IDSEC-000: Consume SDK for proxy and retry additions

Author: CyberarkReleaser

VERSION

@@ -1 +1 @@
-0.1.13
+0.1.14

docs/data-sources/pcloud_account.md

@@ -26,6 +26,7 @@ data "idsec_pcloud_account" "example_account" {
 ### Optional
 
 - `access_restricted_to_remote_machines` (Boolean) Whether to restrict access only to the specified remote machines
+- `account_name` (String) The name of the account to retrieve the account's details
 - `address` (String) The name or address of the machine where the account is used
 - `automatic_management_enabled` (Boolean) Whether the account secret is managed automatically
 - `category_modification_time` (Number) The last time the account or one of its file categories was created or changed

docs/data-sources/pcloud_safe.md

@@ -36,7 +36,7 @@ data "idsec_pcloud_safe" "example_safe" {
 - `number_of_days_retention` (Number) The number of days that secrets versions are saved in the Safe
 - `number_of_versions_retention` (Number) The number of retained versions of every secret that is stored in the Safe
 - `olac_enabled` (Boolean) Whether Object Level Access Control is enabled
-- `safe_name` (String) The unique ID of the Safe used when calling Safe APIs
+- `safe_name` (String) The name of the Safe for retrieving the Safe's details
 - `safe_number` (Number) The unique numerical ID of the Safe
 
 <a id="nestedatt--creator"></a>

docs/index.md

@@ -81,6 +81,9 @@ resource "idsec_sia_access_connector" "example_connector" {
 
 - `auth_method` (String) Authentication method. Defaults to `identity`. When set to `identity`, both `username` and `secret` are **required**. When set to `identity_service_user`, both `service_user` and `service_token` are **required**. Resolved from environment variable `IDSEC_AUTH_METHOD`.
 - `cache_authentication` (Boolean) Cache authentication for the provider. Defaults to `true`. Resolved from environment variable `IDSEC_CACHE_AUTHENTICATION`.
+- `proxy_address` (String) Proxy address for the provider to use for outgoing requests. Resolved from environment variable `IDSEC_PROXY_ADDRESS`. or the standard `HTTPS_PROXY`/`HTTP_PROXY` env vars.
+- `proxy_password` (String, Sensitive) Proxy password for the provider to use for outgoing requests. Resolved from environment variable `IDSEC_PROXY_PASSWORD`.
+- `proxy_username` (String) Proxy username for the provider to use for outgoing requests. Resolved from environment variable `IDSEC_PROXY_USERNAME`.
 - `secret` (String, Sensitive) Secret for identity authentication. **Required** when `auth_method` is `identity` (default). Resolved from environment variable `IDSEC_SECRET`.
 - `service_authorized_app` (String) Authorized application for identity service user authentication. Used when `auth_method` is `identity_service_user`. Defaults to `__idaptive_cybr_user_oidc`. Resolved from environment variable `IDSEC_SERVICE_AUTHORIZED_APP`.
 - `service_token` (String, Sensitive) Service token for identity service user authentication. **Required** when `auth_method` is `identity_service_user`. Resolved from environment variable `IDSEC_SERVICE_TOKEN`.

go.mod

@@ -3,7 +3,7 @@ module github.com/cyberark/terraform-provider-idsec
 go 1.24.0
 
 require (
-	github.com/cyberark/idsec-sdk-golang v0.1.11
+	github.com/cyberark/idsec-sdk-golang v0.1.12
 	github.com/hashicorp/terraform-plugin-framework v1.15.0
 	github.com/hashicorp/terraform-plugin-go v0.29.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0

go.sum

@@ -41,8 +41,8 @@ github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZ
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
 github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyberark/idsec-sdk-golang v0.1.11 h1:rmQWjV2ze5OdjwF6FS1kHMstR2p9Whc55cRbMAfaQZE=
-github.com/cyberark/idsec-sdk-golang v0.1.11/go.mod h1:JlvuO467wokG0Yw43uaIDU0vxtsKT9HpDHapP0fBD6o=
+github.com/cyberark/idsec-sdk-golang v0.1.12 h1:7DX0ChsLWd/40W/nNAbmVL48JBbmFEPfUEGZup1BwhY=
+github.com/cyberark/idsec-sdk-golang v0.1.12/go.mod h1:JlvuO467wokG0Yw43uaIDU0vxtsKT9HpDHapP0fBD6o=
 github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
 github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0=

