EZSCALE/terraform-provider-virtfusion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
e26c78e2c23894b0b9779eaa84af2b1cdae63ab2
terraform-provider-virtfusion/internal/provider/data_source_user.go
Andrew ef8fbd530b
Some checks failed
Endpoint Sync Check / check-drift (push) Successful in 50s
Details
CI / build (push) Failing after 1m26s
Details
Fix path injection, sensitive attribute exposure, and error body truncation 
Security fixes from audit:

- Escape user-supplied strings (ext_relation_id, interface_name) with
  url.PathEscape before interpolating into API URL paths, preventing
  path traversal via crafted values like "../admin" or "foo/bar"
- Mark auth token URL attributes as Sensitive in both
  virtfusion_user_auth_token and virtfusion_user_server_auth_token
  resources, since the URL embeds the signed token
- Truncate raw API error response bodies to 500 bytes in error messages
  to prevent leaking sensitive data from verbose Laravel error responses

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 02:07:34 -04:00

130 lines
3.9 KiB
Go
Raw Blame History

// Copyright (c) EZSCALE.
// SPDX-License-Identifier: MPL-2.0
package provider
import (
"context"
"encoding/json"
"fmt"
"net/url"
"terraform-provider-virtfusion/internal/client"
"github.com/hashicorp/terraform-plugin-framework/datasource"
"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
"github.com/hashicorp/terraform-plugin-framework/types"
)
var (
_ datasource.DataSource = &UserDataSource{}
_ datasource.DataSourceWithConfigure = &UserDataSource{}
)
// NewUserDataSource returns a new user data source.
func NewUserDataSource() datasource.DataSource {
return &UserDataSource{}
}
// UserDataSource defines the data source implementation.
type UserDataSource struct {
client *client.Client
}
// UserDataSourceModel describes the data source data model.
type UserDataSourceModel struct {
ExtRelationID types.String `tfsdk:"ext_relation_id"`
ID types.Int64 `tfsdk:"id"`
Name types.String `tfsdk:"name"`
Email types.String `tfsdk:"email"`
Enabled types.Bool `tfsdk:"enabled"`
CreatedAt types.String `tfsdk:"created_at"`
UpdatedAt types.String `tfsdk:"updated_at"`
}
func (d *UserDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
resp.TypeName = req.ProviderTypeName + "_user"
}
func (d *UserDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
resp.Schema = schema.Schema{
MarkdownDescription: "Fetches a VirtFusion user by external relation ID.",
Attributes: map[string]schema.Attribute{
"ext_relation_id": schema.StringAttribute{
MarkdownDescription: "The external relation ID of the user.",
Required: true,
},
"id": schema.Int64Attribute{
MarkdownDescription: "The numeric ID of the user.",
Computed: true,
},
"name": schema.StringAttribute{
MarkdownDescription: "The user name.",
Computed: true,
},
"email": schema.StringAttribute{
MarkdownDescription: "The user email address.",
Computed: true,
},
"enabled": schema.BoolAttribute{
MarkdownDescription: "Whether the user is enabled.",
Computed: true,
},
"created_at": schema.StringAttribute{
MarkdownDescription: "The creation timestamp.",
Computed: true,
},
"updated_at": schema.StringAttribute{
MarkdownDescription: "The last update timestamp.",
Computed: true,
},
},
}
}
func (d *UserDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
if req.ProviderData == nil {
return
}
c, ok := req.ProviderData.(*client.Client)
if !ok {
resp.Diagnostics.AddError(
"Unexpected Data Source Configure Type",
fmt.Sprintf("Expected *client.Client, got: %T.", req.ProviderData),
)
return
}
d.client = c
}
func (d *UserDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
var data UserDataSourceModel
resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
if resp.Diagnostics.HasError() {
return
}
rawResp, err := d.client.Get(ctx, fmt.Sprintf("/users/%s/byExtRelation", url.PathEscape(data.ExtRelationID.ValueString())))
if err != nil {
resp.Diagnostics.AddError("Error Reading User", err.Error())
return
}
var userResp client.UserResponse
if err := json.Unmarshal(rawResp, &userResp); err != nil {
resp.Diagnostics.AddError("Error Parsing User Response", err.Error())
return
}
data.ID = types.Int64Value(userResp.Data.ID)
data.Name = types.StringValue(userResp.Data.Name)
data.Email = types.StringValue(userResp.Data.Email)
data.Enabled = types.BoolValue(userResp.Data.Enabled)
data.CreatedAt = types.StringValue(userResp.Data.CreatedAt)
data.UpdatedAt = types.StringValue(userResp.Data.UpdatedAt)
resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
}
Reference in New Issue View Git Blame Copy Permalink