for i, v := range listSecondaryAuth { + jsonData.SecondaryAuth[i] = v.(string) } return jsonData diff --git a/bastion/resource_authorization.go b/bastion/resource_authorization.go index ca47595..4468414 100644 --- a/bastion/resource_authorization.go +++ b/bastion/resource_authorization.go @@ -342,10 +342,12 @@ func prepareAuthorizationJSON(d *schema.ResourceData, newResource bool) jsonAuth IsCritical: d.Get("is_critical").(bool), IsRecorded: d.Get("is_recorded").(bool), } + if newResource { jsonData.UserGroup = d.Get("user_group").(string) jsonData.TargetGroup = d.Get("target_group").(string) } + if d.Get("approval_required").(bool) { activeQuorum := d.Get("active_quorum").(int) jsonData.ActiveQuorum = &activeQuorum @@ -353,9 +355,10 @@ func prepareAuthorizationJSON(d *schema.ResourceData, newResource bool) jsonAuth jsonData.InactiveQuorum = &inactiveQuorum approvalTimeout := d.Get("approval_timeout").(int) jsonData.ApprovalTimeout = &approvalTimeout - approvers := make([]string, 0) - for _, v := range d.Get("approvers").([]interface{}) { - approvers = append(approvers, v.(string)) + listApprovers := d.Get("approvers").([]interface{}) + approvers := make([]string, len(listApprovers)) + for i, v := range listApprovers { + approvers[i] = v.(string) } jsonData.Approvers = &approvers hasComment := d.Get("has_comment").(bool) @@ -369,10 +372,11 @@ func prepareAuthorizationJSON(d *schema.ResourceData, newResource bool) jsonAuth singleConnection := d.Get("single_connection").(bool) jsonData.SingleConnection = &singleConnection } - if v := d.Get("subprotocols").(*schema.Set).List(); len(v) > 0 { - subProtocols := make([]string, 0) - for _, v2 := range v { - subProtocols = append(subProtocols, v2.(string)) + + if listSubProtocols := d.Get("subprotocols").(*schema.Set).List(); len(listSubProtocols) > 0 { + subProtocols := make([]string, len(listSubProtocols)) + for i, v := range listSubProtocols { + subProtocols[i] = v.(string) } jsonData.SubProtocols = &subProtocols } diff --git a/bastion/resource_cluster.go b/bastion/resource_cluster.go index b843615..8870fd1 100644 --- a/bastion/resource_cluster.go +++ b/bastion/resource_cluster.go @@ -250,29 +250,27 @@ func deleteCluster( } func prepareClusterJSON(d *schema.ResourceData) jsonCluster { - var jsonData jsonCluster - jsonData.ClusterName = d.Get("cluster_name").(string) - if len(d.Get("accounts").(*schema.Set).List()) > 0 { - for _, v := range d.Get("accounts").(*schema.Set).List() { - jsonData.Accounts = append(jsonData.Accounts, v.(string)) - } - } else { - jsonData.Accounts = make([]string, 0) + jsonData := jsonCluster{ + ClusterName: d.Get("cluster_name").(string), + Description: d.Get("description").(string), } - if len(d.Get("account_mappings").(*schema.Set).List()) > 0 { - for _, v := range d.Get("account_mappings").(*schema.Set).List() { - jsonData.AccountMappings = append(jsonData.AccountMappings, v.(string)) - } - } else { - jsonData.AccountMappings = make([]string, 0) + + listAccounts := d.Get("accounts").(*schema.Set).List() + jsonData.Accounts = make([]string, len(listAccounts)) + for i, v := range listAccounts { + jsonData.Accounts[i] = v.(string) } - jsonData.Description = d.Get("description").(string) - if len(d.Get("interactive_logins").(*schema.Set).List()) > 0 { - for _, v := range d.Get("interactive_logins").(*schema.Set).List() { - jsonData.InteractiveLogins = append(jsonData.InteractiveLogins, v.(string)) - } - } else { - jsonData.InteractiveLogins = make([]string, 0) + + listAccountMappings := d.Get("account_mappings").(*schema.Set).List() + jsonData.AccountMappings = make([]string, len(listAccountMappings)) + for i, v := range listAccountMappings { + jsonData.AccountMappings[i] = v.(string) + } + + listInteractiveLogins := d.Get("interactive_logins").(*schema.Set).List() + jsonData.InteractiveLogins = make([]string, len(listInteractiveLogins)) + for i, v := range listInteractiveLogins { + jsonData.InteractiveLogins[i] = v.(string) } return jsonData diff --git a/bastion/resource_connection_policy.go b/bastion/resource_connection_policy.go index e90a6b0..1bec4b1 100644 --- a/bastion/resource_connection_policy.go +++ b/bastion/resource_connection_policy.go @@ -263,16 +263,16 @@ func prepareConnectionPolicyJSON(d *schema.ResourceData) (jsonConnectionPolicy, jsonData.ConnectionPolicyName = d.Get("connection_policy_name").(string) jsonData.Description = d.Get("description").(string) jsonData.Protocol = d.Get("protocol").(string) - if v := d.Get("authentication_methods").(*schema.Set).List(); len(v) > 0 { - for _, vv := range v { - if !bchk.InSlice(vv.(string), validAuthenticationMethods()) { - return jsonData, fmt.Errorf("authentication_methods must be in %v", validAuthenticationMethods()) - } - jsonData.AuthenticationMethods = append(jsonData.AuthenticationMethods, vv.(string)) + + listAuthenticationMethods := d.Get("authentication_methods").(*schema.Set).List() + jsonData.AuthenticationMethods = make([]string, len(listAuthenticationMethods)) + for i, v := range listAuthenticationMethods { + if !bchk.InSlice(v.(string), validAuthenticationMethods()) { + return jsonData, fmt.Errorf("authentication_methods must be in %v", validAuthenticationMethods()) } - } else { - jsonData.AuthenticationMethods = make([]string, 0) + jsonData.AuthenticationMethods[i] = v.(string) } + var options map[string]interface{} if v := d.Get("options").(string); v != "" { _ = json.Unmarshal([]byte(v), &options) diff --git a/bastion/resource_device.go b/bastion/resource_device.go index cd957f6..527e2e2 100644 --- a/bastion/resource_device.go +++ b/bastion/resource_device.go @@ -369,9 +369,9 @@ func fillDevice(d *schema.ResourceData, jsonData jsonDevice) { if tfErr := d.Set("description", jsonData.Description); tfErr != nil { panic(tfErr) } - localDomains := make([]map[string]interface{}, 0) - for _, v := range *jsonData.LocalDomains { - localDomains = append(localDomains, map[string]interface{}{ + localDomains := make([]map[string]interface{}, len(*jsonData.LocalDomains)) + for i, v := range *jsonData.LocalDomains { + localDomains[i] = map[string]interface{}{ "id": v.ID, "admin_account": v.AdminAccount, "domain_name": v.DomainName, @@ -380,15 +380,15 @@ func fillDevice(d *schema.ResourceData, jsonData jsonDevice) { "enable_password_change": v.EnablePasswordChange, "password_change_policy": v.PasswordChangePolicy, "password_change_plugin": v.PasswordChangePlugin, - }) + } pluginParameters, _ := json.Marshal(v.PasswordChangePluginParameters) //nolint: errchkjson - localDomains[len(localDomains)-1]["password_change_plugin_parameters"] = string(pluginParameters) + localDomains[i]["password_change_plugin_parameters"] = string(pluginParameters) } if tfErr := d.Set("local_domains", localDomains); tfErr != nil { panic(tfErr) } - services := make([]map[string]interface{}, 0) - for _, v := range *jsonData.Services { + services := make([]map[string]interface{}, len(*jsonData.Services)) + for i, v := range *jsonData.Services { service := map[string]interface{}{ "id": v.ID, "service_name": v.ServiceName, @@ -399,16 +399,14 @@ func fillDevice(d *schema.ResourceData, jsonData jsonDevice) { "subprotocols": make([]string, 0), } if v.GlobalDomains != nil { - for _, v2 := range *v.GlobalDomains { - service["global_domains"] = append(service["global_domains"].([]string), v2) - } + service["global_domains"] = make(([]string), len(*v.GlobalDomains)) + copy(service["global_domains"].([]string), *v.GlobalDomains) } if v.SubProtocols != nil { - for _, v2 := range *v.SubProtocols { - service["subprotocols"] = append(service["subprotocols"].([]string), v2) - } + service["subprotocols"] = make(([]string), len(*v.SubProtocols)) + copy(service["subprotocols"].([]string), *v.SubProtocols) } - services = append(services, service) + services[i] = service } if tfErr := d.Set("services", services); tfErr != nil { panic(tfErr) diff --git a/bastion/resource_device_localdomain_account.go b/bastion/resource_device_localdomain_account.go index a404fe3..8d298cc 100644 --- a/bastion/resource_device_localdomain_account.go +++ b/bastion/resource_device_localdomain_account.go @@ -344,12 +344,11 @@ func prepareDeviceLocalDomainAccountJSON(d *schema.ResourceData) jsonDeviceLocal jsonData.AutoChangeSSHKey = d.Get("auto_change_ssh_key").(bool) jsonData.CertificateValidity = d.Get("certificate_validity").(string) jsonData.Description = d.Get("description").