SUMO-172016 add JWT support

Author: dagould

sumologic/provider.go

@@ -27,6 +27,11 @@ func Provider() terraform.ResourceProvider {
 				Required:    true,
 				DefaultFunc: schema.EnvDefaultFunc("SUMOLOGIC_ACCESSKEY", nil),
 			},
+			"auth_jwt": {
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SUMOLOGIC_AUTHJWT", nil),
+			},
 			"environment": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -91,12 +96,16 @@ func Provider() terraform.ResourceProvider {
 
 var SumoMutexKV = mutexkv.NewMutexKV()
 
-func resolveRedirectURL(accessId string, accessKey string) (string, error) {
+func resolveRedirectURL(accessId string, accessKey string, authJwt string) (string, error) {
 	req, err := http.NewRequest(http.MethodHead, "https://api.sumologic.com/api/v1/collectors", nil)
 	if err != nil {
 		return "", err
 	}
-	req.SetBasicAuth(accessId, accessKey)
+	if authJwt == "" {
+		req.SetBasicAuth(accessId, accessKey)
+	} else {
+		req.Header.Add("Authorization", "Bearer "+authJwt)
+	}
 	client := &http.Client{CheckRedirect: func(req *http.Request, via []*http.Request) error {
 		return http.ErrUseLastResponse
 	}}
@@ -116,21 +125,36 @@ func resolveRedirectURL(accessId string, accessKey string) (string, error) {
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	accessId := d.Get("access_id").(string)
 	accessKey := d.Get("access_key").(string)
+	authJwt := d.Get("auth_jwt").(string)
 	environment := d.Get("environment").(string)
 	baseUrl := d.Get("base_url").(string)
 
 	msg := ""
-	if accessId == "" {
-		msg = "sumologic provider: access_id should be set;"
-	}
-
-	if accessKey == "" {
-		msg = fmt.Sprintf("%s access_key should be set; ", msg)
+	if authJwt == "" {
+		if accessId == "" || accessKey == "" {
+			msg = "sumologic provider: auth_jwt is not set;"
+		}
+		if accessId == "" {
+			msg = fmt.sprintf("%s access_id should be set;", msg)
+		}
+		if accessKey == "" {
+			msg = fmt.Sprintf("%s access_key should be set; ", msg)
+		}
+	} else {
+		if accessId != "" || accessKey != "" {
+			msg = "sumologic provider: auth_jwt is set;"
+		}
+		if accessId != "" {
+			msg = fmt.sprintf("%s access_id should not be set;", msg)
+		}
+		if accessKey != "" {
+			msg = fmt.Sprintf("%s access_key should not be set; ", msg)
+		}
 	}
 
 	if environment == "" && baseUrl == "" {
 		log.Printf("Attempting to resolve redirection URL from access key/id")
-		url, err := resolveRedirectURL(accessId, accessKey)
+		url, err := resolveRedirectURL(accessId, accessKey, authJwt)
 		if err != nil {
 			log.Printf("[WARN] Unable to resolve redirection URL, %s", err)
 			environment = "us2"
@@ -150,6 +174,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	return NewClient(
 		accessId,
 		accessKey,
+		authJwt,
 		environment,
 		baseUrl,
 	)

sumologic/sumologic_client.go

@@ -19,6 +19,7 @@ type HttpClient interface {
 type Client struct {
 	AccessID    string
 	AccessKey   string
+	AuthJwt     string
 	Environment string
 	BaseURL     *url.URL
 	httpClient  HttpClient
@@ -40,14 +41,18 @@ var endpoints = map[string]string{
 
 var rateLimiter = time.NewTicker(time.Minute / 240)
 
-func createNewRequest(method, url string, body io.Reader, accessID string, accessKey string) (*http.Request, error) {
+func createNewRequest(method, url string, body io.Reader, accessID string, accessKey string, authJwt string) (*http.Request, error) {
 	req, err := http.NewRequest(method, url, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("User-Agent", "SumoLogicTerraformProvider/"+ProviderVersion)
-	req.SetBasicAuth(accessID, accessKey)
+	if authJwt == "" {
+		req.SetBasicAuth(accessID, accessKey)
+	} else {
+		req.Header.Add("Authorization", "Bearer "+authJwt)
+	}
 	return req, nil
 }
 
@@ -64,7 +69,7 @@ func (s *Client) PostWithCookies(urlPath string, payload interface{}) ([]byte, [
 		return nil, nil, err
 	}
 