internal/provider/idsec_provider.go

@@ -18,6 +18,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/cyberark/idsec-sdk-golang/pkg/auth"
+	idsecconfig "github.com/cyberark/idsec-sdk-golang/pkg/config"
 	"github.com/cyberark/idsec-sdk-golang/pkg/models/actions"
 	authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
 	"github.com/cyberark/idsec-sdk-golang/pkg/services"
@@ -68,6 +69,9 @@ type IdsecProviderSchema struct {
 	ServiceAuthorizedApp types.String `tfsdk:"service_authorized_app"`
 	Subdomain            types.String `tfsdk:"subdomain"`
 	CacheAuthentication  types.Bool   `tfsdk:"cache_authentication"`
+	ProxyAddress         types.String `tfsdk:"proxy_address"`
+	ProxyUsername        types.String `tfsdk:"proxy_username"`
+	ProxyPassword        types.String `tfsdk:"proxy_password"`
 }
 
 // IdsecProviderConfig holds the configuration for the Idsec provider.
@@ -173,6 +177,22 @@ func (p *IdsecProvider) Schema(ctx context.Context, req terraformprovider.Schema
 				Description:         "Cache authentication for the provider. Defaults to true. Resolved from environment variable IDSEC_CACHE_AUTHENTICATION.",
 				MarkdownDescription: "Cache authentication for the provider. Defaults to `true`. Resolved from environment variable `IDSEC_CACHE_AUTHENTICATION`.",
 			},
+			"proxy_address": schema.StringAttribute{
+				Optional:            true,
+				Description:         "Proxy address for the provider to use for outgoing requests. Resolved from environment variable IDSEC_PROXY_ADDRESS. or the standard HTTPS_PROXY/HTTP_PROXY env vars.",
+				MarkdownDescription: "Proxy address for the provider to use for outgoing requests. Resolved from environment variable `IDSEC_PROXY_ADDRESS`. or the standard `HTTPS_PROXY`/`HTTP_PROXY` env vars.",
+			},
+			"proxy_username": schema.StringAttribute{
+				Optional:            true,
+				Description:         "Proxy username for the provider to use for outgoing requests. Resolved from environment variable IDSEC_PROXY_USERNAME.",
+				MarkdownDescription: "Proxy username for the provider to use for outgoing requests. Resolved from environment variable `IDSEC_PROXY_USERNAME`.",
+			},
+			"proxy_password": schema.StringAttribute{
+				Optional:            true,
+				Description:         "Proxy password for the provider to use for outgoing requests. Resolved from environment variable IDSEC_PROXY_PASSWORD.",
+				MarkdownDescription: "Proxy password for the provider to use for outgoing requests. Resolved from environment variable `IDSEC_PROXY_PASSWORD`.",
+				Sensitive:           true,
+			},
 		},
 	}
 }
@@ -193,6 +213,19 @@ func (p *IdsecProvider) Configure(ctx context.Context, req terraformprovider.Con
 	config.CacheAuthentication = p.resolveTerraformBoolVar(config.CacheAuthentication, IdsecCacheAuthenticationEnvVar, IdsecCacheAuthenticationDefault)
 	config.AuthMethod = p.resolveTerraformStringVar(config.AuthMethod, IdsecAuthMethodEnvVar)
 	config.Subdomain = p.resolveTerraformStringVar(config.Subdomain, IdsecSubdomainEnvVar)
+
+	// If no proxy is set in TF or in env vars, HTTPS_PROXY and HTTP_PROXY env vars will be used as the standard fallback by the SDK.
+	config.ProxyAddress = p.resolveTerraformStringVar(config.ProxyAddress, idsecconfig.IdsecProxyAddressEnvVar)
+	config.ProxyUsername = p.resolveTerraformStringVar(config.ProxyUsername, idsecconfig.IdsecProxyUsernameEnvVar)
+	config.ProxyPassword = p.resolveTerraformStringVar(config.ProxyPassword, idsecconfig.IdsecProxyPasswordEnvVar)
+	if !config.ProxyAddress.IsNull() {
+		idsecconfig.SetProxyAddress(config.ProxyAddress.String())
+	}
+	if !config.ProxyUsername.IsNull() && !config.ProxyPassword.IsNull() {
+		idsecconfig.SetProxyUsername(config.ProxyUsername.String())
+		idsecconfig.SetProxyPassword(config.ProxyPassword.String())
+	}
+
 	if config.AuthMethod.IsNull() {
 		resp.Diagnostics.AddError("Invalid Configuration", "Auth method is required.")
 		return