(string) - if len(d.Get("services").(*schema.Set).List()) > 0 { - for _, v := range d.Get("services").(*schema.Set).List() { - jsonData.Services = append(jsonData.Services, v.(string)) - } - } else { - jsonData.Services = make([]string, 0) + + listServices := d.Get("services").(*schema.Set).List() + jsonData.Services = make([]string, len(listServices)) + for i, v := range listServices { + jsonData.Services[i] = v.(string) } return jsonData @@ -401,13 +400,13 @@ func fillDeviceLocalDomainAccount(d *schema.ResourceData, jsonData jsonDeviceLoc if tfErr := d.Set("certificate_validity", jsonData.CertificateValidity); tfErr != nil { panic(tfErr) } - credentials := make([]map[string]interface{}, 0) - for _, v := range *jsonData.Credentials { - credentials = append(credentials, map[string]interface{}{ + credentials := make([]map[string]interface{}, len(*jsonData.Credentials)) + for i, v := range *jsonData.Credentials { + credentials[i] = map[string]interface{}{ "id": v.ID, "public_key": v.PublicKey, "type": v.Type, - }) + } } if tfErr := d.Set("credentials", credentials); tfErr != nil { panic(tfErr) diff --git a/bastion/resource_device_service.go b/bastion/resource_device_service.go index 3e980a9..a6f7a3e 100644 --- a/bastion/resource_device_service.go +++ b/bastion/resource_device_service.go @@ -329,27 +329,30 @@ func prepareDeviceServiceJSON( } jsonData.ConnectionPolicy = d.Get("connection_policy").(string) jsonData.Port = d.Get("port").(int) + if d.HasChange("global_domains") { - globalDomains := make([]string, 0) - for _, v := range d.Get("global_domains").(*schema.Set).List() { - globalDomains = append(globalDomains, v.(string)) + listGlobalDomains := d.Get("global_domains").(*schema.Set).List() + globalDomains := make([]string, len(listGlobalDomains)) + for i, v := range listGlobalDomains { + globalDomains[i] = v.(string) } jsonData.GlobalDomains = &globalDomains } - if v := d.Get("subprotocols").(*schema.Set).List(); len(v) > 0 { - subProtocols := make([]string, 0) - for _, v2 := range v { + + if listSubProtocols := d.Get("subprotocols").(*schema.Set).List(); len(listSubProtocols) > 0 { + subProtocols := make([]string, len(listSubProtocols)) + for i, v := range listSubProtocols { switch d.Get("protocol").(string) { case "SSH": - if !bchk.InSlice(v2.(string), sshSubProtocolsValid()) { - return jsonData, fmt.Errorf("subprotocols %s not valid for SSH service", v2) + if !bchk.InSlice(v.(string), sshSubProtocolsValid()) { + return jsonData, fmt.Errorf("subprotocols %s not valid for SSH service", v) } - subProtocols = append(subProtocols, v2.(string)) + subProtocols[i] = v.(string) case "RDP": - if !bchk.InSlice(v2.(string), rdpSubProtocolsValid()) { - return jsonData, fmt.Errorf("subprotocols %s not valid for RDP service", v2) + if !bchk.InSlice(v.(string), rdpSubProtocolsValid()) { + return jsonData, fmt.Errorf("subprotocols %s not valid for RDP service", v) } - subProtocols = append(subProtocols, v2.(string)) + subProtocols[i] = v.(string) default: return jsonData, fmt.Errorf("subprotocols need to not set for %s service", d.Get("protocol").(string)) } diff --git a/bastion/resource_domain_account.go b/bastion/resource_domain_account.go index d573836..d4372f3 100644 --- a/bastion/resource_domain_account.go +++ b/bastion/resource_domain_account.go @@ -329,14 +329,16 @@ func prepareDomainAccountJSON(d *schema.ResourceData) (jsonDomainAccount, error) jsonData.AutoChangeSSHKey = d.Get("auto_change_ssh_key").(bool) jsonData.CertificateValidity = d.Get("certificate_validity").(string) jsonData.Description = d.Get("description").(string) + if d.HasChange("resources") { - resources := make([]string, 0) - for _, v := range d.Get("resources").(*schema.Set).List() { + listResources := d.Get("resources").(*schema.Set).List() + resources := make([]string, len(listResources)) + for i, v := range listResources { vSplt := strings.Split(v.(string), ":") if len(vSplt) != 2 { return jsonData, fmt.Errorf("resource must have format device:service or application:APP") } - resources = append(resources, v.(string)) + resources[i] = v.(string) } jsonData.Resources = &resources } @@ -388,13 +390,13 @@ func fillDomainAccount(d *schema.ResourceData, jsonData jsonDomainAccount) { if tfErr := d.Set("certificate_validity", jsonData.CertificateValidity); tfErr != nil { panic(tfErr) } - credentials := make([]map[string]interface{}, 0) - for _, v := range *jsonData.Credentials { - credentials = append(credentials, map[string]interface{}{ + credentials := make([]map[string]interface{}, len(*jsonData.Credentials)) + for i, v := range *jsonData.Credentials { + credentials[i] = map[string]interface{}{ "id": v.ID, "public_key": v.PublicKey, "type": v.Type, - }) + } } if tfErr := d.Set("credentials", credentials); tfErr != nil { panic(tfErr) diff --git a/bastion/resource_ldapdomain.go b/bastion/resource_ldapdomain.go index d45d0ab..a9e0318 100644 --- a/bastion/resource_ldapdomain.go +++ b/bastion/resource_ldapdomain.go @@ -318,12 +318,17 @@ func prepareLdapDomainJSON(d *schema.ResourceData, newResource bool) jsonLdapDom if newResource { jsonData.DomainName = d.Get("domain_name").(string) } - for _, v := range d.Get("external_ldaps").([]interface{}) { - jsonData.ExternalLdaps = append(jsonData.ExternalLdaps, v.(string)) + + listExternalLdaps := d.Get("external_ldaps").([]interface{}) + jsonData.ExternalLdaps = make([]string, len(listExternalLdaps)) + for i, v := range listExternalLdaps { + jsonData.ExternalLdaps[i] = v.(string) } - jsonData.SecondaryAuth = make([]string, 0) - for _, v := range d.Get("secondary_auth").([]interface{}) { - jsonData.SecondaryAuth = append(jsonData.SecondaryAuth, v.(string)) + + listSecondaryAuth := d.Get("secondary_auth").([]interface{}) + jsonData.SecondaryAuth = make([]string, len(listSecondaryAuth)) + for i, v := range listSecondaryAuth { + jsonData.SecondaryAuth[i] = v.(string) } return jsonData diff --git a/bastion/resource_profile.go b/bastion/resource_profile.go index 23df905..6d779b5 100644 --- a/bastion/resource_profile.go +++ b/bastion/resource_profile.go @@ -572,23 +572,27 @@ func prepareProfileJSON( //nolint: gocognit,gocyclo } } jsonData.Description = d.Get("description").(string) + if features.withDashboards { - dashboards := make([]string, len(d.Get("dashboards").(*schema.Set).List())) - for i, v := range d.Get("dashboards").(*schema.Set).List() { + listDashboards := d.Get("dashboards").(*schema.Set).List() + dashboards := make([]string, len(listDashboards)) + for i, v := range listDashboards { dashboards[i] = v.(string) } jsonData.Dashboards = &dashboards } jsonData.IPLimitation = d.Get("ip_limitation").(string) jsonData.TargetAccess = d.Get("target_access").(bool) + for _, v := range d.Get("target_groups_limitation").([]interface{}) { m := v.(map[string]interface{}) jsonData.TargetGroupsLimitation.Enabled = true - targetGroup := make([]string, 0) - for _, v2 := range m["target_groups"].(*schema.Set).List() { - targetGroup = append(targetGroup, v2.(string)) + listTargetGroups := m["target_groups"].(*schema.Set).List() + targetGroups := make([]string, len(listTargetGroups)) + for i, v2 := range listTargetGroups { + targetGroups[i] = v2.(string) } - jsonData.TargetGroupsLimitation.TargetGroups = &targetGroup + jsonData.TargetGroupsLimitation.TargetGroups = &targetGroups var defaultTargetGroup interface{} if v2 := m["default_target_group"].(string); v2 != "" { defaultTargetGroup = v2 @@ -598,9 +602,10 @@ func prepareProfileJSON( //nolint: gocognit,gocyclo for _, v := range d.Get("user_groups_limitation").([]interface{}) { m := v.(map[string]interface{}) jsonData.UserGroupsLimitation.Enabled = true - userGroups := make([]string, 0) - for _, v2 := range m["user_groups"].(*schema.Set).List() { - userGroups = append(userGroups, v2.(string)) + listUserGroups := m["user_groups"].(*schema.Set).List() + userGroups := make([]string, len(listUserGroups)) + for i, v2 := range listUserGroups { + userGroups[i] = v2.