feat: add writing secrets feature in terraform provider (#161)

* feat: add writing secrets feature in terraform provider * fix: fix PR comments
BeyondTrust · Nov 26, 2024 · 8ea5ae2 · 8ea5ae2
1 parent 3cbb2e3
commit 8ea5ae2
Show file tree

Hide file tree

Showing 10 changed files with 914 additions and 19 deletions.
diff --git a/TestClient.go b/TestClient.go
@@ -10,6 +10,7 @@ import (
 	managed_accounts "github.com/BeyondTrust/go-client-library-passwordsafe/api/managed_account"
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/secrets"
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/utils"
+	"github.com/google/uuid"
 
 	//"os"
 
@@ -75,7 +76,7 @@ func main() {
 	authenticate, _ := authentication.Authenticate(*httpClientObj, backoffDefinition, apiUrl, clientId, clientSecret, zapLogger, retryMaxElapsedTimeMinutes)
 
 	// authenticating
-	_, err := authenticate.GetPasswordSafeAuthentication()
+	userObject, err := authenticate.GetPasswordSafeAuthentication()
 	if err != nil {
 		return
 	}
@@ -157,6 +158,107 @@ func main() {
 	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
 	zapLogger.Warn(fmt.Sprintf("Created Managed Account: %v", createResponse.AccountName))
 
+	objCredential := entities.SecretCredentialDetails{
+		Title:       "CREDENTIAL_" + uuid.New().String(),
+		Description: "My Credential Secret Description",
+		Username:    "my_user",
+		Password:    "MyPass2#$!",
+		OwnerType:   "User",
+		Notes:       "My note",
+		Owners: []entities.OwnerDetails{
+			{
+				OwnerId: userObject.UserId,
+				Owner:   userObject.UserName,
+				Email:   userObject.EmailAddress,
+			},
+		},
+		Urls: []entities.UrlDetails{
+			{
+				Id:           uuid.New(),
+				CredentialId: uuid.New(),
+				Url:          "https://www.test.com/",
+			},
+		},
+	}
+
+	// creating a credential secret in folder1.
+	createdSecret, err := secretObj.CreateSecretFlow("folder1", objCredential)
+
+	if err != nil {
+		zapLogger.Error(err.Error())
+		return
+	}
+	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
+	zapLogger.Debug(fmt.Sprintf("Created Credential secret: %v", createdSecret.Title))
+
+	objText := entities.SecretTextDetails{
+		Title:       "TEXT_" + uuid.New().String(),
+		Description: "My Text Secret Description",
+		Text:        "my_p4ssword!*2024",
+		OwnerType:   "User",
+		OwnerId:     userObject.UserId,
+		FolderId:    uuid.New(),
+		Owners: []entities.OwnerDetails{
+			{
+				OwnerId: userObject.UserId,
+				Owner:   userObject.UserName,
+				Email:   userObject.EmailAddress,
+			},
+		},
+		Urls: []entities.UrlDetails{
+			{
+				Id:           uuid.New(),
+				CredentialId: uuid.New(),
+				Url:          "https://www.test.com/",
+			},
+		},
+	}
+
+	// creating a text secret in folder1.
+	createdSecret, err = secretObj.CreateSecretFlow("folder1", objText)
+
+	if err != nil {
+		zapLogger.Error(err.Error())
+		return
+	}
+	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
+	zapLogger.Debug(fmt.Sprintf("Created Text secret: %v", createdSecret.Title))
+
+	objFile := entities.SecretFileDetails{
+		Title:       "FILE_" + uuid.New().String(),
+		Description: "My File Secret Description",
+		OwnerType:   "User",
+		OwnerId:     userObject.UserId,
+		Owners: []entities.OwnerDetails{
+			{
+				OwnerId: userObject.UserId,
+				Owner:   userObject.UserName,
+				Email:   userObject.EmailAddress,
+			},
+		},
+		Notes:       "Notes 1",
+		FileName:    "my_secret.txt",
+		FileContent: "my_p4ssword!*2024",
+		Urls: []entities.UrlDetails{
+			{
+				Id:           uuid.New(),
+				CredentialId: uuid.New(),
+				Url:          "https://www.test.com/",
+			},
+		},
+	}
+
+	// creating a file secret in folder1.
+	createdSecret, err = secretObj.CreateSecretFlow("folder1", objFile)
+
+	if err != nil {
+		zapLogger.Error(err.Error())
+		return
+	}
+
+	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
+	zapLogger.Debug(fmt.Sprintf("Created File secret: %v", createdSecret.Title))
+
 	// signing out
 	_ = authenticate.SignOut()
 

