Merge pull request #35 from iwarapter/fix/import-cleanup

ensure import tests are working, docs update

.github/workflows/build.yaml

@@ -4,6 +4,8 @@ jobs:
   build:
     name: build
     runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
     steps:
 
     - name: Set up Go 1.14
@@ -12,28 +14,8 @@ jobs:
         go-version: 1.14
       id: go
 
-    - name: Install tools
-      run: |
-        export PATH=$PATH:$(go env GOPATH)/bin
-        go get -u honnef.co/go/tools/cmd/staticcheck
-
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v1
-
-    - name: Staticcheck
-      run: |
-        export PATH=$PATH:$(go env GOPATH)/bin
-        staticcheck ./...
-
-    - name: Check dependencies
-      run: |
-        go mod tidy
-        git diff --exit-code -- go.mod go.sum || \
-        	(echo; echo "Unexpected difference in go.mod/go.sum files. Run 'go mod tidy' command or revert any go.mod/go.sum changes and commit."; exit 1)
-        echo "==> Checking source code with go mod vendor..."
-        go mod vendor
-        git diff --compact-summary --exit-code -- vendor || \
-        	(echo; echo "Unexpected difference in vendor/ directory. Run 'go mod vendor' command or revert any go.mod/go.sum/vendor changes and commit."; exit 1)
+    - name: Checkout Source
+      uses: actions/checkout@v2
 
     - name: Test
       env:

.github/workflows/checks.yaml

@@ -0,0 +1,36 @@
+name: checks
+on:  [push, pull_request]
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+
+      - name: Install tools
+        run: |
+          export PATH=$PATH:$(go env GOPATH)/bin
+          go get -u honnef.co/go/tools/cmd/staticcheck
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v1
+
+      - name: Staticcheck
+        run: |
+          export PATH=$PATH:$(go env GOPATH)/bin
+          staticcheck ./...
+
+      - name: Check dependencies
+        run: |
+          go mod tidy
+          git diff --exit-code -- go.mod go.sum || \
+            (echo; echo "Unexpected difference in go.mod/go.sum files. Run 'go mod tidy' command or revert any go.mod/go.sum changes and commit."; exit 1)
+          echo "==> Checking source code with go mod vendor..."
+          go mod vendor
+          git diff --compact-summary --exit-code -- vendor || \
+            (echo; echo "Unexpected difference in vendor/ directory. Run 'go mod vendor' command or revert any go.mod/go.sum/vendor changes and commit."; exit 1)
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: ./...

.gitignore

@@ -14,3 +14,4 @@ pingaccess.lic
 site/
 pingaccess/test_cases/ca/*
 build/
+tmp/

CHANGELOG.md

@@ -1,4 +1,28 @@
-## 0.4.0 Unreleased
+## 0.6.0 (Unreleased)
+
+NOTES:
+
+* This release is built for PingAccess 6.x and uses the SDK for that version, whilst the API remains mostly the same backwards compatibility with PingAccess 5.x is not being maintained.
+
+BUG FIXES:
+
+* Add configuration validation for the provider block for any initial connection issues.
+* Fix issues with importing resources, additional test cases and documentation.
+* `resource/application_resource`: Fix issue with `path_patterns` attribute.
+
+## 0.5.0 (November 6, 2020)
+
+NOTES:
+
+* This release is built for PingAccess 6.x and uses the SDK for that version, whilst the API remains mostly the same backwards compatibility with PingAccess 5.x is not being maintained.
+* This is the first version available on the Terraform Registry https://registry.terraform.io/providers/iwarapter/pingaccess/latest
+
+FEATURES:
+
+* **New Data Source:** `pingaccess_keypair_csr`
+* **New Resource:** `pingaccess_keypair_csr`
+
+## 0.4.0 (April 20, 2020)
 
 NOTES:
 

Makefile

@@ -16,7 +16,7 @@ unit-test:
 	@go test -mod=vendor ./... -v -trimpath
 
 test-and-report:
-	TF_LOG=TRACE TF_LOG_PATH=./terraform.log TF_ACC=1 go test -mod=vendor ./... -v -trimpath -coverprofile=coverage.out -json | tee report.json
+	@TF_LOG=TRACE TF_LOG_PATH=./terraform.log TF_ACC=1 go test -mod=vendor ./... -v -trimpath -coverprofile=coverage.out -json | tee report.json
 
 build:
 	@go build -mod=vendor -o ${NAME} -trimpath .