(string) } jsonData.UserGroupsLimitation.UserGroups = &userGroups } @@ -634,8 +639,7 @@ func readProfileOptions( } func fillProfile(d *schema.ResourceData, jsonData jsonProfile) { - guiFeatures := make([]map[string]interface{}, 0) - guiFeatures = append(guiFeatures, map[string]interface{}{ + guiFeatures := []map[string]interface{}{{ "wab_audit": jsonData.GuiFeatures.WabAudit, "system_audit": jsonData.GuiFeatures.SystemAudit, "users": jsonData.GuiFeatures.Users, @@ -649,12 +653,11 @@ func fillProfile(d *schema.ResourceData, jsonData jsonProfile) { "backup": jsonData.GuiFeatures.Backup, "approval": jsonData.GuiFeatures.Approval, "credential_recovery": jsonData.GuiFeatures.CredentialRecovery, - }) + }} if tfErr := d.Set("gui_features", guiFeatures); tfErr != nil { panic(tfErr) } - guiTransmission := make([]map[string]interface{}, 0) - guiTransmission = append(guiTransmission, map[string]interface{}{ + guiTransmission := []map[string]interface{}{{ "system_audit": jsonData.GuiTransmission.SystemAudit, "users": jsonData.GuiTransmission.Users, "user_groups": jsonData.GuiTransmission.UserGroups, @@ -667,7 +670,7 @@ func fillProfile(d *schema.ResourceData, jsonData jsonProfile) { "backup": jsonData.GuiTransmission.Backup, "approval": jsonData.GuiTransmission.Approval, "credential_recovery": jsonData.GuiTransmission.CredentialRecovery, - }) + }} if tfErr := d.Set("gui_transmission", guiTransmission); tfErr != nil { panic(tfErr) } @@ -684,11 +687,10 @@ func fillProfile(d *schema.ResourceData, jsonData jsonProfile) { panic(tfErr) } if jsonData.TargetGroupsLimitation.Enabled { - targetGroupsLimitation := make([]map[string]interface{}, 0) - targetGroupsLimitation = append(targetGroupsLimitation, map[string]interface{}{ + targetGroupsLimitation := []map[string]interface{}{{ "default_target_group": *jsonData.TargetGroupsLimitation.DefaultTargetGroup, "target_groups": *jsonData.TargetGroupsLimitation.TargetGroups, - }) + }} if tfErr := d.Set("target_groups_limitation", targetGroupsLimitation); tfErr != nil { panic(tfErr) } @@ -699,10 +701,9 @@ func fillProfile(d *schema.ResourceData, jsonData jsonProfile) { } } if jsonData.UserGroupsLimitation.Enabled { - userGroupsLimitation := make([]map[string]interface{}, 0) - userGroupsLimitation = append(userGroupsLimitation, map[string]interface{}{ + userGroupsLimitation := []map[string]interface{}{{ "user_groups": *jsonData.UserGroupsLimitation.UserGroups, - }) + }} if tfErr := d.Set("user_groups_limitation", userGroupsLimitation); tfErr != nil { panic(tfErr) } diff --git a/bastion/resource_targetgroup.go b/bastion/resource_targetgroup.go index 98ca41b..35c17ff 100644 --- a/bastion/resource_targetgroup.go +++ b/bastion/resource_targetgroup.go @@ -469,169 +469,161 @@ func prepareTargetGroupJSON(d *schema.ResourceData) (jsonTargetGroup, error) { / Description: d.Get("description").(string), GroupName: d.Get("group_name").(string), } - if len(d.Get("password_retrieval_accounts").(*schema.Set).List()) > 0 { - for _, v := range d.Get("password_retrieval_accounts").(*schema.Set).List() { - passRetrievalAccounts := v.(map[string]interface{}) - switch { - case passRetrievalAccounts["domain_type"].(string) == domainTypeGlobal: - if passRetrievalAccounts["device"].(string) != "" || - passRetrievalAccounts["application"].(string) != "" { - return jsonData, fmt.Errorf("bad password_retrieval_accounts: " + - "device and application need to be null with domain_type=global") - } - case passRetrievalAccounts["domain_type"].(string) == domainTypeLocal: - if passRetrievalAccounts["device"].(string) == "" && - passRetrievalAccounts["application"].(string) == "" { - return jsonData, fmt.Errorf("bad password_retrieval_accounts: " + - "device or application need to be set with domain_type=local") - } - case passRetrievalAccounts["device"].(string) != "" && passRetrievalAccounts["application"].(string) != "": + + listPasswordRetrievalAccounts := d.Get("password_retrieval_accounts").(*schema.Set).List() + jsonData.PasswordRetrieval.Accounts = make( + []jsonTargerGroupPasswordRetrievalAccount, + len(listPasswordRetrievalAccounts), + ) + for i, v := range listPasswordRetrievalAccounts { + passwordRetrievalAccounts := v.(map[string]interface{}) + switch { + case passwordRetrievalAccounts["domain_type"].(string) == domainTypeGlobal: + if passwordRetrievalAccounts["device"].(string) != "" || + passwordRetrievalAccounts["application"].(string) != "" { + return jsonData, fmt.Errorf("bad password_retrieval_accounts: " + + "device and application need to be null with domain_type=global") + } + case passwordRetrievalAccounts["domain_type"].(string) == domainTypeLocal: + if passwordRetrievalAccounts["device"].(string) == "" && + passwordRetrievalAccounts["application"].(string) == "" { return jsonData, fmt.Errorf("bad password_retrieval_accounts: " + - "device and application mutually exclusive") + "device or application need to be set with domain_type=local") } - jsonData.PasswordRetrieval.Accounts = append(jsonData.PasswordRetrieval.Accounts, - jsonTargerGroupPasswordRetrievalAccount{ - Account: passRetrievalAccounts["account"].(string), - Domain: passRetrievalAccounts["domain"].(string), - DomainType: passRetrievalAccounts["domain_type"].(string), - Device: passRetrievalAccounts["device"].(string), - Application: passRetrievalAccounts["application"].(string), - }) + case passwordRetrievalAccounts["device"].(string) != "" && passwordRetrievalAccounts["application"].(string) != "": + return jsonData, fmt.Errorf("bad password_retrieval_accounts: " + + "device and application mutually exclusive") } - } else { - jsonData.PasswordRetrieval.Accounts = make([]jsonTargerGroupPasswordRetrievalAccount, 0) - } - if len(d.Get("restrictions").(*schema.Set).List()) > 0 { - for _, v := range d.Get("restrictions").(*schema.Set).List() { - r := v.(map[string]interface{}) - jsonData.Restrictions = append(jsonData.Restrictions, jsonRestriction{ - Action: r["action"].(string), - Rules: r["rules"].(string), - SubProtocol: r["subprotocol"].(string), - }) + jsonData.PasswordRetrieval.Accounts[i] = jsonTargerGroupPasswordRetrievalAccount{ + Account: passwordRetrievalAccounts["account"].(string), + Domain: passwordRetrievalAccounts["domain"].(string), + DomainType: passwordRetrievalAccounts["domain_type"].(string), + Device: passwordRetrievalAccounts["device"].(string), + Application: passwordRetrievalAccounts["application"].(string), } - } else { - jsonData.Restrictions = make([]jsonRestriction, 0) - } - if len(d.Get("session_accounts").(*schema.Set).List()) > 0 { - for _, v := range d.Get("session_accounts").(*schema.Set).List() { - sessAccounts := v.(map[string]interface{}) - switch { - case (sessAccounts["device"].(string) == "" || sessAccounts["service"].(string) == "") && - sessAccounts["application"].(string) == "": - return jsonData, fmt.Errorf("bad session_accounts: " + - "device/service or application need to be set") - case sessAccounts["device"].(string) != "" && sessAccounts["application"].(string) != "": - return jsonData, fmt.Errorf("bad session_accounts: " + - "device and application mutually exclusive") - case sessAccounts["service"].(string) != "" && sessAccounts["application"].(string) != "": - return jsonData, fmt.Errorf("bad session_accounts: " + - "service and application mutually exclusive") - case sessAccounts["device"].(string) != "" && sessAccounts["service"].(string) == "": - return jsonData, fmt.Errorf("bad session_accounts: "+ - "missing service for device %s", sessAccounts["device"].(string)) - case sessAccounts["service"].(string) != "" && sessAccounts["device"].(string) == "": - return jsonData, fmt.Errorf("bad session_accounts: "+ - "missing device for service %s", sessAccounts["service"].(string)) - } - jsonData.Session.Accounts = append(jsonData.Session.Accounts, - jsonTargetGroupSessionAccount{ - Account: sessAccounts["account"].(string), - Domain: sessAccounts["domain"].(string), - DomainType: sessAccounts["domain_type"].(string), - Device: sessAccounts["device"].(string), - Service: sessAccounts["service"].(string), - Application: sessAccounts["application"].(string), - }) + } + + listRestrictions := d.Get("restrictions").(*schema.Set).List() + jsonData.Restrictions = make([]jsonRestriction, len(listRestrictions)) + for i, v := range listRestrictions { + restrictions := v.(map[string]interface{}) + jsonData.Restrictions[i] = jsonRestriction{ + Action: restrictions["action"].(string), + Rules: restrictions["rules"].(string), + SubProtocol: restrictions["subprotocol"].(string), } - } else { - jsonData.Session.Accounts = make([]jsonTargetGroupSessionAccount, 0) - } - if len(d.Get("session_account_mappings").(*schema.Set).List()) > 0 { - for _, v := range d.Get("session_account_mappings").(*schema.Set).List() { - sessAccountMappings := v.(map[string]interface{}) - switch { - case sessAccountMappings["device"].