diff --git a/api/authentication/authentication.go b/api/authentication/authentication.go
@@ -99,7 +99,7 @@ func (authenticationObj *AuthenticationObj) GetToken(endpointUrl string, clientI
 	buffer.WriteString(params.Encode())
 
 	technicalError = backoff.Retry(func() error {
-		body, _, technicalError, businessError = authenticationObj.HttpClient.CallSecretSafeAPI(endpointUrl, "POST", buffer, "GetToken", "", "")
+		body, _, technicalError, businessError = authenticationObj.HttpClient.CallSecretSafeAPI(endpointUrl, "POST", buffer, "GetToken", "", "", "application/json")
 		return technicalError
 	}, authenticationObj.ExponentialBackOff)
 
@@ -144,7 +144,7 @@ func (authenticationObj *AuthenticationObj) SignAppin(endpointUrl string, access
 	var scode int
 
 	err := backoff.Retry(func() error {
-		body, scode, technicalError, businessError = authenticationObj.HttpClient.CallSecretSafeAPI(endpointUrl, "POST", bytes.Buffer{}, "SignAppin", accessToken, apiKey)
+		body, scode, technicalError, businessError = authenticationObj.HttpClient.CallSecretSafeAPI(endpointUrl, "POST", bytes.Buffer{}, "SignAppin", accessToken, apiKey, "application/json")
 		if scode == 0 {
 			return nil
 		}
@@ -189,7 +189,7 @@ func (authenticationObj *AuthenticationObj) SignOut() error {
 	var body io.ReadCloser
 
 	technicalError = backoff.Retry(func() error {
-		body, _, technicalError, businessError = authenticationObj.HttpClient.CallSecretSafeAPI(authenticationObj.ApiUrl.JoinPath("Auth/Signout").String(), "POST", bytes.Buffer{}, "SignOut", "", "")
+		body, _, technicalError, businessError = authenticationObj.HttpClient.CallSecretSafeAPI(authenticationObj.ApiUrl.JoinPath("Auth/Signout").String(), "POST", bytes.Buffer{}, "SignOut", "", "", "application/json")
 		return technicalError
 	}, authenticationObj.ExponentialBackOff)
 

diff --git a/api/entities/entities.go b/api/entities/entities.go
@@ -2,6 +2,10 @@
 // Package entities implements DTO's used by Beyondtrust Secret Safe API.
 package entities
 
+import (
+	"github.com/google/uuid"
+)
+
 // SignApinResponse responsbile for API sign in information.
 type SignApinResponse struct {
 	UserId       int    `json:"UserId"`
@@ -82,3 +86,65 @@ type AccountDetails struct {
 	ChangeSComFlag                    bool   `validate:"omitempty"`
 	ObjectID                          string `validate:"omitempty,max=36"`
 }
+
+type FolderResponse struct {
+	Id          string
+	Name        string
+	Description string
+}
+
+type CreateSecretResponse struct {
+	Id          string
+	Title       string
+	Description string
+	FolderId    string
+}
+
+type SecretCredentialDetails struct {
+	Title          string         `json:",omitempty" validate:"required"`
+	Description    string         `json:",omitempty" validate:"omitempty,max=256"`
+	Username       string         `json:",omitempty" validate:"required"`
+	Password       string         `json:",omitempty" validate:"max=256,required_without=PasswordRuleID"`
+	OwnerId        int            `json:",omitempty" validate:"required_if=OwnerType Group"`
+	OwnerType      string         `json:",omitempty" validate:"required,oneof=User Group"`
+	Owners         []OwnerDetails `json:",omitempty" validate:"required_if=OwnerType User"`
+	Notes          string         `json:",omitempty" validate:"omitempty,max=4000"`
+	Urls           []UrlDetails   `json:",omitempty" validate:"omitempty"`
+	PasswordRuleID int            `json:",omitempty" validate:"omitempty"`
+}
+
+type SecretTextDetails struct {
+	Title       string         `json:",omitempty" validate:"required,max=256"`
+	Description string         `json:",omitempty" validate:"omitempty,max=256"`
+	Text        string         `json:",omitempty" validate:"required,max=4096"`
+	OwnerId     int            `json:",omitempty" validate:"required_if=OwnerType Group"`
+	OwnerType   string         `json:",omitempty" validate:"required,oneof=User Group"`
+	Owners      []OwnerDetails `json:",omitempty" validate:"required_if=OwnerType User"`
+	Notes       string         `json:",omitempty" validate:"omitempty,max=4000"`
+	FolderId    uuid.UUID      `json:",omitempty" validate:"omitempty"`
+	Urls        []UrlDetails   `json:",omitempty" validate:"omitempty"`
+}
+
+type SecretFileDetails struct {
+	Title       string         `json:",omitempty" validate:"required,max=256"`
+	Description string         `json:",omitempty" validate:"omitempty,max=256"`
+	OwnerId     int            `json:",omitempty" validate:"required_if=OwnerType Group"`
+	OwnerType   string         `json:",omitempty" validate:"required,oneof=User Group"`
+	Owners      []OwnerDetails `json:",omitempty" validate:"required_if=OwnerType User"`
+	Notes       string         `json:",omitempty" validate:"omitempty,max=4000"`
+	FileName    string         `json:",omitempty" validate:"required,max=256"`
+	FileContent string         `json:",omitempty" validate:"required,max=256"`
+	Urls        []UrlDetails   `json:",omitempty" validate:"omitempty"`
+}
+
+type OwnerDetails struct {
+	OwnerId int    `json:",omitempty" validate:"required,min=1,max=2147483647"`
+	Owner   string `json:",omitempty" validate:"omitempty"`
+	Email   string `json:",omitempty" validate:"omitempty"`
+}
+
+type UrlDetails struct {
+	Id           uuid.UUID `json:",omitempty" validate:"omitempty,uuid"`
+	CredentialId uuid.UUID `json:",omitempty" validate:"omitempty,uuid"`
+	Url          string    `json:",omitempty" validate:"required,max=2048,url"`
+}
diff --git a/api/managed_account/managed_account.go b/api/managed_account/managed_account.go
@@ -116,7 +116,7 @@ func (managedAccountObj *ManagedAccountstObj) ManagedAccountGet(systemName strin
 	var businessError error
 
