Implement Secrets Manager ACL (#93)

* Add CIDR validator * Implement `syncACL`, add it to creation * Rename function * Rename variables * Add mapACLs * Implement instance update * Add ACLs to acc test * Add ACL to schema * Add new line * Fix not using the ACLs read from config * Add test case where ACLs aren't set * Fix lint * Generate docs * Add uniqueness check for ACLs * Add repeated ACLs test cases * Remove debug leftover * Change test cases * Rename data * Add ACL description * Generate docs * Change ACL attribute type * Remove test case --------- Co-authored-by: Henrique Santos <henrique.santos@freiheit.com>
2023-10-18 13:25:54 +01:00 · 2023-10-18 13:25:54 +01:00 · e1265578ce
commit e1265578ce
parent 3c6748545d
10 changed files with 770 additions and 13 deletions
--- a/stackit/internal/validate/validate.go
+++ b/stackit/internal/validate/validate.go
@ -137,3 +137,21 @@ func RFC3339SecondsOnly() *Validator {
 		},
 	}
 }
+
+func CIDR() *Validator {
+	description := "value must be in CIDR notation"
+
+	return &Validator{
+		description: description,
+		validate: func(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) {
+			_, _, err := net.ParseCIDR(req.ConfigValue.ValueString())
+			if err != nil {
+				resp.Diagnostics.Append(validatordiag.InvalidAttributeValueDiagnostic(
+					req.Path,
+					fmt.Sprintf("parsing value in CIDR notation: %s", err.Error()),
+					req.ConfigValue.ValueString(),
+				))
+			}
+		},
+	}
+}
--- a/stackit/internal/validate/validate_test.go
+++ b/stackit/internal/validate/validate_test.go
@ -262,3 +262,87 @@ func TestRFC3339SecondsOnly(t *testing.T) {
 		})
 	}
 }
+
+func TestCIDR(t *testing.T) {
+	tests := []struct {
+		description string
+		input       string
+		isValid     bool
+	}{
+		{
+			"IPv4_block",
+			"198.51.100.14/24",
+			true,
+		},
+		{
+			"IPv4_block_2",
+			"111.222.111.222/22",
+			true,
+		},
+		{
+			"IPv4_single",
+			"198.51.100.14/32",
+			true,
+		},
+		{
+			"IPv4_entire_internet",
+			"0.0.0.0/0",
+			true,
+		},
+		{
+			"IPv4_block_invalid",
+			"198.51.100.14/33",
+			false,
+		},
+		{
+			"IPv4_no_block",
+			"111.222.111.222",
+			false,
+		},
+		{
+			"IPv6_block",
+			"2001:db8::/48",
+			true,
+		},
+		{
+			"IPv6_single",
+			"2001:0db8:85a3:08d3::0370:7344/128",
+			true,
+		},
+		{
+			"IPv6_all",
+			"::/0",
+			true,
+		},
+		{
+			"IPv6_block_invalid",
+			"2001:0db8:85a3:08d3::0370:7344/129",
+			false,
+		},
+		{
+			"IPv6_no_block",
+			"2001:0db8:85a3:08d3::0370:7344",
+			false,
+		},
+		{
+			"empty",
+			"",
+			false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.description, func(t *testing.T) {
+			r := validator.StringResponse{}
+			CIDR().ValidateString(context.Background(), validator.StringRequest{
+				ConfigValue: types.StringValue(tt.input),
+			}, &r)
+
+			if !tt.isValid && !r.Diagnostics.HasError() {
+				t.Fatalf("Should have failed")
+			}
+			if tt.isValid && r.Diagnostics.HasError() {
+				t.Fatalf("Should not have failed: %v", r.Diagnostics.Errors())
+			}
+		})
+	}
+}