README.md

@@ -1,7 +1,7 @@
 PingAccess Terraform Provider
 ==================
 
-- Website: https://iwarapter.github.io/terraform-provider-pingaccess/
+- Website: https://registry.terraform.io/providers/iwarapter/pingaccess/latest
 - [![Gitter](https://badges.gitter.im/iwarapter/terraform-provider-pingaccess.svg)](https://gitter.im/iwarapter/terraform-provider-pingaccess?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
   [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=github.conef.uk.iwarapter.terraform-provider-pingaccess&metric=coverage)](https://sonarcloud.io/dashboard?id=github.conef.uk.iwarapter.terraform-provider-pingaccess)
   [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=github.conef.uk.iwarapter.terraform-provider-pingaccess&metric=alert_status)](https://sonarcloud.io/dashboard?id=github.conef.uk.iwarapter.terraform-provider-pingaccess)
@@ -44,7 +44,8 @@ $ terraform-provider-pingaccess
 Using the Provider
 ----------------------
 
-To use a released provider in your Terraform environment, download the latest version from https://github.com/iwarapter/terraform-provider-pingaccess/releases and follow the instructions to [install it as a plugin.](https://www.terraform.io/docs/plugins/basics.html#installing-a-plugin) After placing it into your plugins directory,  run `terraform init` to initialize it.
+Please see the terraform registry docs for detailed usage documentation:
+https://registry.terraform.io/providers/iwarapter/pingaccess/latest/docs
 
 The provider is current tested against the following versions of PingAccess
 

docs/index.md

@@ -1,8 +1,35 @@
+# PingAccess Provider
+
 The PingAccess provider is used to interact with the many resources supported by the PingAccess admin API. The provider needs to be configured with the proper credentials before it can be used.
 
 Use the navigation to the left to read about the available resources.
 
 ## Example Usage
+Terraform 0.13 and later:
+```hcl
+# Configure the PingAccess Provider
+terraform {
+  required_providers {
+    pingaccess = {
+      source = "iwarapter/pingaccess"
+      version = "0.5.0"
+    }
+  }
+}
+
+provider "pingaccess" {
+  username = "Administrator"
+  password = "2Access"
+  base_url = "https://localhost:9000"
+  context  = "/pa-admin-api/v3"
+}
+
+# Create a site
+resource "pingaccess_site" "site" {
+  # ...
+}
+```
+Terraform 0.12 and earlier:
 ```hcl
 # Configure the PingAccess Provider
 provider "pingaccess" {
@@ -54,3 +81,22 @@ $ export PINGACCESS_CONTEXT="/pa-admin-api/v3"
 $ export PINGACCESS_BASEURL="https://myadmin.server:9000"
 $ terraform plan
 ```
+
+
+## Argument Reference
+
+In addition to [generic `provider` arguments](https://www.terraform.io/docs/configuration/providers.html)
+(e.g. `alias` and `version`), the following arguments are supported in the PingAccess
+ `provider` block:
+
+* `username` - (Required) This is the PingAccess administrative username. It must be provided, but
+  it can also be sourced from the `PINGACCESS_USERNAME` environment variable.
+
+* `password` - (Required) This is the PingAccess administrative password. It must be provided, but
+  it can also be sourced from the `PINGACCESS_PASSWORD` environment variable.
+
+* `base_url` - (Required) This is the PingAccess base url (protocol:server:port). It must be provided, but
+  it can also be sourced from the `PINGACCESS_BASEURL` environment variable.
+
+* `context` - (Optional) This is the PingAccess context path for the admin API, defaults to `/pf-admin-api/v1`
+and can be sourced from the `PINGACCESS_CONTEXT` environment variable.

docs/resources/pingaccess_application.md

@@ -78,5 +78,5 @@ In addition to all arguments above, the following attributes are exported:
 PingAccess applications can be imported using the id, e.g.
 
 ```bash
-$ terraform import pingaccess_application .demo_application  123
+$ terraform import pingaccess_application.demo_application 123
 ```

docs/resources/pingaccess_application_resource.md

@@ -83,8 +83,8 @@ In addition to all arguments above, the following attributes are exported:
 
 ## Import
 
-PingAccess applications can be imported using the id, e.g.
+PingAccess application resources can be imported using the application/resource id, e.g.
 
 ```bash
-$ terraform import pingaccess_application.demo_application 123
+$ terraform import pingaccess_application_resource.demo 1/5
 ```

docs/resources/pingaccess_auth_token_management.md

@@ -29,3 +29,13 @@ The following arguments are supported:
 ## Attributes Reference
 
 No additional attributes are provided.
+
+## Import
+
+-> The resource ID is fixed as `auth_token_management` because this is a singleton resource.
+
+Auth Token Management can be imported using the id, e.g.
+
+```bash
+$ terraform import pingaccess_auth_token_management.demo auth_token_management
+```

docs/resources/pingaccess_http_config_request_host_source.md

@@ -26,3 +26,11 @@ The following arguments are supported:
 ## Attributes Reference
 
 No additional attributes are provided.
+
+## Import
+
+PingAccess HTTP request Host Source resources can be imported using the id, e.g.
+
+```bash
+$ terraform import pingaccess_http_config_request_host_source.example 123
+```

docs/resources/pingaccess_identity_mapping.md

@@ -1,6 +1,6 @@
 # Resource: pingaccess_identity_mapping
 
-Provides a identity mapping.
+Provides an identity mapping.
 
 -> The PingAccess API does not provider repeatable means of querying a sensitive value, we are unable to detect configuration drift of any sensitive fields in the `configuration` block.
 
