Merge pull request #619 from xuzhang3/f/se_fabric_certificate_validate

[Bug fix] - azuredevops_serviceendpoint_servicefabric -Remove sensitive data hash
author: xuzhang3 <57888764+xuzhang3@users.noreply.github.com> 2022-07-13 15:22:57 +0800
committer: GitHub <noreply@github.com> 2022-07-13 15:22:57 +0800
commit: 210773a02659ca1efe16c07e804e0acdedb91a86 (patch)
tree: b7c3277d2b7c5e3e78c8d3a1c9f7b82575a19920
parent: c74ab6c4286356111af9a01ea2296ee02db9dcb6 (diff)
parent: 04ce9b7a3a6a59d71a50addfb6ba5aaf8fcc00d3 (diff)
2 files changed, 41 insertions, 50 deletions
diff --git a/azuredevops/internal/acceptancetests/resource_serviceendpoint_servicefabric_test.go b/azuredevops/internal/acceptancetests/resource_serviceendpoint_servicefabric_test.go
index 0ccf5753..bc5f8da5 100644
--- a/azuredevops/internal/acceptancetests/resource_serviceendpoint_servicefabric_test.go
+++ b/azuredevops/internal/acceptancetests/resource_serviceendpoint_servicefabric_test.go
@@ -32,10 +32,8 @@ func TestAccServiceEndpointServiceFabric_CertificateCreateAndUpdate(t *testing.T
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "cluster_endpoint"),
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "certificate.0.server_certificate_lookup"),
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "certificate.0.server_certificate_thumbprint"),
-					resource.TestCheckResourceAttrSet(tfSvcEpNode, "certificate.0.client_certificate_hash"),
-					resource.TestCheckResourceAttrSet(tfSvcEpNode, "certificate.0.client_certificate_password_hash"),
-					resource.TestCheckResourceAttr(tfSvcEpNode, "certificate.0.client_certificate", ""),
-					resource.TestCheckResourceAttr(tfSvcEpNode, "certificate.0.client_certificate_password", ""),
+					resource.TestCheckResourceAttr(tfSvcEpNode, "certificate.0.client_certificate", "test"),
+					resource.TestCheckResourceAttr(tfSvcEpNode, "certificate.0.client_certificate_password", "test"),
 					resource.TestCheckResourceAttr(tfSvcEpNode, "service_endpoint_name", serviceEndpointNameFirst),
 					testutils.CheckServiceEndpointExistsWithName(tfSvcEpNode, serviceEndpointNameFirst),
 				),
@@ -47,10 +45,8 @@ func TestAccServiceEndpointServiceFabric_CertificateCreateAndUpdate(t *testing.T
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "cluster_endpoint"),
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "certificate.0.server_certificate_lookup"),
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "certificate.0.server_certificate_thumbprint"),
-					resource.TestCheckResourceAttrSet(tfSvcEpNode, "certificate.0.client_certificate_hash"),
-					resource.TestCheckResourceAttrSet(tfSvcEpNode, "certificate.0.client_certificate_password_hash"),
-					resource.TestCheckResourceAttr(tfSvcEpNode, "certificate.0.client_certificate", ""),
-					resource.TestCheckResourceAttr(tfSvcEpNode, "certificate.0.client_certificate_password", ""),
+					resource.TestCheckResourceAttr(tfSvcEpNode, "certificate.0.client_certificate", "test"),
+					resource.TestCheckResourceAttr(tfSvcEpNode, "certificate.0.client_certificate_password", "test"),
 					resource.TestCheckResourceAttr(tfSvcEpNode, "service_endpoint_name", serviceEndpointNameSecond),
 					testutils.CheckServiceEndpointExistsWithName(tfSvcEpNode, serviceEndpointNameSecond),
 				),
@@ -78,9 +74,8 @@ func TestAccServiceEndpointServiceFabric_UsernamePasswordCreateAndUpdate(t *test
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "cluster_endpoint"),
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "azure_active_directory.0.server_certificate_lookup"),
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "azure_active_directory.0.server_certificate_thumbprint"),
-					resource.TestCheckResourceAttrSet(tfSvcEpNode, "azure_active_directory.0.password_hash"),
 					resource.TestCheckResourceAttr(tfSvcEpNode, "azure_active_directory.0.username", "test"),
-					resource.TestCheckResourceAttr(tfSvcEpNode, "azure_active_directory.0.password", ""),
+					resource.TestCheckResourceAttr(tfSvcEpNode, "azure_active_directory.0.password", "test"),
 					resource.TestCheckResourceAttr(tfSvcEpNode, "service_endpoint_name", serviceEndpointNameFirst),
 					testutils.CheckServiceEndpointExistsWithName(tfSvcEpNode, serviceEndpointNameFirst),
 				),
@@ -92,9 +87,8 @@ func TestAccServiceEndpointServiceFabric_UsernamePasswordCreateAndUpdate(t *test
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "cluster_endpoint"),
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "azure_active_directory.0.server_certificate_lookup"),
 					resource.TestCheckResourceAttrSet(tfSvcEpNode, "azure_active_directory.0.server_certificate_thumbprint"),
-					resource.TestCheckResourceAttrSet(tfSvcEpNode, "azure_active_directory.0.password_hash"),
 					resource.TestCheckResourceAttr(tfSvcEpNode, "azure_active_directory.0.username", "test"),
-					resource.TestCheckResourceAttr(tfSvcEpNode, "azure_active_directory.0.password", ""),
+					resource.TestCheckResourceAttr(tfSvcEpNode, "azure_active_directory.0.password", "test"),
 					resource.TestCheckResourceAttr(tfSvcEpNode, "service_endpoint_name", serviceEndpointNameSecond),
 					testutils.CheckServiceEndpointExistsWithName(tfSvcEpNode, serviceEndpointNameSecond),
 				),
diff --git a/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_servicefabric.go b/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_servicefabric.go
index d618bdf9..ac4a4a65 100644
--- a/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_servicefabric.go
+++ b/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_servicefabric.go
@@ -9,7 +9,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/microsoft/azure-devops-go-api/azuredevops/v6/serviceendpoint"
 	"github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/utils/converter"
-	"github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/utils/tfhelper"
 )
 
