Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: hashicorp/terraform-provider-scaffolding-framework
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: sebastiaan-dev/terraform-provider-bitwarden-secrets
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
  • 8 commits
  • 39 files changed
  • 2 contributors

Commits on May 11, 2024

  1. Implementation of v0.1.0 of the Terraform provider

    sebastiaan-dev committed May 11, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    astefanutti Antonin Stefanutti
    Copy the full SHA
    2a5acfd View commit details
  2. Remove unused tests

    sebastiaan-dev committed May 11, 2024
    Copy the full SHA
    1c045c6 View commit details
  3. Merge pull request #1 from sebastiaan-dev/feature/v0.1.0

    Implementation of v0.1.0 of the Terraform provider
    sebastiaan-dev authored May 11, 2024
    Copy the full SHA
    910a3a5 View commit details
  4. Fixed registry reference

    sebastiaan-dev committed May 11, 2024
    Copy the full SHA
    b249cfe View commit details
  5. Copy the full SHA
    4c744e9 View commit details
  6. Merge pull request #2 from sebastiaan-dev/fix/registry

    Fix registry reference
    sebastiaan-dev authored May 11, 2024
    Copy the full SHA
    bdf9fb8 View commit details
  7. Update documentation

    sebastiaan-dev committed May 11, 2024
    Copy the full SHA
    161cf84 View commit details
  8. Merge pull request #3 from sebastiaan-dev/task/docs

    Update documentation
    sebastiaan-dev authored May 11, 2024
    Copy the full SHA
    9cc4f62 View commit details
Showing with 1,543 additions and 685 deletions.
  1. +40 −16 README.md
  2. +46 −0 cli/main.go
  3. +0 −30 docs/data-sources/example.md
  4. +33 −0 docs/data-sources/project.md
  5. +36 −0 docs/data-sources/project_list.md
  6. +36 −0 docs/data-sources/secret.md
  7. +39 −0 docs/data-sources/secret_list.md
  8. +0 −26 docs/functions/example.md
  9. +45 −9 docs/index.md
  10. +0 −31 docs/resources/example.md
  11. +34 −0 docs/resources/project.md
  12. +42 −0 docs/resources/secret.md
  13. +3 −0 examples/data-sources/bitwarden-secrets_project/data-source.tf
  14. +2 −0 examples/data-sources/bitwarden-secrets_project_list/data-source.tf
  15. +3 −0 examples/data-sources/bitwarden-secrets_secret/data-source.tf
  16. +2 −0 examples/data-sources/bitwarden-secrets_secret_list/data-source.tf
  17. +0 −3 examples/data-sources/scaffolding_example/data-source.tf
  18. +29 −2 examples/provider/provider.tf
  19. +4 −0 examples/resources/bitwarden-secrets_project/resource.tf
  20. +6 −0 examples/resources/bitwarden-secrets_secret/resource.tf
  21. +0 −3 examples/resources/scaffolding_example/resource.tf
  22. +1 −1 go.mod
  23. +0 −105 internal/provider/example_data_source.go
  24. +0 −32 internal/provider/example_data_source_test.go
  25. +0 −50 internal/provider/example_function.go
  26. +0 −79 internal/provider/example_function_test.go
  27. +0 −187 internal/provider/example_resource.go
  28. +0 −56 internal/provider/example_resource_test.go
  29. +119 −0 internal/provider/project_data_source.go
  30. +134 −0 internal/provider/project_list_data_source.go
  31. +224 −0 internal/provider/project_resource.go
  32. +32 −27 internal/provider/provider.go
  33. +0 −25 internal/provider/provider_test.go
  34. +129 −0 internal/provider/secret_data_source.go
  35. +146 −0 internal/provider/secret_list_data_source.go
  36. +258 −0 internal/provider/secret_resource.go
  37. +4 −3 main.go
  38. +22 −0 templates/index.md.tmpl
  39. +74 −0 types/models.go
56 changes: 40 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,23 +1,14 @@
# Terraform Provider Scaffolding (Terraform Plugin Framework)
# Terraform Provider for Bitwarden Secrets

_This template repository is built on the [Terraform Plugin Framework](https://github.com/hashicorp/terraform-plugin-framework). The template repository built on the [Terraform Plugin SDK](https://github.com/hashicorp/terraform-plugin-sdk) can be found at [terraform-provider-scaffolding](https://github.com/hashicorp/terraform-provider-scaffolding). See [Which SDK Should I Use?](https://developer.hashicorp.com/terraform/plugin/framework-benefits) in the Terraform documentation for additional information._

This repository is a *template* for a [Terraform](https://www.terraform.io) provider. It is intended as a starting point for creating Terraform providers, containing:

- A resource and a data source (`internal/provider/`),
- Examples (`examples/`) and generated documentation (`docs/`),
- Miscellaneous meta files.

