Skip to content

Commit

Permalink
Improve code organization and error handling
Browse files Browse the repository at this point in the history
- Add proper error types and handling with severity levels
- Improve SSL/TLS configuration and security
- Add helper functions for safer field access
- Enhance documentation and code organization
- Add proper constants and remove magic values
- Improve type definitions and validation
  • Loading branch information
felladrin committed Dec 22, 2024
1 parent d846e5a commit da1a9c1
Show file tree
Hide file tree
Showing 5 changed files with 359 additions and 203 deletions.
182 changes: 112 additions & 70 deletions minio/check_config.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,32 @@
package minio

import (
"fmt"

"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)

// BucketConfig creates a new config for minio buckets
// ConfigError represents an error that occurred during configuration
type ConfigError struct {
Field string
Message string
}

func (e *ConfigError) Error() string {
return fmt.Sprintf("configuration error for field %q: %s", e.Field, e.Message)
}

// getOptionalField safely gets an optional field from the ResourceData with a default value
func getOptionalField(d *schema.ResourceData, field string, defaultValue interface{}) interface{} {
if v, ok := d.GetOk(field); ok {
return v
}
return defaultValue
}

// BucketConfig creates a new configuration for MinIO buckets.
// It handles the basic bucket configuration including ACL, prefixes, and object locking.
func BucketConfig(d *schema.ResourceData, meta interface{}) *S3MinioBucket {
m := meta.(*S3MinioClient)

Expand All @@ -14,201 +35,222 @@ func BucketConfig(d *schema.ResourceData, meta interface{}) *S3MinioBucket {
MinioAdmin: m.S3Admin,
MinioRegion: m.S3Region,
MinioAccess: m.S3UserAccess,
MinioBucket: d.Get("bucket").(string),
MinioBucketPrefix: d.Get("bucket_prefix").(string),
MinioACL: d.Get("acl").(string),
MinioForceDestroy: d.Get("force_destroy").(bool),
ObjectLockingEnabled: d.Get("object_locking").(bool),
MinioBucket: getOptionalField(d, "bucket", "").(string),
MinioBucketPrefix: getOptionalField(d, "bucket_prefix", "").(string),
MinioACL: getOptionalField(d, "acl", "private").(string),
MinioForceDestroy: getOptionalField(d, "force_destroy", false).(bool),
ObjectLockingEnabled: getOptionalField(d, "object_locking", false).(bool),
}
}

// BucketPolicyConfig creates config for managing minio bucket policies
// BucketPolicyConfig creates configuration for managing MinIO bucket policies.
// It sets up the basic policy configuration for a bucket.
func BucketPolicyConfig(d *schema.ResourceData, meta interface{}) *S3MinioBucketPolicy {
m := meta.(*S3MinioClient)

return &S3MinioBucketPolicy{
MinioClient: m.S3Client,
MinioBucket: d.Get("bucket").(string),
MinioBucketPolicy: d.Get("policy").(string),
MinioBucket: getOptionalField(d, "bucket", "").(string),
MinioBucketPolicy: getOptionalField(d, "policy", "").(string),
}
}

// BucketVersioningConfig creates config for managing minio bucket versioning
// BucketVersioningConfig creates configuration for managing MinIO bucket versioning.
// It handles versioning configuration including excluded prefixes and folders.
func BucketVersioningConfig(d *schema.ResourceData, meta interface{}) *S3MinioBucketVersioning {
m := meta.(*S3MinioClient)

versioningConfig := getBucketVersioningConfig(d.Get("versioning_configuration").([]interface{}))

return &S3MinioBucketVersioning{
MinioClient: m.S3Client,
MinioBucket: d.Get("bucket").(string),
MinioBucket: getOptionalField(d, "bucket", "").(string),
VersioningConfiguration: versioningConfig,
}
}

// BucketVersioningConfig creates config for managing minio bucket versioning
// BucketReplicationConfig creates configuration for managing MinIO bucket replication.
// It sets up replication rules between buckets.
func BucketReplicationConfig(d *schema.ResourceData, meta interface{}) (*S3MinioBucketReplication, diag.Diagnostics) {
m := meta.(*S3MinioClient)

replicationRules, diags := getBucketReplicationConfig(d.Get("rule").([]interface{}))
if diags.HasError() {
return nil, diags
}

return &S3MinioBucketReplication{
MinioClient: m.S3Client,
MinioAdmin: m.S3Admin,
MinioBucket: d.Get("bucket").(string),
MinioBucket: getOptionalField(d, "bucket", "").(string),
ReplicationRules: replicationRules,
}, diags
}, nil
}

// BucketNotificationConfig creates config for managing minio bucket notifications
// BucketNotificationConfig creates configuration for managing MinIO bucket notifications.
// It sets up event notifications for bucket operations.
func BucketNotificationConfig(d *schema.ResourceData, meta interface{}) *S3MinioBucketNotification {
m := meta.(*S3MinioClient)
config := getNotificationConfiguration(d)

return &S3MinioBucketNotification{
MinioClient: m.S3Client,
MinioBucket: d.Get("bucket").(string),
MinioBucket: getOptionalField(d, "bucket", "").(string),
Configuration: &config,
}
}