 const (
@@ -28,8 +27,6 @@ func ResourceServiceEndpointServiceFabric() *schema.Resource {
 		Description: "Client connection endpoint for the cluster. Prefix the value with 'tcp://';. This value overrides the publish profile.",
 	}
 
-	secretHashKeyClientCertificate, secretHashSchemaClientCertificate := tfhelper.GenerateSecreteMemoSchema("client_certificate")
-	secretHashKeyClientCertificatePassword, secretHashSchemaClientCertificatePassword := tfhelper.GenerateSecreteMemoSchema("client_certificate_password")
 	r.Schema[resourceBlockServiceFabricCertificate] = &schema.Schema{
 		Type:     schema.TypeList,
 		Optional: true,
@@ -40,29 +37,24 @@ func ResourceServiceEndpointServiceFabric() *schema.Resource {
 				"server_certificate_thumbprint":  servicefabricServerCertificateThumbprintSchema(resourceBlockServiceFabricCertificate),
 				"server_certificate_common_name": servicefabricServerCertificateCommonNameSchema(resourceBlockServiceFabricCertificate),
 				"client_certificate": {
-					Type:             schema.TypeString,
-					Required:         true,
-					Description:      "Base64 encoding of the cluster's client certificate file.",
-					Sensitive:        true,
-					ValidateFunc:     validation.StringIsNotEmpty,
-					DiffSuppressFunc: tfhelper.DiffFuncSuppressSecretChanged,
+					Type:         schema.TypeString,
+					Required:     true,
+					Description:  "Base64 encoding of the cluster's client certificate file.",
+					Sensitive:    true,
+					ValidateFunc: validation.StringIsNotEmpty,
 				},
 				"client_certificate_password": {
-					Type:             schema.TypeString,
-					Optional:         true,
-					Description:      "Password for the certificate.",
-					Sensitive:        true,
-					ValidateFunc:     validation.StringIsNotEmpty,
-					DiffSuppressFunc: tfhelper.DiffFuncSuppressSecretChanged,
+					Type:         schema.TypeString,
+					Optional:     true,
+					Description:  "Password for the certificate.",
+					Sensitive:    true,
+					ValidateFunc: validation.StringIsNotEmpty,
 				},
-				secretHashKeyClientCertificate:         secretHashSchemaClientCertificate,
-				secretHashKeyClientCertificatePassword: secretHashSchemaClientCertificatePassword,
 			},
 		},
 		ConflictsWith: []string{resourceBlockServiceFabricAzureActiveDirectory, resourceBlockServiceFabricNone},
 	}
 
-	secretHashKeyPassword, secretHashSchemaPassword := tfhelper.GenerateSecreteMemoSchema("password")
 	r.Schema[resourceBlockServiceFabricAzureActiveDirectory] = &schema.Schema{
 		Type:     schema.TypeList,
 		Optional: true,
@@ -79,14 +71,12 @@ func ResourceServiceEndpointServiceFabric() *schema.Resource {
 					Description:  "Specify an Azure Active Directory account.",
 				},
 				"password": {
-					Type:             schema.TypeString,
-					Required:         true,
-					Description:      "Password for the Azure Active Directory account.",
-					Sensitive:        true,
-					ValidateFunc:     validation.StringIsNotEmpty,
-					DiffSuppressFunc: tfhelper.DiffFuncSuppressSecretChanged,
+					Type:         schema.TypeString,
+					Required:     true,
+					Description:  "Password for the Azure Active Directory account.",
+					Sensitive:    true,
+					ValidateFunc: validation.StringIsNotEmpty,
 				},
-				secretHashKeyPassword: secretHashSchemaPassword,
 			},
 		},
 		ConflictsWith: []string{resourceBlockServiceFabricCertificate, resourceBlockServiceFabricNone},
@@ -211,20 +201,30 @@ func expandServiceEndpointServiceFabricServerCertificateLookup(configuration map
 	return parameters
 }
 