(string) != "" && sessAccountMappings["application"].(string) != "": - return jsonData, fmt.Errorf("bad session_account_mappings: " + - "device and application mutually exclusive") - case sessAccountMappings["service"].(string) != "" && sessAccountMappings["application"].(string) != "": - return jsonData, fmt.Errorf("bad session_account_mappings: " + - "service and application mutually exclusive") - case sessAccountMappings["device"].(string) != "" && sessAccountMappings["service"].(string) == "": - return jsonData, fmt.Errorf("bad session_account_mappings: "+ - "missing service for device %s", sessAccountMappings["device"].(string)) - case sessAccountMappings["service"].(string) != "" && sessAccountMappings["device"].(string) == "": - return jsonData, fmt.Errorf("bad session_account_mappings: "+ - "missing device for service %s", sessAccountMappings["service"].(string)) - } - jsonData.Session.AccountMappings = append(jsonData.Session.AccountMappings, - jsonTargetGroupSessionAccountMapping{ - Device: sessAccountMappings["device"].(string), - Service: sessAccountMappings["service"].(string), - Application: sessAccountMappings["application"].(string), - }) + } + + listSessionAccounts := d.Get("session_accounts").(*schema.Set).List() + jsonData.Session.Accounts = make([]jsonTargetGroupSessionAccount, len(listSessionAccounts)) + for i, v := range listSessionAccounts { + sessionAccounts := v.(map[string]interface{}) + switch { + case (sessionAccounts["device"].(string) == "" || sessionAccounts["service"].(string) == "") && + sessionAccounts["application"].(string) == "": + return jsonData, fmt.Errorf("bad session_accounts: " + + "device/service or application need to be set") + case sessionAccounts["device"].(string) != "" && sessionAccounts["application"].(string) != "": + return jsonData, fmt.Errorf("bad session_accounts: " + + "device and application mutually exclusive") + case sessionAccounts["service"].(string) != "" && sessionAccounts["application"].(string) != "": + return jsonData, fmt.Errorf("bad session_accounts: " + + "service and application mutually exclusive") + case sessionAccounts["device"].(string) != "" && sessionAccounts["service"].(string) == "": + return jsonData, fmt.Errorf("bad session_accounts: "+ + "missing service for device %s", sessionAccounts["device"].(string)) + case sessionAccounts["service"].(string) != "" && sessionAccounts["device"].(string) == "": + return jsonData, fmt.Errorf("bad session_accounts: "+ + "missing device for service %s", sessionAccounts["service"].(string)) } - } else { - jsonData.Session.AccountMappings = make([]jsonTargetGroupSessionAccountMapping, 0) - } - if len(d.Get("session_interactive_logins").(*schema.Set).List()) > 0 { - for _, v := range d.Get("session_interactive_logins").(*schema.Set).List() { - sessInteractiveLogins := v.(map[string]interface{}) - switch { - case sessInteractiveLogins["device"].(string) != "" && sessInteractiveLogins["application"].(string) != "": - return jsonData, fmt.Errorf("bad session_interactive_logins: " + - "device and application mutually exclusive") - case sessInteractiveLogins["service"].(string) != "" && sessInteractiveLogins["application"].(string) != "": - return jsonData, fmt.Errorf("bad session_interactive_logins: " + - "service and application mutually exclusive") - case sessInteractiveLogins["device"].(string) != "" && sessInteractiveLogins["service"].(string) == "": - return jsonData, fmt.Errorf("bad session_interactive_logins: "+ - "missing service for device %s", sessInteractiveLogins["device"].(string)) - case sessInteractiveLogins["service"].(string) != "" && sessInteractiveLogins["device"].(string) == "": - return jsonData, fmt.Errorf("bad session_interactive_logins: "+ - "missing device for service %s", sessInteractiveLogins["service"].(string)) - } - jsonData.Session.InteractiveLogins = append(jsonData.Session.InteractiveLogins, - jsonTargetGroupSessionInteractiveLogin{ - Device: sessInteractiveLogins["device"].(string), - Service: sessInteractiveLogins["service"].(string), - Application: sessInteractiveLogins["application"].(string), - }) + jsonData.Session.Accounts[i] = jsonTargetGroupSessionAccount{ + Account: sessionAccounts["account"].(string), + Domain: sessionAccounts["domain"].(string), + DomainType: sessionAccounts["domain_type"].(string), + Device: sessionAccounts["device"].(string), + Service: sessionAccounts["service"].(string), + Application: sessionAccounts["application"].(string), } - } else { - jsonData.Session.InteractiveLogins = make([]jsonTargetGroupSessionInteractiveLogin, 0) - } - if len(d.Get("session_scenario_accounts").(*schema.Set).List()) > 0 { - for _, v := range d.Get("session_scenario_accounts").(*schema.Set).List() { - sessScenarioAccounts := v.(map[string]interface{}) - switch { - case sessScenarioAccounts["domain_type"].(string) == domainTypeGlobal: - if sessScenarioAccounts["device"].(string) != "" || - sessScenarioAccounts["application"].(string) != "" { - return jsonData, fmt.Errorf("bad session_scenario_accounts: " + - "device and application need to be null with domain_type=global") - } - case sessScenarioAccounts["domain_type"].(string) == domainTypeLocal: - if sessScenarioAccounts["device"].(string) == "" && - sessScenarioAccounts["application"].(string) == "" { - return jsonData, fmt.Errorf("bad session_scenario_accounts: " + - "device or application need to be set with domain_type=local") - } - case sessScenarioAccounts["device"].(string) != "" && sessScenarioAccounts["application"].(string) != "": + } + + listSessionAccountMappings := d.Get("session_account_mappings").(*schema.Set).List() + jsonData.Session.AccountMappings = make([]jsonTargetGroupSessionAccountMapping, len(listSessionAccountMappings)) + for i, v := range listSessionAccountMappings { + sessionAccountMappings := v.(map[string]interface{}) + switch { + case sessionAccountMappings["device"].(string) != "" && sessionAccountMappings["application"].(string) != "": + return jsonData, fmt.Errorf("bad session_account_mappings: " + + "device and application mutually exclusive") + case sessionAccountMappings["service"].(string) != "" && sessionAccountMappings["application"].(string) != "": + return jsonData, fmt.Errorf("bad session_account_mappings: " + + "service and application mutually exclusive") + case sessionAccountMappings["device"].(string) != "" && sessionAccountMappings["service"].(string) == "": + return jsonData, fmt.Errorf("bad session_account_mappings: "+ + "missing service for device %s", sessionAccountMappings["device"].(string)) + case sessionAccountMappings["service"].(string) != "" && sessionAccountMappings["device"].(string) == "": + return jsonData, fmt.Errorf("bad session_account_mappings: "+ + "missing device for service %s", sessionAccountMappings["service"].(string)) + } + jsonData.Session.AccountMappings[i] = jsonTargetGroupSessionAccountMapping{ + Device: sessionAccountMappings["device"].(string), + Service: sessionAccountMappings["service"].(string), + Application: sessionAccountMappings["application"].(string), + } + } + + listSessionInteractiveLogins := d.Get("session_interactive_logins").(*schema.Set).List() + jsonData.Session.InteractiveLogins = make([]jsonTargetGroupSessionInteractiveLogin, len(listSessionInteractiveLogins)) + for i, v := range listSessionInteractiveLogins { + sessionInteractiveLogins := v.(map[string]interface{}) + switch { + case sessionInteractiveLogins["device"].(string) != "" && sessionInteractiveLogins["application"].(string) != "": + return jsonData, fmt.Errorf("bad session_interactive_logins: " + + "device and application mutually exclusive") + case sessionInteractiveLogins["service"].(string) != "" && sessionInteractiveLogins["application"].(string) != "": + return jsonData, fmt.Errorf("bad session_interactive_logins: " + + "service and application mutually exclusive") + case sessionInteractiveLogins["device"].(string) != "" && sessionInteractiveLogins["service"].(string) == "": + return jsonData, fmt.Errorf("bad session_interactive_logins: "+ + "missing service for device %s", sessionInteractiveLogins["device"].(string)) + case sessionInteractiveLogins["service"].(string) != "" && sessionInteractiveLogins["device"].(string) == "": + return jsonData, fmt.Errorf("bad session_interactive_logins: "+ + "missing device for service %s", sessionInteractiveLogins["service"].