Skip to content

Commit

Permalink
Merge pull request #7657 from terraform-providers/td-aws_kms_secret-s…
Browse files Browse the repository at this point in the history
…oft-removal

data-source/aws_kms_secret: Soft remove data source type with removal message
  • Loading branch information
bflad authored Feb 25, 2019
2 parents 8d95162 + ddde690 commit 38e13f5
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 227 deletions.
65 changes: 6 additions & 59 deletions aws/data_source_aws_kms_secret.go
Original file line number Diff line number Diff line change
@@ -1,20 +1,18 @@
package aws

import (
"encoding/base64"
"fmt"
"log"
"time"
"errors"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/hashicorp/terraform/helper/schema"
)

const dataSourceAwsKmsSecretRemovedMessage = "This data source has been replaced with the `aws_kms_secrets` data source. Upgrade information is available at: https://www.terraform.io/docs/providers/aws/guides/version-2-upgrade.html#data-source-aws_kms_secret"

func dataSourceAwsKmsSecret() *schema.Resource {
return &schema.Resource{
DeprecationMessage: "This data source will be removed in Terraform AWS provider version 2.0. Please see migration information available in: https://www.terraform.io/docs/providers/aws/guides/version-2-upgrade.html#data-source-aws_kms_secret",
Read: dataSourceAwsKmsSecretRead,
Read: func(d *schema.ResourceData, meta interface{}) error {
return errors.New(dataSourceAwsKmsSecretRemovedMessage)
},

Schema: map[string]*schema.Schema{
"secret": {
Expand Down Expand Up @@ -44,57 +42,6 @@ func dataSourceAwsKmsSecret() *schema.Resource {
},
},
},
"__has_dynamic_attributes": {
Type: schema.TypeString,
Optional: true,
},
},
}
}

// dataSourceAwsKmsSecretRead decrypts the specified secrets
func dataSourceAwsKmsSecretRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).kmsconn
secrets := d.Get("secret").(*schema.Set)

d.SetId(time.Now().UTC().String())

for _, v := range secrets.List() {
secret := v.(map[string]interface{})

// base64 decode the payload
payload, err := base64.StdEncoding.DecodeString(secret["payload"].(string))
if err != nil {
return fmt.Errorf("Invalid base64 value for secret '%s': %v", secret["name"].(string), err)
}

// build the kms decrypt params
params := &kms.DecryptInput{
CiphertextBlob: payload,
}
if context, exists := secret["context"]; exists {
params.EncryptionContext = make(map[string]*string)
for k, v := range context.(map[string]interface{}) {
params.EncryptionContext[k] = aws.String(v.(string))
}
}
if grant_tokens, exists := secret["grant_tokens"]; exists {
params.GrantTokens = make([]*string, 0)
for _, v := range grant_tokens.([]interface{}) {
params.GrantTokens = append(params.GrantTokens, aws.String(v.(string)))
}
}

// decrypt
resp, err := conn.Decrypt(params)
if err != nil {
return fmt.Errorf("Failed to decrypt '%s': %s", secret["name"].(string), err)
}

// Set the secret via the name
log.Printf("[DEBUG] aws_kms_secret - successfully decrypted secret: %s", secret["name"].(string))
d.UnsafeSetFieldRaw(secret["name"].(string), string(resp.Plaintext))
}

return nil
}
86 changes: 12 additions & 74 deletions aws/data_source_aws_kms_secret_test.go
Original file line number Diff line number Diff line change
@@ -1,96 +1,34 @@
package aws

import (
"encoding/base64"
"fmt"
"regexp"
"testing"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/kms"

"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)

func TestAccAWSKmsSecretDataSource_basic(t *testing.T) {
// Run a resource test to setup our KMS key
resource.Test(t, resource.TestCase{
func TestAccAWSKmsSecretDataSource_removed(t *testing.T) {
resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccCheckAwsKmsSecretDataSourceKey,
Check: func(s *terraform.State) error {
encryptedPayload, err := testAccCheckAwsKmsSecretDataSourceCheckKeySetup(s)
if err != nil {
return err
}

// We run the actual test on our data source nested in the
// Check function of the KMS key so we can access the
// encrypted output, above, and so that the key will be
// deleted at the end of the test
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: fmt.Sprintf(testAccCheckAwsKmsSecretDataSourceSecret, encryptedPayload),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("data.aws_kms_secret.testing", "secret_name", "PAYLOAD"),
),
},
},
})

return nil
},
Config: testAccAwsKmsSecretDataSourceConfig,
ExpectError: regexp.MustCompile(dataSourceAwsKmsSecretRemovedMessage),
},
},
})

}

func testAccCheckAwsKmsSecretDataSourceCheckKeySetup(s *terraform.State) (string, error) {
rs, ok := s.RootModule().Resources["aws_kms_key.terraform_data_source_testing"]
if !ok {
return "", fmt.Errorf("Failed to setup a KMS key for data source testing!")
}

// Now that the key is setup encrypt a string using it
// XXX TODO: Set up and test with grants
params := &kms.EncryptInput{
KeyId: aws.String(rs.Primary.Attributes["arn"]),
Plaintext: []byte("PAYLOAD"),
EncryptionContext: map[string]*string{
"name": aws.String("value"),
},
}

kmsconn := testAccProvider.Meta().(*AWSClient).kmsconn
resp, err := kmsconn.Encrypt(params)
if err != nil {
return "", fmt.Errorf("Failed encrypting string with KMS for data source testing: %s", err)
}

return base64.StdEncoding.EncodeToString(resp.CiphertextBlob), nil
}

const testAccCheckAwsKmsSecretDataSourceKey = `
resource "aws_kms_key" "terraform_data_source_testing" {
description = "Testing the Terraform AWS KMS Secret data_source"
}
`

const testAccCheckAwsKmsSecretDataSourceSecret = `
const testAccAwsKmsSecretDataSourceConfig = `
data "aws_kms_secret" "testing" {
secret {
name = "secret_name"
payload = "%s"
secret {
name = "secret_name"
payload = "data-source-removed"
context {
name = "value"
}
context = {
name = "value"
}
}
}
`
3 changes: 0 additions & 3 deletions website/aws.erb
Original file line number Diff line number Diff line change
Expand Up @@ -263,9 +263,6 @@
<li<%= sidebar_current("docs-aws-datasource-kms-key") %>>
<a href="/docs/providers/aws/d/kms_key.html">aws_kms_key</a>
</li>
<li<%= sidebar_current("docs-aws-datasource-kms-secret-x") %>>
<a href="/docs/providers/aws/d/kms_secret.html">aws_kms_secret</a>
</li>
<li<%= sidebar_current("docs-aws-datasource-kms-secrets") %>>
<a href="/docs/providers/aws/d/kms_secrets.html">aws_kms_secrets</a>
</li>
Expand Down
91 changes: 0 additions & 91 deletions website/docs/d/kms_secret.html.markdown

This file was deleted.

0 comments on commit 38e13f5

Please sign in to comment.