Refactor TLS config to use in both manual and generated client (#1046)

nikimanoledaki · web-flow · commit 1c66c503d65d · 2023-09-19T12:23:45.000-04:00
diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/go-openapi/strfmt v0.21.7
 	github.com/grafana/amixr-api-go-client v0.0.9
 	github.com/grafana/grafana-api-golang-client v0.24.0
-	github.com/grafana/grafana-openapi-client-go v0.0.0-20230914111743-66765674683b
+	github.com/grafana/grafana-openapi-client-go v0.0.0-20230918131703-659d2cff09a7
 	github.com/grafana/machine-learning-go-client v0.5.0
 	github.com/grafana/synthetic-monitoring-agent v0.17.1
 	github.com/grafana/synthetic-monitoring-api-go-client v0.7.0
diff --git a/go.sum b/go.sum
@@ -137,6 +137,10 @@ github.com/grafana/grafana-api-golang-client v0.24.0 h1:9cUvft7xCMnnL/Uscwy7eold
 github.com/grafana/grafana-api-golang-client v0.24.0/go.mod h1:24W29gPe9yl0/3A9X624TPkAOR8DpHno490cPwnkv8E=
 github.com/grafana/grafana-openapi-client-go v0.0.0-20230914111743-66765674683b h1:UI49lvb/o1kfVtLPKZMZkozkRIxczD+qDUoHC41TvnM=
 github.com/grafana/grafana-openapi-client-go v0.0.0-20230914111743-66765674683b/go.mod h1:2vJ8YEgriYoHaNg5eijRU/q7eJTxT078VrGRSTTLeRk=
+github.com/grafana/grafana-openapi-client-go v0.0.0-20230918123310-e81801151dbd h1:y4K34xlu2mD0uBWbW2iqNwQBU93Y2/QoZ9vSMUGuScw=
+github.com/grafana/grafana-openapi-client-go v0.0.0-20230918123310-e81801151dbd/go.mod h1:2vJ8YEgriYoHaNg5eijRU/q7eJTxT078VrGRSTTLeRk=
+github.com/grafana/grafana-openapi-client-go v0.0.0-20230918131703-659d2cff09a7 h1:LPPNA/l6jCMRheMWvMPdni3WlOGL6Wjw3d/A1IbWCVg=
+github.com/grafana/grafana-openapi-client-go v0.0.0-20230918131703-659d2cff09a7/go.mod h1:2vJ8YEgriYoHaNg5eijRU/q7eJTxT078VrGRSTTLeRk=
 github.com/grafana/machine-learning-go-client v0.5.0 h1:Q1K+MPSy8vfMm2jsk3WQ7O77cGr2fM5hxwtPSoPc5NU=
 github.com/grafana/machine-learning-go-client v0.5.0/go.mod h1:QFfZz8NkqVF8++skjkKQXJEZfpCYd8S0yTWJUpsLLTA=
 github.com/grafana/synthetic-monitoring-agent v0.17.1 h1:2IKA8QzgWA+tqmE3AMzSwQBhZ6Pa4whgOHTs6tk3V6I=
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -359,54 +359,15 @@ func configure(version string, p *schema.Provider) func(context.Context, *schema
 func createGrafanaClient(d *schema.ResourceData) (string, *gapi.Config, *gapi.Client, error) {
 	cli := cleanhttp.DefaultClient()
 	transport := cleanhttp.DefaultTransport()
-	transport.TLSClientConfig = &tls.Config{}
 	// limiting the amount of concurrent HTTP connections from the provider
 	// makes it not overload the API and DB
 	transport.MaxConnsPerHost = 2
 