(string)) + } + jsonData.Session.InteractiveLogins[i] = jsonTargetGroupSessionInteractiveLogin{ + Device: sessionInteractiveLogins["device"].(string), + Service: sessionInteractiveLogins["service"].(string), + Application: sessionInteractiveLogins["application"].(string), + } + } + + listSessionScenarioAccounts := d.Get("session_scenario_accounts").(*schema.Set).List() + jsonData.Session.ScenarioAccounts = make([]jsonTargetGroupSessionScenarioAccount, len(listSessionScenarioAccounts)) + for i, v := range listSessionScenarioAccounts { + sessionScenarioAccounts := v.(map[string]interface{}) + switch { + case sessionScenarioAccounts["domain_type"].(string) == domainTypeGlobal: + if sessionScenarioAccounts["device"].(string) != "" || + sessionScenarioAccounts["application"].(string) != "" { + return jsonData, fmt.Errorf("bad session_scenario_accounts: " + + "device and application need to be null with domain_type=global") + } + case sessionScenarioAccounts["domain_type"].(string) == domainTypeLocal: + if sessionScenarioAccounts["device"].(string) == "" && + sessionScenarioAccounts["application"].(string) == "" { return jsonData, fmt.Errorf("bad session_scenario_accounts: " + - "device and application mutually exclusive") + "device or application need to be set with domain_type=local") } - jsonData.Session.ScenarioAccounts = append(jsonData.Session.ScenarioAccounts, - jsonTargetGroupSessionScenarioAccount{ - Account: sessScenarioAccounts["account"].(string), - Domain: sessScenarioAccounts["domain"].(string), - DomainType: sessScenarioAccounts["domain_type"].(string), - Device: sessScenarioAccounts["device"].(string), - Application: sessScenarioAccounts["application"].(string), - }) + case sessionScenarioAccounts["device"].(string) != "" && sessionScenarioAccounts["application"].(string) != "": + return jsonData, fmt.Errorf("bad session_scenario_accounts: " + + "device and application mutually exclusive") + } + jsonData.Session.ScenarioAccounts[i] = jsonTargetGroupSessionScenarioAccount{ + Account: sessionScenarioAccounts["account"].(string), + Domain: sessionScenarioAccounts["domain"].(string), + DomainType: sessionScenarioAccounts["domain_type"].(string), + Device: sessionScenarioAccounts["device"].(string), + Application: sessionScenarioAccounts["application"].(string), } - } else { - jsonData.Session.ScenarioAccounts = make([]jsonTargetGroupSessionScenarioAccount, 0) } return jsonData, nil @@ -669,75 +661,75 @@ func fillTargetGroup(d *schema.ResourceData, jsonData jsonTargetGroup) { if tfErr := d.Set("description", jsonData.Description); tfErr != nil { panic(tfErr) } - passwordRetrievalAccounts := make([]map[string]interface{}, 0) - for _, v := range jsonData.PasswordRetrieval.Accounts { - passwordRetrievalAccounts = append(passwordRetrievalAccounts, map[string]interface{}{ + passwordRetrievalAccounts := make([]map[string]interface{}, len(jsonData.PasswordRetrieval.Accounts)) + for i, v := range jsonData.PasswordRetrieval.Accounts { + passwordRetrievalAccounts[i] = map[string]interface{}{ "account": v.Account, "domain": v.Domain, "domain_type": v.DomainType, "device": v.Device, "application": v.Application, - }) + } } if tfErr := d.Set("password_retrieval_accounts", passwordRetrievalAccounts); tfErr != nil { panic(tfErr) } - restrictions := make([]map[string]interface{}, 0) - for _, v := range jsonData.Restrictions { - restrictions = append(restrictions, map[string]interface{}{ + restrictions := make([]map[string]interface{}, len(jsonData.Restrictions)) + for i, v := range jsonData.Restrictions { + restrictions[i] = map[string]interface{}{ "action": v.Action, "rules": v.Rules, "subprotocol": v.SubProtocol, - }) + } } if tfErr := d.Set("restrictions", restrictions); tfErr != nil { panic(tfErr) } - sessionAccounts := make([]map[string]interface{}, 0) - for _, v := range jsonData.Session.Accounts { - sessionAccounts = append(sessionAccounts, map[string]interface{}{ + sessionAccounts := make([]map[string]interface{}, len(jsonData.Session.Accounts)) + for i, v := range jsonData.Session.Accounts { + sessionAccounts[i] = map[string]interface{}{ "account": v.Account, "domain": v.Domain, "domain_type": v.DomainType, "device": v.Device, "service": v.Service, "application": v.Application, - }) + } } if tfErr := d.Set("session_accounts", sessionAccounts); tfErr != nil { panic(tfErr) } - sessionAccountsMappings := make([]map[string]interface{}, 0) - for _, v := range jsonData.Session.AccountMappings { - sessionAccountsMappings = append(sessionAccountsMappings, map[string]interface{}{ + sessionAccountMappings := make([]map[string]interface{}, len(jsonData.Session.AccountMappings)) + for i, v := range jsonData.Session.AccountMappings { + sessionAccountMappings[i] = map[string]interface{}{ "device": v.Device, "service": v.Service, "application": v.Application, - }) + } } - if tfErr := d.Set("session_account_mappings", sessionAccountsMappings); tfErr != nil { + if tfErr := d.Set("session_account_mappings", sessionAccountMappings); tfErr != nil { panic(tfErr) } - sessionInteractiveLogins := make([]map[string]interface{}, 0) - for _, v := range jsonData.Session.InteractiveLogins { - sessionInteractiveLogins = append(sessionInteractiveLogins, map[string]interface{}{ + sessionInteractiveLogins := make([]map[string]interface{}, len(jsonData.Session.InteractiveLogins)) + for i, v := range jsonData.Session.InteractiveLogins { + sessionInteractiveLogins[i] = map[string]interface{}{ "device": v.Device, "service": v.Service, "application": v.Application, - }) + } } if tfErr := d.Set("session_interactive_logins", sessionInteractiveLogins); tfErr != nil { panic(tfErr) } - sessionScenarioAccounts := make([]map[string]interface{}, 0) - for _, v := range jsonData.Session.ScenarioAccounts { - sessionScenarioAccounts = append(sessionScenarioAccounts, map[string]interface{}{ + sessionScenarioAccounts := make([]map[string]interface{}, len(jsonData.Session.ScenarioAccounts)) + for i, v := range jsonData.Session.ScenarioAccounts { + sessionScenarioAccounts[i] = map[string]interface{}{ "account": v.Account, "domain": v.Domain, "domain_type": v.DomainType, "device": v.Device, "application": v.Application, - }) + } } if tfErr := d.Set("session_scenario_accounts", sessionScenarioAccounts); tfErr != nil { panic(tfErr) diff --git a/bastion/resource_timeframe.go b/bastion/resource_timeframe.go index e9cdd71..428e0e5 100644 --- a/bastion/resource_timeframe.go +++ b/bastion/resource_timeframe.go @@ -286,33 +286,34 @@ func prepareTimeframeJSON(d *schema.ResourceData) (jsonTimeframe, error) { jsonData.TimeframeName = d.Get("timeframe_name").(string) jsonData.Description = d.Get("description").(string) jsonData.IsOvertimable = d.Get("is_overtimable").(bool) - if v := d.Get("periods").(*schema.Set).List(); len(v) > 0 { - for _, v2 := range v { - period := v2.(map[string]interface{}) - jsonPeriod := jsonTimeFramePeriod{ - StartDate: period["start_date"].(string), - EndDate: period["end_date"].(string), - StartTime: period["start_time"].(string), - EndTime: period["end_time"].(string), - } - for _, d := range period["week_days"].(*schema.Set).List() { - if !bchk.InSlice(d.(string), []string{ - "monday", - "tuesday", - "wednesday", - "thursday", - "friday", - "saturday", - "sunday", - }) { - return jsonData, fmt.Errorf("`%s` isn't a valid week_day", d.(string)) - } - jsonPeriod.WeekDays = append(jsonPeriod.WeekDays, d.(string)) + + listPeriods := d.Get("periods").(*schema.Set).List() + jsonData.Periods = make([]jsonTimeFramePeriod, len(listPeriods)) + for i, v := range listPeriods { + period := v.(map[string]interface{}) + jsonPeriod := jsonTimeFramePeriod{ + StartDate: period["start_date"].(string), + EndDate: period["end_date"].(string), + StartTime: period["start_time"].(string), + EndTime: period["end_time"].(string), + } + listWeekDays := period["week_days"].(*schema.Set).List() + jsonPeriod.WeekDays = make([]string, len(listWeekDays)) + for ii, d := range listWeekDays { + if !bchk.InSlice(d.(string), []string{ + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday", + "sunday", + }) { + return jsonData, fmt.Errorf("`%s` isn't a valid week_day", d.(string)) } - jsonData.Periods = append(jsonData.Periods, jsonPeriod) + jsonPeriod.WeekDays[ii] = d.