ASM-4587-Terraform-for-Tokenization (#55)

* checked and tested * version
akeyless-community · Nov 28, 2022 · 5c79052 · 5c79052
1 parent 272f8f4
commit 5c79052
Show file tree

Hide file tree

Showing 9 changed files with 874 additions and 15 deletions.
diff --git a/akeyless/data_source_detokenize.go b/akeyless/data_source_detokenize.go
@@ -0,0 +1,81 @@
+package akeyless
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/akeylesslabs/akeyless-go/v2"
+	"github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceDetokenize() *schema.Resource {
+	return &schema.Resource{
+		Description: "Decrypts text with a tokenizer data source",
+		Read:        dataSourceDetokenizeRead,
+		Schema: map[string]*schema.Schema{
+			"tokenizer_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The name of the tokenizer to use in the decryption process",
+			},
+			"ciphertext": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Data to be decrypted",
+			},
+			"tweak": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "Base64 encoded tweak for vaultless encryption",
+			},
+			"result": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "",
+			},
+		},
+	}
+}
+
+func dataSourceDetokenizeRead(d *schema.ResourceData, m interface{}) error {
+	provider := m.(providerMeta)
+	client := *provider.client
+	token := *provider.token
+
+	var apiErr akeyless.GenericOpenAPIError
+	ctx := context.Background()
+	tokenizerName := d.Get("tokenizer_name").(string)
+	ciphertext := d.Get("ciphertext").(string)
+	tweak := d.Get("tweak").(string)
+
+	body := akeyless.Detokenize{
+		TokenizerName: tokenizerName,
+		Ciphertext:    ciphertext,
+		Token:         &token,
+	}
+	common.GetAkeylessPtr(&body.Tweak, tweak)
+
+	rOut, res, err := client.Detokenize(ctx).Body(body).Execute()
+	if err != nil {
+		if errors.As(err, &apiErr) {
+			if res.StatusCode == http.StatusNotFound {
+				// The resource was deleted outside of the current Terraform workspace, so invalidate this resource
+				d.SetId("")
+				return nil
+			}
+			return fmt.Errorf("can't detokenize: %v", string(apiErr.Body()))
+		}
+		return fmt.Errorf("can't detokenize: %v", err)
+	}
+	err = d.Set("result", *rOut.Result)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(tokenizerName)
+	return nil
+}
diff --git a/akeyless/data_source_tokenize.go b/akeyless/data_source_tokenize.go
@@ -0,0 +1,87 @@
+package akeyless
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/akeylesslabs/akeyless-go/v2"
+	"github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceTokenize() *schema.Resource {
+	return &schema.Resource{
+		Description: "Encrypts text with a tokenizer data source",
+		Read:        dataSourceTokenizeRead,
+		Schema: map[string]*schema.Schema{
+			"tokenizer_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The name of the tokenizer to use in the encryption process",
+			},
+			"plaintext": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Data to be encrypted",
+			},
+			"tweak": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "Base64 encoded tweak for vaultless encryption",
+			},
+			"result": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "",
+			},
+		},
+	}
+}
+
+func dataSourceTokenizeRead(d *schema.ResourceData, m interface{}) error {
+	provider := m.(providerMeta)
+	client := *provider.client
+	token := *provider.token
+
+	var apiErr akeyless.GenericOpenAPIError
+	ctx := context.Background()
+	tokenizerName := d.Get("tokenizer_name").(string)
+	plaintext := d.Get("plaintext").(string)
+	tweak := d.Get("tweak").(string)
+
+	body := akeyless.Tokenize{
+		TokenizerName: tokenizerName,
+		Plaintext:     plaintext,
+		Token:         &token,
+	}
+	common.GetAkeylessPtr(&body.Tweak, tweak)
+
+	rOut, res, err := client.Tokenize(ctx).Body(body).Execute()
+	if err != nil {
+		if errors.As(err, &apiErr) {
+			if res.StatusCode == http.StatusNotFound {
+				// The resource was deleted outside of the current Terraform workspace, so invalidate this resource
+				d.SetId("")
+				return nil
+			}
+			return fmt.Errorf("can't tokenize: %v", string(apiErr.Body()))
+		}
+		return fmt.Errorf("can't tokenize: %v", err)
+	}
+	err = d.Set("result", *rOut.Result)
+	if err != nil {
+		return err
+	}
+	if rOut.Tweak != nil {
+		err = d.Set("tweak", *rOut.Tweak)
+		if err != nil {
+			return err
+		}
+	}
+
+	d.SetId(tokenizerName)
+	return nil
+}
diff --git a/akeyless/provider.go b/akeyless/provider.go
@@ -169,6 +169,7 @@ func Provider() *schema.Provider {
 			"akeyless_target_ssh":                     resourceSSHTarget(),
 			"akeyless_k8s_auth_config":                resourceK8sAuthConfig(),
 			"akeyless_associate_role_auth_method":     resourceAssocRoleAm(),
+			"akeyless_tokenizer":                      resourceTokenizer(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"akeyless_static_secret":      dataSourceStaticSecret(),
@@ -184,6 +185,8 @@ func Provider() *schema.Provider {
 			"akeyless_tags":               dataSourceGetTags(),
 			"akeyless_target_details":     dataSourceGetTargetDetails(),
 			"akeyless_target":             dataSourceGetTarget(),
+			"akeyless_tokenize":           dataSourceTokenize(),
+			"akeyless_detokenize":         dataSourceDetokenize(),
 		},
 	}
 }