-	// TLS Config
-	tlsKeyFile, tempFile, err := createTempFileIfLiteral(d.Get("tls_key").(string))
+	tlsClientConfig, err := parseTLSconfig(d)
 	if err != nil {
 		return "", nil, nil, err
 	}
-	if tempFile {
-		defer os.Remove(tlsKeyFile)
-	}
-	tlsCertFile, tempFile, err := createTempFileIfLiteral(d.Get("tls_cert").(string))
-	if err != nil {
-		return "", nil, nil, err
-	}
-	if tempFile {
-		defer os.Remove(tlsCertFile)
-	}
-	caCertFile, tempFile, err := createTempFileIfLiteral(d.Get("ca_cert").(string))
-	if err != nil {
-		return "", nil, nil, err
-	}
-	if tempFile {
-		defer os.Remove(caCertFile)
-	}
-
-	insecure := d.Get("insecure_skip_verify").(bool)
-	if caCertFile != "" {
-		ca, err := os.ReadFile(caCertFile)
-		if err != nil {
-			return "", nil, nil, err
-		}
-		pool := x509.NewCertPool()
-		pool.AppendCertsFromPEM(ca)
-		transport.TLSClientConfig.RootCAs = pool
-	}
-	if tlsKeyFile != "" && tlsCertFile != "" {
-		cert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile)
-		if err != nil {
-			return "", nil, nil, err
-		}
-		transport.TLSClientConfig.Certificates = []tls.Certificate{cert}
-	}
-	if insecure {
-		transport.TLSClientConfig.InsecureSkipVerify = true
-	}
+	transport.TLSClientConfig = tlsClientConfig
 
 	apiURL := d.Get("url").(string)
 	cli.Transport = logging.NewSubsystemLoggingHTTPTransport("Grafana", transport)
@@ -440,6 +401,11 @@ func createGrafanaClient(d *schema.ResourceData) (string, *gapi.Config, *gapi.Cl
 }
 
 func createGrafanaOAPIClient(apiURL string, d *schema.ResourceData) (*goapi.GrafanaHTTPAPI, error) {
+	tlsClientConfig, err := parseTLSconfig(d)
+	if err != nil {
+		return nil, err
+	}
+
 	u, err := url.Parse(apiURL)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse API url: %v", err.Error())
@@ -454,6 +420,7 @@ func createGrafanaOAPIClient(apiURL string, d *schema.ResourceData) (*goapi.Graf
 		Host:      u.Host,
 		BasePath:  "/api",
 		Schemes:   []string{u.Scheme},
+		TLSConfig: tlsClientConfig,
 		BasicAuth: userInfo,
 		OrgID:     orgID,
 		APIKey:    APIKey,
@@ -589,3 +556,52 @@ func parseAuth(d *schema.ResourceData) (*url.Userinfo, int64, string, error) {
 	}
 	return nil, 0, "", nil
 }
+
+func parseTLSconfig(d *schema.ResourceData) (*tls.Config, error) {
+	tlsClientConfig := &tls.Config{}
+
+	tlsKeyFile, tempFile, err := createTempFileIfLiteral(d.Get("tls_key").(string))
+	if err != nil {
+		return nil, err
+	}
+	if tempFile {
+		defer os.Remove(tlsKeyFile)
+	}
+	tlsCertFile, tempFile, err := createTempFileIfLiteral(d.Get("tls_cert").(string))
+	if err != nil {
+		return nil, err
+	}
+	if tempFile {
+		defer os.Remove(tlsCertFile)
+	}
+	caCertFile, tempFile, err := createTempFileIfLiteral(d.Get("ca_cert").(string))
+	if err != nil {
+		return nil, err
+	}
+	if tempFile {
+		defer os.Remove(caCertFile)
+	}
+
+	insecure := d.Get("insecure_skip_verify").(bool)
+	if caCertFile != "" {
+		ca, err := os.ReadFile(caCertFile)
+		if err != nil {
+			return nil, err
+		}
+		pool := x509.NewCertPool()
+		pool.AppendCertsFromPEM(ca)
+		tlsClientConfig.RootCAs = pool
+	}
+	if tlsKeyFile != "" && tlsCertFile != "" {
+		cert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile)
+		if err != nil {
+			return nil, err
+		}
+		tlsClientConfig.Certificates = []tls.Certificate{cert}
+	}
+	if insecure {
+		tlsClientConfig.InsecureSkipVerify = true
+	}
+
+	return tlsClientConfig, nil
+}