(string) } - } else { - jsonData.Periods = make([]jsonTimeFramePeriod, 0) + jsonData.Periods[i] = jsonPeriod } return jsonData, nil @@ -353,15 +354,15 @@ func fillTimeframe(d *schema.ResourceData, jsonData jsonTimeframe) { if tfErr := d.Set("is_overtimable", jsonData.IsOvertimable); tfErr != nil { panic(tfErr) } - periods := make([]map[string]interface{}, 0) - for _, v := range jsonData.Periods { - periods = append(periods, map[string]interface{}{ + periods := make([]map[string]interface{}, len(jsonData.Periods)) + for i, v := range jsonData.Periods { + periods[i] = map[string]interface{}{ "start_date": v.StartDate, "end_date": v.EndDate, "start_time": v.StartTime, "end_time": v.EndTime, "week_days": v.WeekDays, - }) + } } if tfErr := d.Set("periods", periods); tfErr != nil { panic(tfErr) diff --git a/bastion/resource_user.go b/bastion/resource_user.go index 56f145f..be8ae39 100644 --- a/bastion/resource_user.go +++ b/bastion/resource_user.go @@ -295,6 +295,7 @@ func prepareUserJSON(d *schema.ResourceData, newResource bool) jsonUser { ExpirationDate: d.Get("expiration_date").(string), IsDisabled: d.Get("is_disabled").(bool), } + if newResource { jsonData.PreferredLanguage = d.Get("preferred_language").(string) jsonData.Password = d.Get("password").(string) @@ -302,15 +303,20 @@ func prepareUserJSON(d *schema.ResourceData, newResource bool) jsonUser { jsonData.ForceChangePwd = &b } } + if d.HasChanges("groups") { - groups := make([]string, 0) - for _, v := range d.Get("groups").(*schema.Set).List() { - groups = append(groups, v.(string)) + listGroups := d.Get("groups").(*schema.Set).List() + groups := make([]string, len(listGroups)) + for i, v := range listGroups { + groups[i] = v.(string) } jsonData.Groups = &groups } - for _, v := range d.Get("user_auths").(*schema.Set).List() { - jsonData.UserAuths = append(jsonData.UserAuths, v.(string)) + + listUserAuths := d.Get("user_auths").(*schema.Set).List() + jsonData.UserAuths = make([]string, len(listUserAuths)) + for i, v := range listUserAuths { + jsonData.UserAuths[i] = v.(string) } return jsonData diff --git a/bastion/resource_usergroup.go b/bastion/resource_usergroup.go index c9ad121..be3b1a3 100644 --- a/bastion/resource_usergroup.go +++ b/bastion/resource_usergroup.go @@ -288,27 +288,31 @@ func prepareUserGroupJSON(d *schema.ResourceData) jsonUserGroup { GroupName: d.Get("group_name").(string), Profile: d.Get("profile").(string), } + if d.HasChanges("users") { - users := make([]string, 0) - for _, v := range d.Get("users").(*schema.Set).List() { - users = append(users, v.(string)) + listUsers := d.Get("users").(*schema.Set).List() + users := make([]string, len(listUsers)) + for i, v := range listUsers { + users[i] = v.(string) } jsonData.Users = &users } - for _, v := range d.Get("timeframes").(*schema.Set).List() { - jsonData.TimeFrames = append(jsonData.TimeFrames, v.(string)) - } - if len(d.Get("restrictions").(*schema.Set).List()) > 0 { - for _, v := range d.Get("restrictions").(*schema.Set).List() { - r := v.(map[string]interface{}) - jsonData.Restrictions = append(jsonData.Restrictions, jsonRestriction{ - Action: r["action"].(string), - Rules: r["rules"].(string), - SubProtocol: r["subprotocol"].(string), - }) + + listTimeFrames := d.Get("timeframes").(*schema.Set).List() + jsonData.TimeFrames = make([]string, len(listTimeFrames)) + for i, v := range listTimeFrames { + jsonData.TimeFrames[i] = v.(string) + } + + listRestrictions := d.Get("restrictions").(*schema.Set).List() + jsonData.Restrictions = make([]jsonRestriction, len(listRestrictions)) + for i, v := range listRestrictions { + restrictions := v.(map[string]interface{}) + jsonData.Restrictions[i] = jsonRestriction{ + Action: restrictions["action"].(string), + Rules: restrictions["rules"].(string), + SubProtocol: restrictions["subprotocol"].(string), } - } else { - jsonData.Restrictions = make([]jsonRestriction, 0) } return jsonData @@ -352,13 +356,13 @@ func fillUserGroup(d *schema.ResourceData, jsonData jsonUserGroup) { if tfErr := d.Set("profile", jsonData.Profile); tfErr != nil { panic(tfErr) } - restrictions := make([]map[string]interface{}, 0) - for _, v := range jsonData.Restrictions { - restrictions = append(restrictions, map[string]interface{}{ + restrictions := make([]map[string]interface{}, len(jsonData.Restrictions)) + for i, v := range jsonData.Restrictions { + restrictions[i] = map[string]interface{}{ "action": v.Action, "rules": v.Rules, "subprotocol": v.SubProtocol, - }) + } } if tfErr := d.Set("restrictions", restrictions); tfErr != nil { panic(tfErr) From 0d22721ac5370bbd986265941272c9c6ee7f6bd8 Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Mon, 2 Oct 2023 16:11:37 +0200 Subject: [PATCH 2/5] refactor initialization of jsonData --- bastion/resource_application_localdomain.go | 8 +++++--- .../resource_application_localdomain_account.go | 14 ++++++++------ bastion/resource_checkout_policy.go | 17 +++++++++-------- bastion/resource_connection_message.go | 5 +++-- bastion/resource_connection_policy.go | 9 +++++---- bastion/resource_device_localdomain.go | 11 +++++++---- bastion/resource_device_localdomain_account.go | 17 +++++++++-------- ...rce_device_localdomain_account_credential.go | 6 ++++-- bastion/resource_device_service.go | 8 +++++--- bastion/resource_domain.go | 12 +++++++----- bastion/resource_domain_account.go | 17 +++++++++-------- bastion/resource_domain_account_credential.go | 6 ++++-- bastion/resource_profile.go | 13 +++++++++---- bastion/resource_timeframe.go | 9 +++++---- 14 files changed, 89 insertions(+), 63 deletions(-) diff --git a/bastion/resource_application_localdomain.go b/bastion/resource_application_localdomain.go index 494989e..307addb 100644 --- a/bastion/resource_application_localdomain.go +++ b/bastion/resource_application_localdomain.go @@ -290,9 +290,11 @@ func deleteApplicationLocalDomain( } func prepareApplicationLocalDomainJSON(d *schema.ResourceData, newResource bool) jsonApplicationLocalDomain { - var jsonData jsonApplicationLocalDomain - jsonData.DomainName = d.Get("domain_name").(string) - jsonData.Description = d.Get("description").(string) + jsonData := jsonApplicationLocalDomain{ + Description: d.Get("description").(string), + DomainName: d.Get("domain_name").(string), + } + if d.Get("enable_password_change").(bool) { if !newResource { adminAccount := d.Get("admin_account").(string) diff --git a/bastion/resource_application_localdomain_account.go b/bastion/resource_application_localdomain_account.go index 59d0ee4..543271e 100644 --- a/bastion/resource_application_localdomain_account.go +++ b/bastion/resource_application_localdomain_account.go @@ -307,12 +307,14 @@ func deleteApplicationLocalDomainAccount( } func prepareApplicationLocalDomainAccountJSON(d *schema.ResourceData) jsonApplicationLocalDomainAccount { - var jsonData jsonApplicationLocalDomainAccount - jsonData.AccountName = d.Get("account_name").(string) - jsonData.AccountLogin = d.Get("account_login").(string) - jsonData.CheckoutPolicy = d.Get("checkout_policy").(string) - jsonData.AutoChangePassword = d.Get("auto_change_password").(bool) - jsonData.Description = d.Get("description").(string) + jsonData := jsonApplicationLocalDomainAccount{ + AccountLogin: d.Get("account_login").(string), + AccountName: d.Get("account_name").(string), + AutoChangePassword: d.Get("auto_change_password").(bool), + CheckoutPolicy: d.Get("checkout_policy").(string), + Description: d.Get("description").(string), + } + credentials := make([]jsonCredential, 0) if d.Get("password").(string) != "" { credentials = append(credentials, jsonCredential{ diff --git a/bastion/resource_checkout_policy.go b/bastion/resource_checkout_policy.go index 1d9a371..a00b348 100644 --- a/bastion/resource_checkout_policy.go +++ b/bastion/resource_checkout_policy.go @@ -261,14 +261,15 @@ func deleteCheckoutPolicy( } func prepareCheckoutPolicyJSON(d *schema.ResourceData) jsonCheckoutPolicy { - var jsonData jsonCheckoutPolicy - jsonData.CheckoutPolicyName = d.Get("checkout_policy_name").(string) - jsonData.Description = d.Get("description").(string) - jsonData.EnableLock = d.Get("enable_lock").(bool) - jsonData.ChangeCredentialsAtCheckin = d.Get("change_credentials_at_checkin").(bool) - jsonData.Duration = d.Get("duration").(int) - jsonData.Extension = d.Get("extension").(int) - jsonData.MaxDuration = d.Get("max_duration").(int) + jsonData := jsonCheckoutPolicy{ + ChangeCredentialsAtCheckin: d.Get("change_credentials_at_checkin").(bool), + CheckoutPolicyName: d.Get("checkout_policy_name").