 	technicalError = backoff.Retry(func() error {
-		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "GET", bytes.Buffer{}, "ManagedAccountGet", "", "")
+		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "GET", bytes.Buffer{}, "ManagedAccountGet", "", "", "application/json")
 		if technicalError != nil {
 			return technicalError
 		}
@@ -163,7 +163,7 @@ func (managedAccountObj *ManagedAccountstObj) ManagedAccountCreateRequest(system
 	var businessError error
 
 	technicalError = backoff.Retry(func() error {
-		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "POST", *b, "ManagedAccountCreateRequest", "", "")
+		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "POST", *b, "ManagedAccountCreateRequest", "", "", "application/json")
 		return technicalError
 	}, managedAccountObj.authenticationObj.ExponentialBackOff)
 
@@ -199,7 +199,7 @@ func (managedAccountObj *ManagedAccountstObj) CredentialByRequestId(requestId st
 	var businessError error
 
 	technicalError = backoff.Retry(func() error {
-		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "GET", bytes.Buffer{}, "CredentialByRequestId", "", "")
+		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "GET", bytes.Buffer{}, "CredentialByRequestId", "", "", "application/json")
 		return technicalError
 	}, managedAccountObj.authenticationObj.ExponentialBackOff)
 
@@ -235,7 +235,7 @@ func (managedAccountObj *ManagedAccountstObj) ManagedAccountRequestCheckIn(reque
 	var businessError error
 
 	technicalError = backoff.Retry(func() error {
-		_, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "PUT", *b, "ManagedAccountRequestCheckIn", "", "")
+		_, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "PUT", *b, "ManagedAccountRequestCheckIn", "", "", "application/json")
 		return technicalError
 	}, managedAccountObj.authenticationObj.ExponentialBackOff)
 
@@ -310,7 +310,7 @@ func (managedAccountObj *ManagedAccountstObj) ManagedAccountCreateManagedAccount
 	var businessError error
 
 	technicalError = backoff.Retry(func() error {
-		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "POST", *b, "ManagedAccountCreateManagedAccount", "", "")
+		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "POST", *b, "ManagedAccountCreateManagedAccount", "", "", "application/json")
 		return technicalError
 	}, managedAccountObj.authenticationObj.ExponentialBackOff)
 
@@ -352,7 +352,7 @@ func (managedAccountObj *ManagedAccountstObj) ManagedSystemGetSystems(url string
 	var businessError error
 
 	technicalError = backoff.Retry(func() error {
-		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "GET", bytes.Buffer{}, "ManagedSystemGetSystems", "", "")
+		body, _, technicalError, businessError = managedAccountObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "GET", bytes.Buffer{}, "ManagedSystemGetSystems", "", "", "application/json")
 		if technicalError != nil {
 			return technicalError
 		}