These files contain boilerplate code that you will need to edit to create your own Terraform provider. Tutorials for creating Terraform providers can be found on the [HashiCorp Developer](https://developer.hashicorp.com/terraform/tutorials/providers-plugin-framework) platform. _Terraform Plugin Framework specific guides are titled accordingly._

Please see the [GitHub template repository documentation](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template) for how to create a new repository from this template on GitHub.

Once you've written your provider, you'll want to [publish it on the Terraform Registry](https://developer.hashicorp.com/terraform/registry/providers/publishing) so that others can use it.
This project builds a Terraform Provider on top of Bitwarden [Secrets Manager CLI](https://bitwarden.com/help/secrets-manager-cli/). It allows for reading secrets into Data Sources, or managing secrets or projects through Resources.

## Requirements

- [Terraform](https://developer.hashicorp.com/terraform/downloads) >= 1.0
- [Go](https://golang.org/doc/install) >= 1.21
- [Secrets Manager CLI](https://bitwarden.com/help/secrets-manager-cli/) >= v0.5.0
- [Go](https://golang.org/doc/install) >= 1.21 (development)

_The CLI binary should be added to the path such that it is accessible by the Terraform provider!_

## Building The Provider

@@ -45,7 +36,40 @@ Then commit the changes to `go.mod` and `go.sum`.

## Using the provider

Fill this in for each provider
```tf
terraform {
required_providers {
bitwarden-secrets = {
source = "bitwarden-secrets"
version = ">= 0.1.0"
}
}
}
# Configure the Bitwarden Secrets Provider
provider "bitwarden-secrets" {
access_token = "Token acquired from Bitwarden Secrets Web UI"
}
# Create a Terraform managed project
resource "bitwarden-secrets_project" "example_project" {
name = "Terraform-Secrets"
}
# Create a Terraform managed secret
resource "bitwarden-secrets_secret" "managed_secret" {
key = "test-terraform"
value = "hello world!"
project_id = bitwarden-secrets_project.example_project.id
}
# Or get a secret directly by using its id
data "bitwarden-secrets_secret" "read_only_secret" {
id = "Id of the secret"
}
```

When reading secrets make sure the current provided access token has permissions to read from the associated project. Furthermore, when making use of a secret resource on a project managed outside of Terraform Read & Write permissions should be enabled for the access token.

## Developing the Provider

46 changes: 46 additions & 0 deletions cli/main.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
package cli

import (
"bytes"
"errors"
"os/exec"
)

type Cli struct {
token string
server_url string
binary string
}

func NewCli(token string, server_url string) *Cli {
return &Cli{
token: token,
server_url: server_url,
binary: "bws",
}
}

func (c *Cli) ExecuteCommand(args ...string) ([]byte, error) {
arguments := []string{"--access-token", c.token}

if c.server_url != "" {
arguments = append(arguments, "--server-url", c.server_url)
}

arguments = append(arguments, args...)

// var stdout bytes.Buffer
var stderr bytes.Buffer

cmd := exec.Command(c.binary, arguments...)
// cmd.Stdout = &stdout
cmd.Stderr = &stderr

res, err := cmd.Output()

if err != nil {
return nil, errors.New(stderr.String())
}

return res, nil
}
30 changes: 0 additions & 30 deletions docs/data-sources/example.md

This file was deleted.

33 changes: 33 additions & 0 deletions docs/data-sources/project.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "bitwarden-secrets_project Data Source - bitwarden-secrets"
subcategory: ""
description: |-
Bitwarden Project
---

# bitwarden-secrets_project (Data Source)

Bitwarden Project

## Example Usage

```terraform
data "bitwarden-secrets_project" "example" {
id = "some-id"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `id` (String) Unique identifier for the project.

### Read-Only

- `creation_date` (String) Date the project was created.
- `name` (String) Name of the project.
- `organization_id` (String) Unique identifier for the organization.
- `revision_date` (String) Date the project was last revised.
36 changes: 36 additions & 0 deletions docs/data-sources/project_list.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "bitwarden-secrets_project_list Data Source - bitwarden-secrets"
subcategory: ""
description: |-
List of available Bitwarden projects
---

# bitwarden-secrets_project_list (Data Source)

List of available Bitwarden projects

## Example Usage