(string), + Description: d.Get("description").(string), + EnableLock: d.Get("enable_lock").(bool), + Duration: d.Get("duration").(int), + Extension: d.Get("extension").(int), + MaxDuration: d.Get("max_duration").(int), + } return jsonData } diff --git a/bastion/resource_connection_message.go b/bastion/resource_connection_message.go index d8bbbd6..fb9d6fa 100644 --- a/bastion/resource_connection_message.go +++ b/bastion/resource_connection_message.go @@ -152,8 +152,9 @@ func updateConnectionMessage( } func prepareConnectionMessageJSON(d *schema.ResourceData) jsonConnectionMessage { - var jsonData jsonConnectionMessage - jsonData.Message = d.Get("message").(string) + jsonData := jsonConnectionMessage{ + Message: d.Get("message").(string), + } return jsonData } diff --git a/bastion/resource_connection_policy.go b/bastion/resource_connection_policy.go index 1bec4b1..7208fc9 100644 --- a/bastion/resource_connection_policy.go +++ b/bastion/resource_connection_policy.go @@ -259,10 +259,11 @@ func deleteConnectionPolicy( } func prepareConnectionPolicyJSON(d *schema.ResourceData) (jsonConnectionPolicy, error) { - var jsonData jsonConnectionPolicy - jsonData.ConnectionPolicyName = d.Get("connection_policy_name").(string) - jsonData.Description = d.Get("description").(string) - jsonData.Protocol = d.Get("protocol").(string) + jsonData := jsonConnectionPolicy{ + ConnectionPolicyName: d.Get("connection_policy_name").(string), + Description: d.Get("description").(string), + Protocol: d.Get("protocol").(string), + } listAuthenticationMethods := d.Get("authentication_methods").(*schema.Set).List() jsonData.AuthenticationMethods = make([]string, len(listAuthenticationMethods)) diff --git a/bastion/resource_device_localdomain.go b/bastion/resource_device_localdomain.go index 79b6cb6..2c82f16 100644 --- a/bastion/resource_device_localdomain.go +++ b/bastion/resource_device_localdomain.go @@ -306,8 +306,12 @@ func deleteDeviceLocalDomain( } func prepareDeviceLocalDomainJSON(d *schema.ResourceData, newResource bool) jsonDeviceLocalDomain { - var jsonData jsonDeviceLocalDomain - jsonData.DomainName = d.Get("domain_name").(string) + jsonData := jsonDeviceLocalDomain{ + Description: d.Get("description").(string), + DomainName: d.Get("domain_name").(string), + Passphrase: d.Get("passphrase").(string), + } + if !strings.HasPrefix(d.Get("ca_private_key").(string), "generate:") { jsonData.CAPrivateKey = d.Get("ca_private_key").(string) } else if d.HasChange("ca_private_key") { @@ -316,8 +320,7 @@ func prepareDeviceLocalDomainJSON(d *schema.ResourceData, newResource bool) json jsonData.CAPrivateKey = newKey.(string) } } - jsonData.Description = d.Get("description").(string) - jsonData.Passphrase = d.Get("passphrase").(string) + if d.Get("enable_password_change").(bool) { if !newResource { adminAccount := d.Get("admin_account").(string) diff --git a/bastion/resource_device_localdomain_account.go b/bastion/resource_device_localdomain_account.go index 8d298cc..24c80bb 100644 --- a/bastion/resource_device_localdomain_account.go +++ b/bastion/resource_device_localdomain_account.go @@ -336,14 +336,15 @@ func deleteDeviceLocalDomainAccount( } func prepareDeviceLocalDomainAccountJSON(d *schema.ResourceData) jsonDeviceLocalDomainAccount { - var jsonData jsonDeviceLocalDomainAccount - jsonData.AccountName = d.Get("account_name").(string) - jsonData.AccountLogin = d.Get("account_login").(string) - jsonData.CheckoutPolicy = d.Get("checkout_policy").(string) - jsonData.AutoChangePassword = d.Get("auto_change_password").(bool) - jsonData.AutoChangeSSHKey = d.Get("auto_change_ssh_key").(bool) - jsonData.CertificateValidity = d.Get("certificate_validity").(string) - jsonData.Description = d.Get("description").(string) + jsonData := jsonDeviceLocalDomainAccount{ + AccountName: d.Get("account_name").(string), + AccountLogin: d.Get("account_login").(string), + AutoChangePassword: d.Get("auto_change_password").(bool), + AutoChangeSSHKey: d.Get("auto_change_ssh_key").(bool), + CertificateValidity: d.Get("certificate_validity").(string), + CheckoutPolicy: d.Get("checkout_policy").(string), + Description: d.Get("description").(string), + } listServices := d.Get("services").(*schema.Set).List() jsonData.Services = make([]string, len(listServices)) diff --git a/bastion/resource_device_localdomain_account_credential.go b/bastion/resource_device_localdomain_account_credential.go index f8a6a2f..1d0634a 100644 --- a/bastion/resource_device_localdomain_account_credential.go +++ b/bastion/resource_device_localdomain_account_credential.go @@ -316,8 +316,10 @@ func deleteDeviceLocalDomainAccountCredential( func prepareDeviceLocalDomainAccountCredentialJSON( d *schema.ResourceData, ) jsonCredential { - var jsonData jsonCredential - jsonData.Type = d.Get("type").(string) + jsonData := jsonCredential{ + Type: d.Get("type").(string), + } + if jsonData.Type == "password" { jsonData.Password = d.Get("password").(string) } else if jsonData.Type == "ssh_key" { diff --git a/bastion/resource_device_service.go b/bastion/resource_device_service.go index a6f7a3e..5ccd859 100644 --- a/bastion/resource_device_service.go +++ b/bastion/resource_device_service.go @@ -322,13 +322,15 @@ func prepareDeviceServiceJSON( ) ( jsonDeviceService, error, ) { - var jsonData jsonDeviceService + jsonData := jsonDeviceService{ + ConnectionPolicy: d.Get("connection_policy").(string), + Port: d.Get("port").(int), + } + if newResource { jsonData.ServiceName = d.Get("service_name").(string) jsonData.Protocol = d.Get("protocol").(string) } - jsonData.ConnectionPolicy = d.Get("connection_policy").(string) - jsonData.Port = d.Get("port").(int) if d.HasChange("global_domains") { listGlobalDomains := d.Get("global_domains").(*schema.Set).List() diff --git a/bastion/resource_domain.go b/bastion/resource_domain.go index ab425ec..e9b1d05 100644 --- a/bastion/resource_domain.go +++ b/bastion/resource_domain.go @@ -304,9 +304,13 @@ func deleteDomain( } func prepareDomainJSON(d *schema.ResourceData, newResource bool) jsonDomain { - var jsonData jsonDomain - jsonData.DomainName = d.Get("domain_name").(string) - jsonData.DomainRealName = d.Get("domain_real_name").(string) + jsonData := jsonDomain{ + Description: d.Get("description").(string), + DomainName: d.Get("domain_name").(string), + DomainRealName: d.Get("domain_real_name").(string), + Passphrase: d.Get("passphrase").(string), + } + if !strings.HasPrefix(d.Get("ca_private_key").(string), "generate:") { jsonData.CAPrivateKey = d.Get("ca_private_key").(string) } else if d.HasChange("ca_private_key") { @@ -315,8 +319,6 @@ func prepareDomainJSON(d *schema.ResourceData, newResource bool) jsonDomain { jsonData.CAPrivateKey = newKey.(string) } } - jsonData.Description = d.Get("description").(string) - jsonData.Passphrase = d.Get("passphrase").(string) if d.Get("enable_password_change").(bool) { if !newResource { diff --git a/bastion/resource_domain_account.go b/bastion/resource_domain_account.go index d4372f3..61130cc 100644 --- a/bastion/resource_domain_account.go +++ b/bastion/resource_domain_account.go @@ -321,14 +321,15 @@ func deleteDomainAccount( } func prepareDomainAccountJSON(d *schema.ResourceData) (jsonDomainAccount, error) { - var jsonData jsonDomainAccount - jsonData.AccountName = d.Get("account_name").(string) - jsonData.AccountLogin = d.Get("account_login").(string) - jsonData.CheckoutPolicy = d.Get("checkout_policy").(string) - jsonData.AutoChangePassword = d.Get("auto_change_password").(bool) - jsonData.AutoChangeSSHKey = d.Get("auto_change_ssh_key").(bool) - jsonData.CertificateValidity = d.Get("certificate_validity").(string) - jsonData.Description = d.Get("description").(string) + jsonData := jsonDomainAccount{ + AccountLogin: d.Get("account_login").(string), + AccountName: d.Get("account_name").(string), + AutoChangePassword: d.Get("auto_change_password").(bool), + AutoChangeSSHKey: d.Get("auto_change_ssh_key").(bool), + CertificateValidity: d.Get("certificate_validity").(string), + CheckoutPolicy: d.Get("checkout_policy").(string), + Description: d.Get("description").(string), + } if d.HasChange("resources") { listResources := d.Get("resources").