// BucketServerSideEncryptionConfig creates config for managing minio bucket server side encryption
// BucketServerSideEncryptionConfig creates configuration for managing MinIO bucket server-side encryption.
// It handles encryption settings for bucket objects.
func BucketServerSideEncryptionConfig(d *schema.ResourceData, meta interface{}) *S3MinioBucketServerSideEncryption {
m := meta.(*S3MinioClient)

encryptionConfig := getBucketServerSideEncryptionConfig(d)

return &S3MinioBucketServerSideEncryption{
MinioClient: m.S3Client,
MinioBucket: d.Get("bucket").(string),
MinioBucket: getOptionalField(d, "bucket", "").(string),
Configuration: encryptionConfig,
}
}

// NewConfig creates a new config for minio
// NewConfig creates a new MinIO client configuration.
// It handles authentication and connection settings.
func NewConfig(d *schema.ResourceData) *S3MinioConfig {
user := d.Get("minio_user").(string)
// Get user credentials with fallback to legacy access key
user := getOptionalField(d, "minio_user", "").(string)
if user == "" {
user = d.Get("minio_access_key").(string)
user = getOptionalField(d, "minio_access_key", "").(string)
}

password := d.Get("minio_password").(string)
// Get password with fallback to legacy secret key
password := getOptionalField(d, "minio_password", "").(string)
if password == "" {
password = d.Get("minio_secret_key").(string)
password = getOptionalField(d, "minio_secret_key", "").(string)
}

return &S3MinioConfig{
S3HostPort: d.Get("minio_server").(string),
S3Region: d.Get("minio_region").(string),
S3HostPort: getOptionalField(d, "minio_server", "").(string),
S3Region: getOptionalField(d, "minio_region", "us-east-1").(string),
S3UserAccess: user,
S3UserSecret: password,
S3SessionToken: d.Get("minio_session_token").(string),
S3APISignature: d.Get("minio_api_version").(string),
S3SSL: d.Get("minio_ssl").(bool),
S3SSLCACertFile: d.Get("minio_cacert_file").(string),
S3SSLCertFile: d.Get("minio_cert_file").(string),
S3SSLKeyFile: d.Get("minio_key_file").(string),
S3SSLSkipVerify: d.Get("minio_insecure").(bool),
S3SessionToken: getOptionalField(d, "minio_session_token", "").(string),
S3APISignature: getOptionalField(d, "minio_api_version", "v4").(string),
S3SSL: getOptionalField(d, "minio_ssl", false).(bool),
S3SSLCACertFile: getOptionalField(d, "minio_cacert_file", "").(string),
S3SSLCertFile: getOptionalField(d, "minio_cert_file", "").(string),
S3SSLKeyFile: getOptionalField(d, "minio_key_file", "").(string),
S3SSLSkipVerify: getOptionalField(d, "minio_insecure", false).(bool),
}
}

// ServiceAccountConfig creates new service account config
// ServiceAccountConfig creates configuration for MinIO service accounts.
// It handles service account creation and management.
func ServiceAccountConfig(d *schema.ResourceData, meta interface{}) *S3MinioServiceAccountConfig {
m := meta.(*S3MinioClient)

return &S3MinioServiceAccountConfig{
MinioAdmin: m.S3Admin,
MinioAccessKey: d.Get("access_key").(string),
MinioTargetUser: d.Get("target_user").(string),
MinioDisableUser: d.Get("disable_user").(bool),
MinioUpdateKey: d.Get("update_secret").(bool),
MinioSAPolicy: d.Get("policy").(string),
MinioName: d.Get("name").(string),
MinioDescription: d.Get("description").(string),
MinioExpiration: d.Get("expiration").(string),
MinioAccessKey: getOptionalField(d, "access_key", "").(string),
MinioTargetUser: getOptionalField(d, "target_user", "").(string),
MinioDisableUser: getOptionalField(d, "disable_user", false).(bool),
MinioUpdateKey: getOptionalField(d, "update_secret", false).(bool),
MinioSAPolicy: getOptionalField(d, "policy", "").(string),
MinioName: getOptionalField(d, "name", "").(string),
MinioDescription: getOptionalField(d, "description", "").(string),
MinioExpiration: getOptionalField(d, "expiration", "").(string),
}
}

// IAMUserConfig creates new user config
// IAMUserConfig creates configuration for MinIO IAM users.
// It handles user creation and management in the IAM system.
func IAMUserConfig(d *schema.ResourceData, meta interface{}) *S3MinioIAMUserConfig {
m := meta.(*S3MinioClient)

return &S3MinioIAMUserConfig{
MinioAdmin: m.S3Admin,
MinioIAMName: d.Get("name").(string),
MinioSecret: d.Get("secret").(string),
MinioDisableUser: d.Get("disable_user").(bool),
MinioUpdateKey: d.Get("update_secret").(bool),
MinioForceDestroy: d.Get("force_destroy").(bool),
MinioIAMName: getOptionalField(d, "name", "").(string),
MinioSecret: getOptionalField(d, "secret", "").(string),
MinioDisableUser: getOptionalField(d, "disable_user", false).(bool),
MinioUpdateKey: getOptionalField(d, "update_secret", false).(bool),
MinioForceDestroy: getOptionalField(d, "force_destroy", false).(bool),
}
}