```terraform
data "bitwarden-secrets_project_list" "example" {
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Read-Only

- `projects` (Attributes List) List of projects. (see [below for nested schema](#nestedatt--projects))

<a id="nestedatt--projects"></a>
### Nested Schema for `projects`

Read-Only:

- `creation_date` (String) Date the project was created.
- `id` (String) Unique identifier for the project.
- `name` (String) Name of the project.
- `organization_id` (String) Unique identifier for the organization.
- `revision_date` (String) Date the project was last revised.
36 changes: 36 additions & 0 deletions docs/data-sources/secret.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "bitwarden-secrets_secret Data Source - bitwarden-secrets"
subcategory: ""
description: |-
Bitwarden Secret
---

# bitwarden-secrets_secret (Data Source)

Bitwarden Secret

## Example Usage

```terraform
data "bitwarden-secrets_secret" "example" {
id = "some-id"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `id` (String) Unique identifier for the secret.

### Read-Only

- `creation_date` (String) Date the secret was created.
- `key` (String) Key identifying the secret.
- `note` (String) Note included with the secret.
- `organization_id` (String) Unique identifier for the organization associated with the secret.
- `project_id` (String) Unique identifier for the project associated with the secret.
- `revision_date` (String) Date the secret was last revised.
- `value` (String) Value of the secret.
39 changes: 39 additions & 0 deletions docs/data-sources/secret_list.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "bitwarden-secrets_secret_list Data Source - bitwarden-secrets"
subcategory: ""
description: |-
List of available Bitwarden secrets
---

# bitwarden-secrets_secret_list (Data Source)

List of available Bitwarden secrets

## Example Usage

```terraform
data "bitwarden-secrets_secret_list" "example" {
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Read-Only

- `secrets` (Attributes List) List of secrets. (see [below for nested schema](#nestedatt--secrets))

<a id="nestedatt--secrets"></a>
### Nested Schema for `secrets`

Read-Only:

- `creation_date` (String) Date the secret was created.
- `id` (String) Unique identifier for the secret.
- `key` (String) Key identifying the secret.
- `note` (String) Note included with the secret.
- `organization_id` (String) Unique identifier for the organization associated with the secret.
- `project_id` (String) Unique identifier for the project associated with the secret.
- `revision_date` (String) Date the secret was last revised.
- `value` (String) Value of the secret.
26 changes: 0 additions & 26 deletions docs/functions/example.md

This file was deleted.

54 changes: 45 additions & 9 deletions docs/index.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,62 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "scaffolding Provider"
subcategory: ""
layout: ""
page_title: "Bitwarden Secrets Provider"
description: |-
Use the Bitwarden provider to read, create, or update logins, secure notes and folders in your Bitwarden Vaults.
---

# scaffolding Provider

# Bitwarden Secrets Provider

This project builds a Terraform Provider on top of Bitwardens [Secrets Manager CLI]. It allows for reading secrets with Data Sources, or managing secrets or projects through Resources. Because the provider makes use of the CLI internally it should be available to the system globally, it is therefore recommended to put the `bws` binary in the system path.

## Example Usage

```terraform
provider "scaffolding" {
# example configuration here
terraform {
required_providers {
bitwarden-secrets = {
source = "sebastiaan-dev/bitwarden-secrets"
version = ">=0.1.2"
}
}
}
# Configure the provider
provider "bitwarden-secrets" {
access_token = "Access token acquired from Bitwarden"
}
# Create a project managed by Terraform
resource "bitwarden-secrets_project" "project" {
name = "Terraform-Provider"
}
# Create a secret managed by Terraform
resource "bitwarden-secrets_secret" "secret" {
key = "Name of the secret"
value = "Value stored on Bitwarden"
project_id = bitwarden-secrets_project.project.id
}
# Or, read a pre-existing secret
data "bitwarden-secrets_secret" "read_only_secret" {
id = "ID of the secret"
}
```

## Authorization

There are some remarks on the behaviour of read and writing from and to secrets. First, in order to use a Data Source secret from the Bitwarden Secrets Manager the currently active `access-token` should have read permissions for the project associated with the secret. For Resource secrets it should either hold that the secret is a child of a project Resource managed by Terraform, or that the currently active `access-token` has both read and write permissions for the associated project.

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `access_token` (String, Sensitive) Token used to authenticate with the Bitwarden Secrets CLI.

### Optional

- `endpoint` (String) Example provider attribute
- `server_url` (String) URL of the Bitwarden server.

[Secrets Manager CLI]: https://bitwarden.com/help/secrets-manager-cli/
Loading