Merge pull request #6 from barryib/tba/add-tls-support

Add TLS support and description argument

.gitignore

@@ -0,0 +1,39 @@
+.DS_Store
+
+terraform-provider-ldap*
+bin
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+terraform

docs/index.md

@@ -30,4 +30,6 @@ provider "ldap" {
 * `port` - (Required) LDAP port.
 * `bind_user` - (Required) LDAP bind user.
 * `bind_password` - (Required) LDAP bind password.
-* `tls` - (Optional) Enable TLS. Defaults to `false`.
+* `tls` - (Optional) Enable the TLS encryption for LDAP (LDAPS). Default, is `false`.
+* `tls_ca_certificate` - (Optional) The TLS CA certificate to trust for the LDAPS connection.
+* `tls_insecure` - (Optional) Don't verify the server TLS certificate. Default is `false`.

docs/resources/group.md

@@ -6,9 +6,10 @@
 
 ```hcl
 resource "ldap_group" "group" {
-  ou      = "OU=MyOU,DC=domain,DC=tld"
-  name    = "MyGroup"
-  members = ["CN=MyUser,OU=MyOU,DC=domain,DC=tld"]
+  ou          = "OU=MyOU,DC=domain,DC=tld"
+  name        = "MyGroup"
+  members     = ["CN=MyUser,OU=MyOU,DC=domain,DC=tld"]
+  description = "My group description"
 }
 ```
 
@@ -17,7 +18,8 @@ resource "ldap_group" "group" {
 * `ou` - (Required) OU where LDAP group will be created.
 * `name` - (Required) LDAP group name.
 * `members` - (Optional) LDAP group members.
+* `description` - (Optional) Description attribute for the LDAP group.
 
 ## Attribute Reference
 
-* `id` - LDAP group DN.
+* `id` - LDAP group DN.

go.mod

@@ -3,7 +3,7 @@ module github.com/Ouest-France/terraform-provider-ldap
 go 1.13
 
 require (
-	github.com/Ouest-France/goldap v0.1.0
-	github.com/go-ldap/ldap/v3 v3.1.3
+	github.com/Ouest-France/goldap v0.3.0
+	github.com/go-ldap/ldap/v3 v3.2.3
 	github.com/hashicorp/terraform v0.13.0
 )

ldap/provider.go

@@ -32,7 +32,18 @@ func Provider() *schema.Provider {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Default:     false,
-				Description: "Disable TLS Verify",
+				Description: "Enable the TLS encryption for LDAP (LDAPS). Default, is `false`.",
+			},
+			"tls_ca_certificate": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The TLS CA certificate to trust for the LDAPS connection.",
+			},
+			"tls_insecure": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Don't verify the server TLS certificate. Default is `false`.",
 			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
@@ -50,6 +61,8 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		BindUser:     d.Get("bind_user").(string),
 		BindPassword: d.Get("bind_password").(string),
 		TLS:          d.Get("tls").(bool),
+		TLSCACert:    d.Get("tls_ca_certificate").(string),
+		TLSInsecure:  d.Get("tls_insecure").(bool),
 	}
 
 	err := client.Connect()

ldap/resource_ldap_group.go

@@ -12,6 +12,7 @@ func resourceLDAPGroup() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceLDAPGroupCreate,
 		Read:   resourceLDAPGroupRead,
+		Update: resourceLDAPGroupUpdate,
 		Delete: resourceLDAPGroupDelete,
 
 		Schema: map[string]*schema.Schema{
@@ -25,6 +26,10 @@ func resourceLDAPGroup() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"description": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"members": &schema.Schema{
 				Type:     schema.TypeSet,
 				Optional: true,
@@ -48,7 +53,7 @@ func resourceLDAPGroupCreate(d *schema.ResourceData, m interface{}) error {
 		members = append(members, member.(string))
 	}
 
-	err := client.CreateGroup(dn, d.Get("name").(string), members)
+	err := client.CreateGroup(dn, d.Get("name").(string), d.Get("description").(string), members)
 	if err != nil {
 		return err
 	}
@@ -71,9 +76,16 @@ func resourceLDAPGroupRead(d *schema.ResourceData, m interface{}) error {
 		}
 	}
 
+	desc := ""
+	if val, ok := attributes["description"]; ok {
+		desc = val[0]
+	}
+	if err := d.Set("description", desc); err != nil {
+		return err
+	}
+
 	members := []string{}
 	for name, values := range attributes {
-
 		if name == "member" && len(values) >= 1 {
 			members = append(members, values...)
 		}
@@ -83,6 +95,17 @@ func resourceLDAPGroupRead(d *schema.ResourceData, m interface{}) error {
 	return err
 }
 
+func resourceLDAPGroupUpdate(d *schema.ResourceData, m interface{}) error {
+	client := m.(*goldap.Client)
+	dn := fmt.Sprintf("CN=%s,%s", d.Get("name").(string), d.Get("ou").(string))
+
+	if err := client.UpdateGroup(dn, d.Get("name").(string), d.Get("description").(string)); err != nil {
+		return err
+	}
+
+	return resourceLDAPGroupRead(d, m)
+}
+
 func resourceLDAPGroupDelete(d *schema.ResourceData, m interface{}) error {
 	client := m.(*goldap.Client)
 

main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"github.com/Ouest-France/terraform-provider-ldap/ldap"
-
 	"github.com/hashicorp/terraform/plugin"
 	"github.com/hashicorp/terraform/terraform"
 )