diff --git a/akeyless/resource_item_test.go b/akeyless/resource_item_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/akeylesslabs/terraform-provider-akeyless/akeyless/common"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/stretchr/testify/require"
 )
 
 func TestDfcKeyRsaResource(t *testing.T) {
@@ -79,7 +80,7 @@ func TestDfcKeyResource(t *testing.T) {
 func TestPkiResource(t *testing.T) {
 	name := "test_pki"
 	itemPath := testPath("path_pki")
-	deleteKey("terraform-tests/test_pki_key")
+	deleteItem(t, "terraform-tests/test_pki_key")
 
 	config := fmt.Sprintf(`
 		resource "akeyless_dfc_key" "key" {
@@ -126,7 +127,7 @@ func TestPkiResource(t *testing.T) {
 func TestSshCertResource(t *testing.T) {
 	name := "test_ssh"
 	itemPath := testPath("path_ssh")
-	deleteKey("/terraform-tests/test_ssh_key")
+	deleteItem(t, "/terraform-tests/test_ssh_key")
 
 	config := fmt.Sprintf(`
 		resource "akeyless_dfc_key" "key_ssh" {
@@ -179,12 +180,10 @@ func TestSshCertResource(t *testing.T) {
 	tesItemResource(t, config, configUpdate, itemPath)
 }
 
-func deleteKey(path string) error {
+func deleteItem(t *testing.T, path string) {
 
 	p, err := getProviderMeta()
-	if err != nil {
-		panic(err)
-	}
+	require.NoError(t, err)
 
 	client := p.client
 	token := *p.token
@@ -196,13 +195,7 @@ func deleteKey(path string) error {
 		Token:             &token,
 	}
 
-	_, _, err = client.DeleteItem(context.Background()).Body(gsvBody).Execute()
-	if err != nil {
-		fmt.Println("error delete key:", err)
-		return err
-	}
-	fmt.Println("deleted", path)
-	return nil
+	client.DeleteItem(context.Background()).Body(gsvBody).Execute()
 }
 
 func deleteFunc() {

diff --git a/akeyless/resource_static_secret_test.go b/akeyless/resource_static_secret_test.go
@@ -13,7 +13,7 @@ import (
 func TestStaticResource(t *testing.T) {
 	secretName := "test_secret"
 	secretPath := testPath("path_secret")
-	deleteKey(secretPath)
+	deleteItem(t, secretPath)
 
 	config := fmt.Sprintf(`
 		resource "akeyless_static_secret" "%v" {