Update docs, implement tests, finalize

Author: LukeJowett

docs/index.md

@@ -67,13 +67,16 @@ provider "restapi" {
 <a id="nestedblock--oauth_client_credentials"></a>
 ### Nested Schema for `oauth_client_credentials`
 
+NOTE: One of `oauth_client_id_environment_variable` and `oauth_client_secret_environment_variable` or `oauth_client_id` and `oauth_client_secret` MUST be set if this block is configured. If both are set environment variables take priority.
+
 Required:
 
-- `oauth_client_id` (String) client id
-- `oauth_client_secret` (String) client secret
 - `oauth_token_endpoint` (String) oauth token endpoint
 
 Optional:
-
+- `oauth_client_id_environment_variable` (String) client id
+- `oauth_client_secret_environment_variable` (String) client secret
+- `oauth_client_id` (String) client id
+- `oauth_client_secret` (String) client secret
 - `endpoint_params` (Map of String) Additional key/values to pass to the underlying Oauth client library (as EndpointParams)
 - `oauth_scopes` (List of String) scopes

examples/workingexamples/provider_with_oauth_env.tf

@@ -0,0 +1,22 @@
+provider "restapi" {
+    alias = "restapi_oauth_env"
+    uri = "https://graph.microsoft.com/beta/"
+    write_returns_object = true 
+    debug = true
+
+    oauth_client_credentials {
+        oauth_client_id_environment_variable = "ARM_CLIENT_ID"
+        oauth_client_secret_environment_variable = "ARM_CLIENT_SECRET"
+        oauth_token_endpoint = "https://login.microsoft.com/${var.tenantId}/oauth2/v2.0/token"
+        oauth_scopes = ["https://graph.microsoft.com/.default"]
+        endpoint_params = {"grant_type"="client_credentials"}
+    }
+
+    headers = {
+        "Content-Type" = "application/json"
+    }
+
+    create_method = "PUT"
+    update_method = "PATCH"
+    destroy_method = "DELETE"
+}

restapi/api_client.go

@@ -86,6 +86,7 @@ type APIClient struct {
 
 func GetEnvStringOrDefault(key, def string) string {
 if env := os.Getenv(key); env != "" {
+	log.Printf("Got env for %s", key)
 	return env
 }
 return def
@@ -219,8 +220,8 @@ func NewAPIClient(opt *apiClientOpt) (*APIClient, error) {
 
 	if resolvedClientID != "" && resolvedClientSecret != "" && opt.oauthTokenURL != "" {
 		client.oauthConfig = &clientcredentials.Config{
-			ClientID:       opt.oauthClientID,
-			ClientSecret:   opt.oauthClientSecret,
+			ClientID:       resolvedClientID,
+			ClientSecret:   resolvedClientSecret,
 			TokenURL:       opt.oauthTokenURL,
 			Scopes:         opt.oauthScopes,
 			EndpointParams: opt.oauthEndpointParams,

restapi/provider.go

@@ -278,6 +278,22 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) {
 	if v, ok := d.GetOk("oauth_client_credentials"); ok {
 		oauthConfig := v.([]interface{})[0].(map[string]interface{})
 
+	if (oauthConfig["oauth_client_id_environment_variable"] == "" && oauthConfig["oauth_client_secret_environment_variable"] == "" && oauthConfig["oauth_client_id"] == "" && oauthConfig["oauth_client_secret"] == "") {
+	 return nil, fmt.Errorf("If configuring oauth, either `oauth_client_id_environment_variable`, `oauth_client_secret_environment_variable` OR `oauth_client_id` and `oauth_client_secret` must be specified")
+	}
+	if (oauthConfig["oauth_client_id_environment_variable"] != "" && oauthConfig["oauth_client_secret_environment_variable"] == "") {
+	 return nil, fmt.Errorf("`oauth_client_id_environment_variable` is configured, but `oauth_client_secret_environment_variable` is missing")
+	}
+	if (oauthConfig["oauth_client_id_environment_variable"] == "" && oauthConfig["oauth_client_secret_environment_variable"] != "") {
+	 return nil, fmt.Errorf("`oauth_client_secret_environment_variable` is configured, but `oauth_client_id_environment_variable` is missing")
+	}
+    if (oauthConfig["oauth_client_id"] != "" && oauthConfig["oauth_client_secret"] == "") {
+	 return nil, fmt.Errorf("`oauth_client_id` is configured, but `oauth_client_secret` is missing")
+	}
+	if (oauthConfig["oauth_client_id"] == "" && oauthConfig["oauth_client_secret"] != "") {
+	 return nil, fmt.Errorf("`oauth_client_secret` is configured, but `oauth_client_id` is missing")
+	}
+
 		opt.oauthClientIDEnvVar = oauthConfig["oauth_client_id_environment_variable"].(string)
 		opt.oauthClientSecretEnvVar = oauthConfig["oauth_client_secret_environment_variable"].(string)
 		opt.oauthClientID = oauthConfig["oauth_client_id"].(string)

restapi/provider_test.go

@@ -68,6 +68,27 @@ func TestResourceProvider_Oauth(t *testing.T) {
 	}
 }
 
+func TestResourceProvider_Oauth_Env(t *testing.T) {
+	rp := Provider()
+	raw := map[string]interface{}{
+		"uri": "http://foo.bar/baz",
+		"oauth_client_credentials": map[string]interface{}{
+			"oauth_client_id_environment_variable": "test",
+			"oauth_client_secret_environment_variable": "secret",
+		},
+	}
+
+	/*
+	   XXX: This is expected to work even though we are not
+	        explicitly declaring the required url parameter since
+	        the test suite is run with the ENV entry set.
+	*/
+	err := rp.Configure(context.TODO(), terraform.NewResourceConfigRaw(raw))
+	if err != nil {
+		t.Fatalf("Provider failed with error: %v", err)
+	}
+}
+
 func TestResourceProvider_RequireTestPath(t *testing.T) {
 	debug := false
 	apiServerObjects := make(map[string]map[string]interface{})