@@ -38,6 +38,7 @@ In addition to all arguments above, the following attributes are exported:
 - [`id`](#id) - The identity mapping's ID.
 
 ### Import
+
 PingAccess identity mapping can be imported using the id, e.g.
 
 ```bash

docs/resources/pingaccess_keypair.md

@@ -101,8 +101,10 @@ In addition to all arguments above, the following attributes are exported:
 
 ## Import
 
+-> This is currently only supported for generated KeyPairs.
+
 PingAccess keypairs can be imported using the id, e.g.
 
 ```bash
-$ terraform import pingaccess_keypair.demo_keypair 123
+$ terraform import pingaccess_keypair.example 123
 ```

docs/resources/pingaccess_oauth_server.md

@@ -55,3 +55,13 @@ The following arguments are supported:
 ## Attributes Reference
 
 No additional attributes are provided.
+
+## Import
+
+-> The resource ID is fixed as `oauth_server_settings` because this is a singleton resource.
+
+Authorization Server can be imported using the id, e.g.
+
+```bash
+$ terraform import pingaccess_oauth_server.example auth_token_management
+```

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.2.0
-	github.com/iwarapter/pingaccess-sdk-go v0.0.0-20201104174633-29fc5fc0a81c
+	github.com/iwarapter/pingaccess-sdk-go v0.0.0-20201117172106-3133cd85d1ae
 	github.com/ory/dockertest/v3 v3.6.0
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.5.0 // indirect

go.sum

@@ -242,8 +242,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg=
 github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/iwarapter/pingaccess-sdk-go v0.0.0-20201104174633-29fc5fc0a81c h1:avfEKZf2xbZ54eBW62IR0F9D6o3IYLeKH6N6sZ3BV+U=
-github.com/iwarapter/pingaccess-sdk-go v0.0.0-20201104174633-29fc5fc0a81c/go.mod h1:ll8wM67ZyNn1yP1fgEz7uRi3ELrG9oRza1NX2+kB5Qc=
+github.com/iwarapter/pingaccess-sdk-go v0.0.0-20201117172106-3133cd85d1ae h1:uqZZ+jYkzjTsa9WI4xSj8p+YHXfdpeVlFFsNbyRENpA=
+github.com/iwarapter/pingaccess-sdk-go v0.0.0-20201117172106-3133cd85d1ae/go.mod h1:ll8wM67ZyNn1yP1fgEz7uRi3ELrG9oRza1NX2+kB5Qc=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=

pingaccess/config.go

@@ -2,10 +2,13 @@ package pingaccess
 
 import (
 	"crypto/tls"
+	"fmt"
+	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"regexp"
+	"syscall"
 
 	"github.com/iwarapter/pingaccess-sdk-go/services/accessTokenValidators"
 	"github.com/iwarapter/pingaccess-sdk-go/services/acme"
@@ -115,9 +118,18 @@ type paClient struct {
 
 // Client configures and returns a fully initialized PAClient
 func (c *cfg) Client() (interface{}, diag.Diagnostics) {
+	var diags diag.Diagnostics
 	/* #nosec */
 	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-	u, _ := url.Parse(c.BaseURL)
+	u, err := url.ParseRequestURI(c.BaseURL)
+	if err != nil {
+		diags = append(diags, diag.Diagnostic{
+			Severity: diag.Error,
+			Summary:  "Invalid URL",
+			Detail:   fmt.Sprintf("Unable to parse base_url for client: %s", err),
+		})
+		return nil, diags
+	}
 
 	cfg := paCfg.NewConfig().WithEndpoint(u.String() + c.Context).WithUsername(c.Username).WithPassword(c.Password)
 
@@ -174,8 +186,14 @@ func (c *cfg) Client() (interface{}, diag.Diagnostics) {
 
 	v, _, err := client.Version.VersionCommand()
 	if err != nil {
-		return nil, diag.Errorf("unable to retrieve version %s", err)
+		diags = append(diags, diag.Diagnostic{
+			Severity: diag.Error,
+			Summary:  "Connection Error",
+			Detail:   fmt.Sprintf("Unable to connect to PingAccess: %s", checkErr(err)),
+		})
+		return nil, diags
 	}
+
 	client.apiVersion = *v.Version
 
 	return client, nil
@@ -186,3 +204,25 @@ func (c paClient) CanMaskPasswords() bool {
 	re := regexp.MustCompile(`^(6\.[1-9])`)
 	return re.MatchString(c.apiVersion)
 }
+
+func checkErr(err error) string {
+	if netError, ok := err.(net.Error); ok && netError.Timeout() {
+		return "Timeout"
+	}
+
+	switch t := err.(type) {
+	case *net.OpError:
+		if t.Op == "dial" {
+			return "Unknown host/port"
+		} else if t.Op == "read" {
+			return "Connection refused"
+		}
+	case *url.Error:
+		return checkErr(t.Err)
+	case syscall.Errno:
+		if t == syscall.ECONNREFUSED {
+			return "Connection refused"
+		}
+	}
+	return err.Error()
+}