use latest credhub and add resource permission

.gitignore

@@ -1,2 +1,3 @@
 /terraform-provider-credhub
-/out
+/out
+/vendor

.travis.yml

@@ -1,32 +1,29 @@
 language: go
 go:
-- 1.9
+  - "1.11"
 install:
-- go get github.com/hashicorp/terraform
-- go get github.com/onsi/ginkgo/ginkgo
-- go get github.com/onsi/gomega
+  - go get github.com/onsi/ginkgo/ginkgo
+  - go get github.com/onsi/gomega
+  - export GO111MODULE=on
 script:
-- |
-  if [ "$(go fmt ./...)"]; then
-    echo "You need to run `go fmt`"
-    exit 1
-  fi
-- go test `go list ./... | grep -v vendor` -v
+  - |
+    if [ "$(go fmt ./...)"]; then
+      echo "You need to run `go fmt`"
+      exit 1
+    fi
+  - go test `go list ./... | grep -v vendor` -v
 after_success:
-- cd $GOPATH/src/github.com/hashicorp/terraform
-- git checkout v0.11.7
-- cd $GOPATH/src/github.com/orange-cloudfoundry/terraform-provider-credhub
-- bin/build-all.sh
+  - bin/build-all.sh
 deploy:
   provider: releases
   api_key:
     secure: vAnQmOX1MZf8hGi2mjDGS+kAnsTVZXEKWSAnZJaLvJ2bmnGbtvSZJVgLw3ByaF/4DBixPjaztBoWOD7r9DQRUpwiEE2AOXNwZPmoytyZPCWBhTldkdot6RrjR0VMoslbC54+MInq//EV/8X2lM1CVrEzLvaQd1+NGd4M8xqjXaIrXMti8CWM6dANw+kUTEZbM9kaGxgm01WYrPvv8j9CJUszS88wQgpSN2ssNM3GVYBZHSlD1aZsJeidvjWCUpXcYMXVW8KZfWt5ccrqhj5f2ne381bBxL1tLLaeKu4yvNGSeDVj1JJcnXORV4klo3YWPqF03QXO7vyd57k7Lftin+o5Tk5cGAY+0muZAfzkPBz3ecomXv+cE0F3PwyEz1CApUsnp4ogTKqNcqI4wMXxPJv6uqdZoH9Ya7IsvVSwosz6vauX00iwNoh9O17yVNgRG6QfWuTZjvNMzSB2smS/u6zgvFEQITqOpn4YAFkGpSiSaMOJhpgTiIiS2KaCXx4Xgl2WAvI3/fJS/OxDWGlZtBZ0jMSCfWNqIISfnsprj7I3t/PXMVheOfG/UO5FtVDOcwD9ZawE9lZxHLv53Q6A0Ny2igYg+G1MmPmHjpM47iEEIV0uXrd7dsgLg9EaMI9bwzuPhJsogcdSYGrfU85mXLSBqFQkk6sjHQi3X6V8GjU=
   file:
-  - out/terraform-provider-credhub_darwin_amd64
-  - out/terraform-provider-credhub_linux_386
-  - out/terraform-provider-credhub_linux_amd64
-  - out/terraform-provider-credhub_windows_386.exe
-  - out/terraform-provider-credhub_windows_amd64.exe
+    - out/terraform-provider-credhub_darwin_amd64
+    - out/terraform-provider-credhub_linux_386
+    - out/terraform-provider-credhub_linux_amd64
+    - out/terraform-provider-credhub_windows_386.exe
+    - out/terraform-provider-credhub_windows_amd64.exe
   on:
     tags: true
     all_branches: true

README.md

@@ -75,6 +75,7 @@ provider "credhub" {
   - [Generate SSH](#generate-ssh)
   - [Generate user](#generate-user)
   - [Generic](#generic)
+  - [Permission](#permission)
 - [Datasources](#datasources)
   - [Value](#value)
   - [Json](#json)
@@ -274,6 +275,27 @@ resource "credhub_generic" "myjson" {
 