// IAMGroupConfig creates new group config
// IAMGroupConfig creates configuration for MinIO IAM groups.
// It handles group creation and management.
func IAMGroupConfig(d *schema.ResourceData, meta interface{}) *S3MinioIAMGroupConfig {
m := meta.(*S3MinioClient)

return &S3MinioIAMGroupConfig{
MinioAdmin: m.S3Admin,
MinioIAMName: d.Get("name").(string),
MinioDisableGroup: d.Get("disable_group").(bool),
MinioForceDestroy: d.Get("force_destroy").(bool),
MinioIAMName: getOptionalField(d, "name", "").(string),
MinioDisableGroup: getOptionalField(d, "disable_group", false).(bool),
MinioForceDestroy: getOptionalField(d, "force_destroy", false).(bool),
}
}

// IAMGroupAttachmentConfig creates new membership config for a single user
// IAMGroupAttachmentConfig creates configuration for MinIO IAM group attachments.
// It handles attaching a single user to a group.
func IAMGroupAttachmentConfig(d *schema.ResourceData, meta interface{}) *S3MinioIAMGroupAttachmentConfig {
m := meta.(*S3MinioClient)

return &S3MinioIAMGroupAttachmentConfig{
MinioAdmin: m.S3Admin,
MinioIAMUser: d.Get("user_name").(string),
MinioIAMGroup: d.Get("group_name").(string),
MinioIAMUser: getOptionalField(d, "user_name", "").(string),
MinioIAMGroup: getOptionalField(d, "group_name", "").(string),
}
}

// IAMGroupMembersipConfig creates new membership config
func IAMGroupMembersipConfig(d *schema.ResourceData, meta interface{}) *S3MinioIAMGroupMembershipConfig {
// IAMGroupMembershipConfig creates configuration for MinIO IAM group memberships.
// It handles attaching multiple users to a group.
func IAMGroupMembershipConfig(d *schema.ResourceData, meta interface{}) *S3MinioIAMGroupMembershipConfig {
m := meta.(*S3MinioClient)

users := getStringList(d.Get("users").(*schema.Set).List())

return &S3MinioIAMGroupMembershipConfig{
MinioAdmin: m.S3Admin,
MinioIAMName: d.Get("name").(string),
MinioIAMUsers: getStringList(d.Get("users").(*schema.Set).List()),
MinioIAMGroup: d.Get("group").(string),
MinioIAMName: getOptionalField(d, "name", "").(string),
MinioIAMUsers: users,
MinioIAMGroup: getOptionalField(d, "group", "").(string),
}
}

// IAMPolicyConfig creates new policy config
// IAMPolicyConfig creates configuration for MinIO IAM policies.
// It handles policy creation and management.
func IAMPolicyConfig(d *schema.ResourceData, meta interface{}) *S3MinioIAMPolicyConfig {
m := meta.(*S3MinioClient)

return &S3MinioIAMPolicyConfig{
MinioAdmin: m.S3Admin,
MinioIAMName: d.Get("name").(string),
MinioIAMNamePrefix: d.Get("name_prefix").(string),
MinioIAMPolicy: d.Get("policy").(string),
MinioIAMName: getOptionalField(d, "name", "").(string),
MinioIAMNamePrefix: getOptionalField(d, "name_prefix", "").(string),
MinioIAMPolicy: getOptionalField(d, "policy", "").(string),
}
}

// IAMGroupPolicyConfig creates new group policy config
// IAMGroupPolicyConfig creates configuration for MinIO IAM group policies.
// It handles attaching policies to groups.
func IAMGroupPolicyConfig(d *schema.ResourceData, meta interface{}) *S3MinioIAMGroupPolicyConfig {
m := meta.(*S3MinioClient)

return &S3MinioIAMGroupPolicyConfig{
MinioAdmin: m.S3Admin,
MinioIAMName: d.Get("name").(string),
MinioIAMNamePrefix: d.Get("name_prefix").(string),
MinioIAMPolicy: d.Get("policy").(string),
MinioIAMGroup: d.Get("group").(string),
MinioIAMName: getOptionalField(d, "name", "").(string),
MinioIAMNamePrefix: getOptionalField(d, "name_prefix", "").(string),
MinioIAMPolicy: getOptionalField(d, "policy", "").(string),
MinioIAMGroup: getOptionalField(d, "group", "").(string),
}
}

// KMSKeyConfig creates new service account config
// KMSKeyConfig creates configuration for MinIO KMS keys.
// It handles key management system configuration.
func KMSKeyConfig(d *schema.ResourceData, meta interface{}) *S3MinioKMSKeyConfig {
m := meta.(*S3MinioClient)

return &S3MinioKMSKeyConfig{
MinioAdmin: m.S3Admin,
MinioKMSKeyID: d.Get("key_id").(string),
MinioKMSKeyID: getOptionalField(d, "key_id", "").(string),
}
}
Loading

0 comments on commit da1a9c1

Please sign in to comment.