Fix panic caused by setting unsupported private key path values

alexng-canuck · alexng-canuck · commit 72fb5b9f7ad5 · 2020-10-27T10:20:35.000-07:00
Previously, setting any sort of unsupported key path value would have resulted in panic due to quirk in SDK, where config provider errors are silently ignored and config provider is set to nil.
This is a partial fix to allow home paths to be resolved to avoid such common errors. This also fixes identity user resource to avoid panicking if config provider is empty.

SDK still needs to address the ignored error bug, which will be followed-up separately.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@
 - Support for reading OBO token from local file
 - Support for Oracle Key Vault with ExaCC
 
+### Fixed
+- Fix an issue where identity user resource panics if an invalid API key configuration is given
+- Allow `~` home directories to be specified in private_key_path of provider oci blocks 
+
 ## 4.0.0 (October 21, 2020)
 
 ### Added
diff --git a/oci/identity_user_resource.go b/oci/identity_user_resource.go
@@ -215,10 +215,12 @@ func (s *IdentityUserResourceCrud) Create() error {
 			return fmt.Errorf("compartment_id must be specified for this resource")
 		}
 		// Maintain legacy contract of compartment_id defaulting to tenancy ocid if not specified
-		c := *s.Client.ConfigurationProvider()
-		if c == nil {
-			return fmt.Errorf("cannot access tenancyOCID")
+		configProvider := s.Client.ConfigurationProvider()
+		if configProvider == nil {
+			return fmt.Errorf("cannot access tenancy OCID. No configuration provider could be found for identity client")
 		}
+
+		c := *configProvider
 		tenancy, err := c.TenancyOCID()
 		if err != nil {
 			return err
diff --git a/oci/provider.go b/oci/provider.go
@@ -661,6 +661,15 @@ func getHomeFolder() string {
 	return current.HomeDir
 }
 
+// cleans and expands the path if it contains a tilde , returns the expanded path or the input path as is if not expansion
+// was performed
+func expandPath(filepath string) string {
+	if strings.HasPrefix(filepath, fmt.Sprintf("~%c", os.PathSeparator)) {
+		filepath = path.Join(getHomeFolder(), filepath[2:])
+	}
+	return path.Clean(filepath)
+}
+
 func checkProfile(profile string, path string) (err error) {
 	var profileRegex = regexp.MustCompile(`^\[(.*)\]`)
 	data, err := ioutil.ReadFile(path)
@@ -753,7 +762,8 @@ func (p ResourceDataConfigProvider) PrivateRSAKey() (key *rsa.PrivateKey, err er
 	}
 
 	if privateKeyPath, hasPrivateKeyPath := p.D.GetOkExists(privateKeyPathAttrName); hasPrivateKeyPath {
-		pemFileContent, readFileErr := ioutil.ReadFile(privateKeyPath.(string))
+		resolvedPath := expandPath(privateKeyPath.(string))
+		pemFileContent, readFileErr := ioutil.ReadFile(resolvedPath)
 		if readFileErr != nil {
 			return nil, fmt.Errorf("can not read private key from: '%s', Error: %q", privateKeyPath, readFileErr)
 		}
diff --git a/oci/provider_test.go b/oci/provider_test.go
@@ -916,6 +916,41 @@ func TestUnitVerifyConfigForAPIKeyAuthIsNotSet_basic(t *testing.T) {
 	assert.True(t, len(apiKeyConfigVariablesToUnset) == 5, "apiKey config variables to unset: %v", apiKeyConfigVariablesToUnset)
 }
 
+// This test verifies that user can specify private key paths with "~/" and they should resolve to the home directory
+func TestUnitHomeDirectoryPrivateKeyPath_basic(t *testing.T) {
+	privateKeyName := "TestUnitHomeDirectoryPrivateKeyPath_basic.pem"
+	privateKeyPath := path.Join(getHomeFolder(), privateKeyName)
+	err := writeTempFile(testPrivateKey, privateKeyPath)
+	if err != nil {
+		t.Fatalf("unable to write test private key into directory %s. Error: %v", privateKeyPath, err)
+	}
+
+	defer removeFile(privateKeyPath)
+
+	r := &schema.Resource{
+		Schema: schemaMap(),
+	}
+	d := r.Data(nil)
+	d.Set(privateKeyPathAttrName, path.Join("~", privateKeyName))
+
+	d.Set(tenancyOcidAttrName, testTenancyOCID)
+	d.Set(authAttrName, authAPIKeySetting)
+	d.Set(userOcidAttrName, testUserOCID)
+	d.Set(fingerprintAttrName, testKeyFingerPrint)
+	d.Set(regionAttrName, "us-phoenix-1")
+
+	clients := &OracleClients{
+		sdkClientMap:  make(map[string]interface{}, len(oracleClientRegistrations.registeredClients)),
+		configuration: make(map[string]string),
+	}
+	sdkConfigProvider, err := getSdkConfigProvider(d, clients)
+	assert.NoError(t, err)
+
+	privateRsaKey, err := sdkConfigProvider.PrivateRSAKey()
+	assert.NoError(t, err)
+	assert.True(t, privateRsaKey != nil)
+}
+
 func TestUnitSecurityToken_basic(t *testing.T) {
 	t.Skip("Run manual with a valid security token")
 	for _, apiKeyConfigAttribute := range apiKeyConfigAttributes {