-	req, err := createNewRequest(http.MethodPost, sumoURL.String(), bytes.NewBuffer(body), s.AccessID, s.AccessKey)
+	req, err := createNewRequest(http.MethodPost, sumoURL.String(), bytes.NewBuffer(body), s.AccessID, s.AccessKey, s.AuthJwt)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -98,7 +103,7 @@ func (s *Client) GetWithCookies(urlPath string, cookies []*http.Cookie) ([]byte,
 
 	sumoURL := s.BaseURL.ResolveReference(relativeURL)
 
-	req, err := createNewRequest(http.MethodGet, sumoURL.String(), nil, s.AccessID, s.AccessKey)
+	req, err := createNewRequest(http.MethodGet, sumoURL.String(), nil, s.AccessID, s.AccessKey, s.AuthJwt)
 	if err != nil {
 		return nil, "", err
 	}
@@ -133,7 +138,7 @@ func (s *Client) Post(urlPath string, payload interface{}, isAdminMode bool) ([]
 	sumoURL := s.BaseURL.ResolveReference(relativeURL)
 
 	body, _ := json.Marshal(payload)
-	req, err := createNewRequest(http.MethodPost, sumoURL.String(), bytes.NewBuffer(body), s.AccessID, s.AccessKey)
+	req, err := createNewRequest(http.MethodPost, sumoURL.String(), bytes.NewBuffer(body), s.AccessID, s.AccessKey, s.AuthJwt)
 	if err != nil {
 		return nil, err
 	}
@@ -164,7 +169,7 @@ func (s *Client) Post(urlPath string, payload interface{}, isAdminMode bool) ([]
 func (s *Client) PostRawPayload(urlPath string, payload string) ([]byte, error) {
 	relativeURL, _ := url.Parse(urlPath)
 	sumoURL := s.BaseURL.ResolveReference(relativeURL)
-	req, err := createNewRequest(http.MethodPost, sumoURL.String(), bytes.NewBuffer([]byte(payload)), s.AccessID, s.AccessKey)
+	req, err := createNewRequest(http.MethodPost, sumoURL.String(), bytes.NewBuffer([]byte(payload)), s.AccessID, s.AccessKey, s.AuthJwt)
 	if err != nil {
 		return nil, err
 	}
@@ -195,7 +200,7 @@ func (s *Client) Put(urlPath string, payload interface{}, isAdminMode bool) ([]b
 	_, etag, _ := s.Get(sumoURL.String(), false)
 
 	body, _ := json.Marshal(payload)
-	req, err := createNewRequest(http.MethodPut, sumoURL.String(), bytes.NewBuffer(body), s.AccessID, s.AccessKey)
+	req, err := createNewRequest(http.MethodPut, sumoURL.String(), bytes.NewBuffer(body), s.AccessID, s.AccessKey, s.AuthJwt)
 	if err != nil {
 		return nil, err
 	}
@@ -228,7 +233,7 @@ func (s *Client) Get(urlPath string, isAdminMode bool) ([]byte, string, error) {
 	relativeURL, _ := url.Parse(urlPath)
 	sumoURL := s.BaseURL.ResolveReference(relativeURL)
 
-	req, err := createNewRequest(http.MethodGet, sumoURL.String(), nil, s.AccessID, s.AccessKey)
+	req, err := createNewRequest(http.MethodGet, sumoURL.String(), nil, s.AccessID, s.AccessKey, s.AuthJwt)
 	if err != nil {
 		return nil, "", err
 	}
@@ -262,7 +267,7 @@ func (s *Client) Delete(urlPath string) ([]byte, error) {
 	relativeURL, _ := url.Parse(urlPath)
 	sumoURL := s.BaseURL.ResolveReference(relativeURL)
 
-	req, err := createNewRequest(http.MethodDelete, sumoURL.String(), nil, s.AccessID, s.AccessKey)
+	req, err := createNewRequest(http.MethodDelete, sumoURL.String(), nil, s.AccessID, s.AccessKey, s.AuthJwt)
 	if err != nil {
 		return nil, err
 	}
@@ -286,10 +291,11 @@ func (s *Client) Delete(urlPath string) ([]byte, error) {
 	return d, nil
 }
 
-func NewClient(accessID, accessKey, environment, base_url string) (*Client, error) {
+func NewClient(accessID, accessKey, authJwt, environment, base_url string) (*Client, error) {
 	client := Client{
 		AccessID:    accessID,
 		AccessKey:   accessKey,
+		AuthJwt:     authJwt,
 		httpClient:  http.DefaultClient,
 		Environment: environment,
 	}