 ---
 
+### Permission
+
+```hcl
+resource "credhub_permission" "myuser_perm_mypath" {
+  path       = "/a/path/*"
+  actor      = "uaa-user:dc912b22-caeb-4780-a6d5-aa5843f81868"
+  operations = ["read", "write", "delete"]
+}
+```
+
+- **path**: (**Required**) A path where you would like to add a permission to for an actor
+- **actor**: (**Required**) An actor that receives permission at the specified path 
+(See authentication-specific identities [explained here](https://github.com/cloudfoundry-incubator/credhub/blob/master/docs/authentication-identities.md))
+- **operations**: (**Required**) List of operations given to actor for specified path 
+(supported operations: `read`, `write`, `delete`, `read_acl`, `write_acl`)
+
+**Note**: For actor as type `uaa-user`, find id can be difficult but hopefully you can use id provided with 
+[with datasource terraform provider uaa](https://github.com/orange-cloudfoundry/terraform-provider-uaa/blob/master/website/docs/d/user.html.markdown)
+
+---
+
 ## Datasources
 
 **Note**: Computed parameters is what has been filled by the data source, this is what you can use after.

bin/build

@@ -6,5 +6,5 @@ echo -e "\nGenerating Binary for ${GOOS} on arch ${GOARCH}..."
 
 CURRENTDIR=`pwd`
 
-CGO_ENABLED=0 go build -o $CURRENTDIR/out/terraform-provider-credhub
+CGO_ENABLED=0 go build -ldflags="-s -w" -o $CURRENTDIR/out/terraform-provider-credhub
 echo -e "\nGenerating Binary finished."

credhub/data_source_helper.go

@@ -1,10 +1,10 @@
 package credhub
 
 import (
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/credentials"
 	"encoding/json"
 	"fmt"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/credentials"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 

credhub/data_sources.go

@@ -1,9 +1,9 @@
 package credhub
 
 import (
+	"code.cloudfoundry.org/credhub-cli/credhub/credentials/values"
 	"encoding/json"
 	"fmt"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/credentials/values"
 	"github.com/hashicorp/terraform/helper/schema"
 	"reflect"
 )

credhub/extend/extend.go

@@ -0,0 +1,94 @@
+package extend
+
+import (
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/permissions"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+)
+
+type Permission struct {
+	client *credhub.CredHub
+}
+
+func NewPermission(client *credhub.CredHub) *Permission {
+	return &Permission{client}
+}
+
+func (p *Permission) updateV1Permission(uuid string, credName string, perms []permissions.V1_Permission) (*http.Response, error) {
+	ch := p.client
+	requestBody := map[string]interface{}{}
+	requestBody["credential_name"] = credName
+	requestBody["permissions"] = perms
+
+	resp, err := ch.Request(http.MethodPut, fmt.Sprintf("/api/v1/permissions/%s", uuid), nil, requestBody, true)
+	if err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+func (p *Permission) updateV2Permission(uuid string, path string, actor string, ops []string) (*http.Response, error) {
+	ch := p.client
+	requestBody := map[string]interface{}{}
+	requestBody["path"] = path
+	requestBody["actor"] = actor
+	requestBody["operations"] = ops
+
+	resp, err := ch.Request(http.MethodPut, fmt.Sprintf("/api/v2/permissions/%s", uuid), nil, requestBody, true)
+	if err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+func (p *Permission) UpdatePermission(uuid string, path string, actor string, ops []string) (*permissions.Permission, error) {
+	ch := p.client
+	serverVersion, err := ch.ServerVersion()
+	if err != nil {
+		return nil, err
+	}
+
+	var resp *http.Response
+	isOlderVersion := serverVersion.Segments()[0] < 2
+
+	if isOlderVersion {
+		resp, err = p.updateV1Permission(uuid, path, []permissions.V1_Permission{{Actor: actor, Operations: ops}})
+	} else {
+		resp, err = p.updateV2Permission(uuid, path, actor, ops)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if isOlderVersion {
+		return nil, nil
+	}
+
+	defer resp.Body.Close()
+	defer io.Copy(ioutil.Discard, resp.Body)
+	var response permissions.Permission
+
+	if err := json.NewDecoder(resp.Body).Decode(&response); err != nil {
+		return nil, err
+	}
+
+	return &response, nil
+}
+
+func (p *Permission) DeletePermission(uuid string) error {
+	ch := p.client
+	resp, err := ch.Request(http.MethodDelete, fmt.Sprintf("/api/v2/permissions/%s", uuid), nil, nil, true)
+
+	if err == nil {
+		defer resp.Body.Close()
+	}
+
+	return err
+}