(*schema.Set).List() diff --git a/bastion/resource_domain_account_credential.go b/bastion/resource_domain_account_credential.go index 3519f77..5f8c771 100644 --- a/bastion/resource_domain_account_credential.go +++ b/bastion/resource_domain_account_credential.go @@ -298,8 +298,10 @@ func deleteDomainAccountCredential( func prepareDomainAccountCredentialJSON( d *schema.ResourceData, ) jsonCredential { - var jsonData jsonCredential - jsonData.Type = d.Get("type").(string) + jsonData := jsonCredential{ + Type: d.Get("type").(string), + } + if jsonData.Type == "password" { jsonData.Password = d.Get("password").(string) } else if jsonData.Type == "ssh_key" { diff --git a/bastion/resource_profile.go b/bastion/resource_profile.go index 6d779b5..932efbf 100644 --- a/bastion/resource_profile.go +++ b/bastion/resource_profile.go @@ -480,10 +480,16 @@ func deleteProfile( func prepareProfileJSON( //nolint: gocognit,gocyclo d *schema.ResourceData, newResource bool, features profileFeatures, ) jsonProfile { - var jsonData jsonProfile + jsonData := jsonProfile{ + Description: d.Get("description").(string), + IPLimitation: d.Get("ip_limitation").(string), + TargetAccess: d.Get("target_access").(bool), + } + if newResource { jsonData.ProfileName = d.Get("profile_name").(string) } + for _, v := range d.Get("gui_features").([]interface{}) { if v == nil { continue @@ -529,6 +535,7 @@ func prepareProfileJSON( //nolint: gocognit,gocyclo jsonData.GuiFeatures.CredentialRecovery = &v2 } } + for _, v := range d.Get("gui_transmission").([]interface{}) { if v == nil { continue @@ -571,7 +578,6 @@ func prepareProfileJSON( //nolint: gocognit,gocyclo jsonData.GuiTransmission.CredentialRecovery = &v2 } } - jsonData.Description = d.Get("description").(string) if features.withDashboards { listDashboards := d.Get("dashboards").(*schema.Set).List() @@ -581,8 +587,6 @@ func prepareProfileJSON( //nolint: gocognit,gocyclo } jsonData.Dashboards = &dashboards } - jsonData.IPLimitation = d.Get("ip_limitation").(string) - jsonData.TargetAccess = d.Get("target_access").(bool) for _, v := range d.Get("target_groups_limitation").([]interface{}) { m := v.(map[string]interface{}) @@ -599,6 +603,7 @@ func prepareProfileJSON( //nolint: gocognit,gocyclo } jsonData.TargetGroupsLimitation.DefaultTargetGroup = &defaultTargetGroup } + for _, v := range d.Get("user_groups_limitation").([]interface{}) { m := v.(map[string]interface{}) jsonData.UserGroupsLimitation.Enabled = true diff --git a/bastion/resource_timeframe.go b/bastion/resource_timeframe.go index 428e0e5..070d37a 100644 --- a/bastion/resource_timeframe.go +++ b/bastion/resource_timeframe.go @@ -282,10 +282,11 @@ func deleteTimeframe( } func prepareTimeframeJSON(d *schema.ResourceData) (jsonTimeframe, error) { - var jsonData jsonTimeframe - jsonData.TimeframeName = d.Get("timeframe_name").(string) - jsonData.Description = d.Get("description").(string) - jsonData.IsOvertimable = d.Get("is_overtimable").(bool) + jsonData := jsonTimeframe{ + Description: d.Get("description").(string), + IsOvertimable: d.Get("is_overtimable").(bool), + TimeframeName: d.Get("timeframe_name").(string), + } listPeriods := d.Get("periods").(*schema.Set).List() jsonData.Periods = make([]jsonTimeFramePeriod, len(listPeriods)) From ca7394f7d1962192de3da7bd3520118a1f6c7e66 Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Tue, 3 Oct 2023 10:58:20 +0200 Subject: [PATCH 3/5] bump Go version to v1.20 minimum and release with v1.21 --- .github/workflows/go.yml | 20 ++++++++++---------- .github/workflows/linters.yml | 10 +++++----- .github/workflows/release.yml | 2 +- CHANGELOG.md | 4 ++++ README.md | 2 +- go.mod | 2 +- 6 files changed, 22 insertions(+), 18 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index df01edf..d65dbcf 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -1,14 +1,14 @@ name: Go Tests on: [push, pull_request] jobs: - build-1_19: - name: Build 1.19 + build-1_20: + name: Build 1.20 runs-on: ubuntu-latest steps: - - name: Set up Go 1.19 + - name: Set up Go 1.20 uses: actions/setup-go@v4 with: - go-version: '1.19' + go-version: '1.20' check-latest: true id: go - name: Disable cgo @@ -21,14 +21,14 @@ jobs: - name: Build run: go build -v . - build-1_20: - name: Build 1.20 + build-1_21: + name: Build 1.21 runs-on: ubuntu-latest steps: - - name: Set up Go 1.20 + - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true id: go - name: Disable cgo @@ -45,10 +45,10 @@ jobs: name: Test runs-on: ubuntu-latest steps: - - name: Set up Go 1.20 + - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true id: go - name: Disable cgo diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index ea446fc..154390c 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -5,10 +5,10 @@ jobs: name: golangci-lint runs-on: ubuntu-latest steps: - - name: Set up Go 1.20 + - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true id: go - name: Disable cgo @@ -19,7 +19,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: - version: v1.53 + version: v1.54 args: -c .golangci.yml -v markdown-lint: @@ -38,10 +38,10 @@ jobs: name: terrafmt runs-on: ubuntu-latest steps: - - name: Set up Go 1.20 + - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true id: go - name: Show version diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 349b89d..fe28ba2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: name: Set up Go uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v6.0.0 diff --git a/CHANGELOG.md b/CHANGELOG.md index 18c6417..c8cb3b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # changelog +ENHANCEMENTS: + +* release now with golang 1.21 + BUG FIXES: * reduced compute and memory usage to prepare the JSON payload when creating or updating resource diff --git a/README.md b/README.md index 6ef5de6..b4d44ab 100644 --- a/README.md +++ b/README.md @@ -6,4 +6,4 @@ ### In addition to develop -- [Go](https://golang.org/doc/install) `v1.19` or `v1.20` +- [Go](https://golang.org/doc/install) `v1.20` or `v1.21` diff --git a/go.mod b/go.mod index 08e0b7c..fc92366 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/claranet/terraform-provider-wallix-bastion -go 1.19 +go 1.20 require ( github.com/hashicorp/go-cleanhttp v0.5.2 From cae041a0733ecbb2ff249941a1f325231ea5d95e Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Wed, 4 Oct 2023 12:25:38 +0200 Subject: [PATCH 4/5] r/user: update the password when has changed in config to not empty value and `force_change_pwd` isn't true instead of no-op on password when update resource --- CHANGELOG.md | 1 + bastion/resource_user.go | 4 ++++ docs/resources/user.md | 6 ++++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c8cb3b6..ee7dc57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ENHANCEMENTS: * release now with golang 1.21 +* resource/**wallix-bastion_user**: update the password when has changed in config to not empty value and `force_change_pwd` isn't true (instead of no-op on password when update resource) BUG FIXES: diff --git a/bastion/resource_user.go b/bastion/resource_user.go index be8ae39..90dcd1b 100644 --- a/bastion/resource_user.go +++ b/bastion/resource_user.go @@ -302,6 +302,10 @@ func prepareUserJSON(d *schema.ResourceData, newResource bool) jsonUser { if d.Get("force_change_pwd").(bool) { jsonData.ForceChangePwd = &b } + } else if d.HasChange("password") && !d.Get("force_change_pwd").(bool) { + if v := d.Get("password").(string); v != "" { + jsonData.Password = v + } } if d.HasChanges("groups") { diff --git a/docs/resources/user.md b/docs/resources/user.md index 28de4fb..ef4f49f 100644 --- a/docs/resources/user.md +++ b/docs/resources/user.md @@ -45,8 +45,10 @@ The following arguments are supported: Format is a comma-separated list of IPv4 addresses, subnets or ranges. - **is_disabled** (Optional, Boolean) Account is disabled. -- **password** (Optional, String, Sensitive, **Only used when create resource**) - The password. +- **password** (Optional, String, Sensitive, **Value can't refresh**) + The password. + Updating the password when has changed in config to not empty value + and `force_change_pwd` isn't true. - **preferred_language** (Optional, String, **Only used when create resource**) The preferred language. Need to be `de`, `en`, `es`, `fr` or `ru`. From dfeb8001558d8d34036234000af3b6b24b2695d7 Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Wed, 4 Oct 2023 13:49:20 +0200 Subject: [PATCH 5/5] Release v0.12.0 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ee7dc57..934229d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # changelog +## 0.12.0 (October 04, 2023) + ENHANCEMENTS: * release now with golang 1.21