-func flattenServiceFabricCertificate(serviceEndpoint *serviceendpoint.ServiceEndpoint, hashKeyClientCertificate string, hashValueClientCertificate string, hashKeyClientCertificatePassword string, hashValueClientCertificatePassword string) interface{} {
+func flattenServiceFabricCertificate(d *schema.ResourceData, serviceEndpoint *serviceendpoint.ServiceEndpoint) interface{} {
 	result := flattenServiceEndpointServiceFabricServerCertificateLookup(serviceEndpoint)
-	result[0]["client_certificate"] = (*serviceEndpoint.Authorization.Parameters)["certificate"]
-	result[0]["client_certificate_password"] = (*serviceEndpoint.Authorization.Parameters)["certificatepassword"]
-	result[0][hashKeyClientCertificate] = hashValueClientCertificate
-	result[0][hashKeyClientCertificatePassword] = hashValueClientCertificatePassword
+	if certificate, ok := d.GetOk(resourceBlockServiceFabricCertificate); ok {
+		configuration := certificate.([]interface{})[0].(map[string]interface{})
+		if v, ok := configuration["client_certificate"]; ok {
+			result[0]["client_certificate"] = v.(string)
+		}
+		if v, ok := configuration["client_certificate_password"]; ok {
+			result[0]["client_certificate_password"] = v.(string)
+		}
+	}
+
 	return result
 }
 
-func flattenServiceFabricAzureActiveDirectory(serviceEndpoint *serviceendpoint.ServiceEndpoint, hashKeyPassword string, hashValuePassword string) interface{} {
+func flattenServiceFabricAzureActiveDirectory(d *schema.ResourceData, serviceEndpoint *serviceendpoint.ServiceEndpoint) interface{} {
 	result := flattenServiceEndpointServiceFabricServerCertificateLookup(serviceEndpoint)
 	result[0]["username"] = (*serviceEndpoint.Authorization.Parameters)["username"]
-	result[0]["password"] = (*serviceEndpoint.Authorization.Parameters)["password"]
-	result[0][hashKeyPassword] = hashValuePassword
+	if azureActiveDirectory, ok := d.GetOk(resourceBlockServiceFabricAzureActiveDirectory); ok {
+		configuration := azureActiveDirectory.([]interface{})[0].(map[string]interface{})
+		if v, ok := configuration["password"]; ok {
+			result[0]["password"] = v.(string)
+		}
+	}
 	return result
 }
 
@@ -260,13 +260,10 @@ func flattenServiceEndpointServiceFabric(d *schema.ResourceData, serviceEndpoint
 
 	switch *serviceEndpoint.Authorization.Scheme {
 	case "Certificate":
-		newHashClientCertificate, hashKeyClientCertificate := tfhelper.HelpFlattenSecretNested(d, resourceBlockServiceFabricCertificate, d.Get("certificate.0").(map[string]interface{}), "client_certificate")
-		newHashClientCertificatePassword, hashKeyClientCertificatePassword := tfhelper.HelpFlattenSecretNested(d, "certificate", d.Get("certificate.0").(map[string]interface{}), "client_certificate_password")
-		certificate := flattenServiceFabricCertificate(serviceEndpoint, hashKeyClientCertificate, newHashClientCertificate, hashKeyClientCertificatePassword, newHashClientCertificatePassword)
+		certificate := flattenServiceFabricCertificate(d, serviceEndpoint)
 		d.Set(resourceBlockServiceFabricCertificate, certificate)
 	case "UsernamePassword":
-		newHashPassword, hashKeyPassword := tfhelper.HelpFlattenSecretNested(d, resourceBlockServiceFabricAzureActiveDirectory, d.Get("azure_active_directory.0").(map[string]interface{}), "password")
-		azureActiveDirectory := flattenServiceFabricAzureActiveDirectory(serviceEndpoint, hashKeyPassword, newHashPassword)
+		azureActiveDirectory := flattenServiceFabricAzureActiveDirectory(d, serviceEndpoint)
 		d.Set(resourceBlockServiceFabricAzureActiveDirectory, azureActiveDirectory)
 	case "None":
 		none := flattenServiceFabricNone(serviceEndpoint)
author	xuzhang3 <57888764+xuzhang3@users.noreply.github.com>	2022-07-13 15:22:57 +0800
committer	GitHub <noreply@github.com>	2022-07-13 15:22:57 +0800
commit	210773a02659ca1efe16c07e804e0acdedb91a86 (patch)
tree	b7c3277d2b7c5e3e78c8d3a1c9f7b82575a19920
parent	c74ab6c4286356111af9a01ea2296ee02db9dcb6 (diff)
parent	04ce9b7a3a6a59d71a50addfb6ba5aaf8fcc00d3 (diff)