credhub/generate_certificate.go

@@ -1,8 +1,8 @@
 package credhub
 
 import (
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/credentials/generate"
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/credentials/generate"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 

credhub/generate_password.go

@@ -1,8 +1,8 @@
 package credhub
 
 import (
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/credentials/generate"
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/credentials/generate"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 

credhub/generate_rsa.go

@@ -1,8 +1,8 @@
 package credhub
 
 import (
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/credentials/generate"
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/credentials/generate"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 

credhub/generate_ssh.go

@@ -1,8 +1,8 @@
 package credhub
 
 import (
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/credentials/generate"
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/credentials/generate"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 

credhub/generate_user.go

@@ -1,8 +1,8 @@
 package credhub
 
 import (
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/credentials/generate"
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/credentials/generate"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 

credhub/generic.go

@@ -1,11 +1,10 @@
 package credhub
 
 import (
+	"code.cloudfoundry.org/credhub-cli/credhub"
 	"encoding/json"
 	"fmt"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
 	"github.com/hashicorp/terraform/helper/schema"
-	"net/http"
 	"strings"
 )
 
@@ -14,10 +13,6 @@ type CredData struct {
 	Json       map[string]interface{}
 	Credential map[string]interface{}
 }
-type CredGeneric struct {
-	Id    string      `json:"id"`
-	Value interface{} `json:"value"`
-}
 
 func (d CredData) Check() error {
 	if d.Value == "" && len(d.Json) == 0 && len(d.Credential) == 0 {
@@ -80,30 +75,11 @@ func (r GenericResource) Create(d *schema.ResourceData, meta interface{}) error
 	}
 
 	credType := strings.ToLower(d.Get("type").(string))
-	cred, err := r.setCredential(client, Name(d), credType, credData.CredValue())
+	cred, err := client.SetCredential(Name(d), credType, credData.CredValue())
 	d.SetId(cred.Id)
 	return nil
 }
-func (GenericResource) setCredential(ch *credhub.CredHub, name, credType string, value interface{}) (CredGeneric, error) {
-	requestBody := map[string]interface{}{}
-	requestBody["name"] = name
-	requestBody["type"] = credType
-	requestBody["value"] = value
-	requestBody["overwrite"] = true
-	resp, err := ch.Request(http.MethodPut, "/api/v1/data", nil, requestBody, true)
 
-	if err != nil {
-		return CredGeneric{}, err
-	}
-	cred := CredGeneric{}
-	defer resp.Body.Close()
-	dec := json.NewDecoder(resp.Body)
-	err = dec.Decode(&cred)
-	if err != nil {
-		return CredGeneric{}, err
-	}
-	return cred, nil
-}
 func (GenericResource) Schema() map[string]*schema.Schema {
 	return map[string]*schema.Schema{
 		"type": {
@@ -125,6 +101,7 @@ func (GenericResource) Schema() map[string]*schema.Schema {
 		},
 	}
 }
+
 func validateKeyLength(elem interface{}, index string) ([]string, []error) {
 	length := elem.(int)
 	if length != 2048 && length != 3072 && length != 4096 {

credhub/loader.go

@@ -1,11 +1,11 @@
 package credhub
 
 import (
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/credentials"
 	"crypto/sha512"
 	"encoding/json"
 	"fmt"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/credentials"
 	"github.com/hashicorp/terraform/helper/schema"
 	"strconv"
 	"strings"

credhub/provider.go

@@ -1,13 +1,13 @@
 package credhub
 
 import (
+	"code.cloudfoundry.org/credhub-cli/credhub"
+	"code.cloudfoundry.org/credhub-cli/credhub/auth"
 	"fmt"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub"
-	"github.com/cloudfoundry-incubator/credhub-cli/credhub/auth"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/terraform"
-	"strings"
 	"os"
+	"strings"
 )
 
 func Provider() terraform.ResourceProvider {
@@ -73,6 +73,7 @@ func Provider() terraform.ResourceProvider {
 			"credhub_ssh":         LoadGenerateResource(&GenerateSSHResource{}),
 			"credhub_user":        LoadGenerateResource(&GenerateUserResource{}),
 			"credhub_generic":     LoadGenerateResource(&GenericResource{}),
+			"credhub_permission":  resourcePermission(),
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{