Skip to content

Commit 1e2ad02

Browse files
sarvodayaKumarsarvodayaKumar
authored
Merge pull request #359 from aquasecurity/bugfix/api-authentication
bug: Fix API authentication using API key and secret
2 parents 3fca0e8 + 54c8780 commit 1e2ad02

File tree

3 files changed

+50
-24
lines changed

3 files changed

+50
-24
lines changed

aquasec/init_test.go

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,9 +68,15 @@ func init() {
6868

6969
var aquaClient *client.Client
7070
if useAPIKey {
71-
aquaClient = client.NewClientWithAPIKey(aquaURL, apiKey, secretKey, verifyTLS, caCertByte)
71+
aquaClient, err = client.NewClientWithAPIKey(aquaURL, apiKey, secretKey, verifyTLS, caCertByte)
72+
if err != nil {
73+
panic(fmt.Errorf("failed to create client with api key auth, error: %s", err))
74+
}
7275
} else {
73-
aquaClient = client.NewClientWithTokenAuth(aquaURL, username, password, verifyTLS, caCertByte)
76+
aquaClient, err = client.NewClientWithTokenAuth(aquaURL, username, password, verifyTLS, caCertByte)
77+
if err != nil {
78+
panic(fmt.Errorf("failed to create client with token auth, error: %s", err))
79+
}
7480
}
7581
token, url, err := aquaClient.GetAuthToken()
7682

aquasec/provider.go

Lines changed: 35 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -241,27 +241,24 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
241241
}
242242

243243
if validate {
244-
if apiKey == "" {
245-
if username == "" {
246-
diags = append(diags, diag.Diagnostic{
247-
Severity: diag.Error,
248-
Summary: "Initializing provider, username parameter is missing.",
249-
})
250-
}
251-
252-
if password == "" {
253-
diags = append(diags, diag.Diagnostic{
254-
Severity: diag.Error,
255-
Summary: "Initializing provider, password parameter is missing.",
256-
})
257-
}
258-
}
259244
if aquaURL == "" {
260245
diags = append(diags, diag.Diagnostic{
261246
Severity: diag.Error,
262247
Summary: "Initializing provider, aqua_url parameter is missing.",
263248
})
264249
}
250+
if username == "" {
251+
diags = append(diags, diag.Diagnostic{
252+
Severity: diag.Error,
253+
Summary: "Initializing provider, username parameter is missing.",
254+
})
255+
}
256+
if password == "" {
257+
diags = append(diags, diag.Diagnostic{
258+
Severity: diag.Error,
259+
Summary: "Initializing provider, password parameter is missing.",
260+
})
261+
}
265262
}
266263

267264
var caCertByte []byte
@@ -283,8 +280,24 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
283280
}
284281

285282
var aquaClient *client.Client
286-
if apiKey != "" {
287-
aquaClient = client.NewClientWithAPIKey(aquaURL, apiKey, secretkey, verifyTLS, caCertByte)
283+
if username != "" && password != "" {
284+
aquaClient, err = client.NewClientWithTokenAuth(aquaURL, username, password, verifyTLS, caCertByte)
285+
if err != nil {
286+
return nil, diag.Diagnostics{diag.Diagnostic{
287+
Severity: diag.Error,
288+
Summary: "Error creating Aqua client with token authentication",
289+
Detail: err.Error(),
290+
}}
291+
}
292+
} else if apiKey != "" {
293+
aquaClient, err = client.NewClientWithAPIKey(aquaURL, apiKey, secretkey, verifyTLS, caCertByte)
294+
if err != nil {
295+
return nil, diag.Diagnostics{diag.Diagnostic{
296+
Severity: diag.Error,
297+
Summary: "Error creating Aqua client with API key",
298+
Detail: err.Error(),
299+
}}
300+
}
288301
if v, ok := d.GetOk("validity"); ok {
289302
aquaClient.Validity = v.(int)
290303
}
@@ -295,7 +308,11 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
295308
aquaClient.CSPRoles = convertStringArr(v.([]interface{}))
296309
}
297310
} else {
298-
aquaClient = client.NewClientWithTokenAuth(aquaURL, username, password, verifyTLS, caCertByte)
311+
return nil, diag.Diagnostics{diag.Diagnostic{
312+
Severity: diag.Error,
313+
Summary: "Missing credentials",
314+
Detail: "Provide username+password or aqua_api_key+aqua_api_secret.",
315+
}}
299316
}
300317

301318
if validate {

client/client.go

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -48,16 +48,19 @@ const UserAgentBase = "terraform-provider-aquasec"
4848

4949
var version string
5050

51-
func NewClientWithTokenAuth(urlStr, user, password string, verifyTLS bool, caCertByte []byte) *Client {
51+
func NewClientWithTokenAuth(urlStr, user, password string, verifyTLS bool, caCertByte []byte) (*Client, error) {
5252
return NewClient(urlStr, user, password, "", "", false, verifyTLS, caCertByte)
5353
}
5454

55-
func NewClientWithAPIKey(urlStr, apiKey, secretkey string, verifyTLS bool, caCertByte []byte) *Client {
55+
func NewClientWithAPIKey(urlStr, apiKey, secretkey string, verifyTLS bool, caCertByte []byte) (*Client, error) {
56+
if strings.TrimSpace(apiKey) == "" || strings.TrimSpace(secretkey) == "" {
57+
return nil, fmt.Errorf("api key auth requires both aqua_api_key and aqua_api_secret")
58+
}
5659
return NewClient(urlStr, "", "", apiKey, secretkey, true, verifyTLS, caCertByte)
5760
}
5861

5962
// NewClient - initialize and return the Client
60-
func NewClient(url, user, password, apiKey, secretkey string, useAPIKey, verifyTLS bool, caCertByte []byte) *Client {
63+
func NewClient(url, user, password, apiKey, secretkey string, useAPIKey, verifyTLS bool, caCertByte []byte) (*Client, error) {
6164
tlsConfig := &tls.Config{
6265
InsecureSkipVerify: !verifyTLS,
6366
}
@@ -133,7 +136,7 @@ func NewClient(url, user, password, apiKey, secretkey string, useAPIKey, verifyT
133136
break
134137
}
135138

136-
return c
139+
return c, nil
137140
}
138141

139142
func (cli *Client) AuthenticateWithAPIKey() (string, error) {

0 commit comments

Comments
 (0)