Support sudo

tenstad · May 3, 2021 · 69c3b85 · 69c3b85
1 parent db85d8a
commit 69c3b85
Show file tree

Hide file tree

Showing 8 changed files with 188 additions and 49 deletions.
diff --git a/examples/data-sources/remotefile_data_source/data-source.tf b/examples/data-sources/remotefile_data_source/data-source.tf
@@ -1,9 +1,9 @@
 data "remotefile" "bar" {
   conn {
-    host        = "foo.com"
-    port        = "22"
-    username    = "foo"
-    private_key = "<ssh private key>"
+    host     = "foo.com"
+    port     = 22
+    username = "foo"
+    password = "<password>"
   }
   path = "/tmp/bar.txt"
 }
diff --git a/examples/resources/remotefile_resource/resource.tf b/examples/resources/remotefile_resource/resource.tf
@@ -1,8 +1,9 @@
 resource "remotefile" "foo" {
   conn {
     host        = "foo.com"
-    port        = "22"
+    port        = 22
     username    = "foo"
+    sudo        = true
     private_key = "<ssh private key>"
   }
   path = "/tmp/foo.txt"

diff --git a/internal/provider/data_source_remotefile.go b/internal/provider/data_source_remotefile.go
@@ -36,6 +36,12 @@ func dataSourceRemotefile() *schema.Resource {
 							Required:    true,
 							Description: "The username on the target host.",
 						},
+						"sudo": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Default:     false,
+							Description: "Use sudo to gain access to read file.",
+						},
 						"password": {
 							Type:        schema.TypeString,
 							Optional:    true,

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -1,9 +1,11 @@
 package provider
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"io/ioutil"
+	"strings"
 
 	"github.com/bramvdbogaerde/go-scp"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -98,6 +100,131 @@ func newClient(d *schema.ResourceData) (*apiClient, error) {
 	return &client, nil
 }
 
+func (c *apiClient) writeFile(d *schema.ResourceData) error {
+	scpClient, err := c.getSCPClient()
+	if err != nil {
+		return err
+	}
+	defer scpClient.Close()
+
+	return scpClient.CopyFile(strings.NewReader(d.Get("content").(string)), d.Get("path").(string), d.Get("permissions").(string))
+}
+
+func (c *apiClient) writeFileSudo(d *schema.ResourceData) error {
+	sshClient, err := c.getSSHClient()
+	if err != nil {
+		return err
+	}
+
+	session, err := sshClient.NewSession()
+	if err != nil {
+		return err
+	}
+	defer session.Close()
+
+	stdin, err := session.StdinPipe()
+	if err != nil {
+		return err
+	}
+
+	content := d.Get("content").(string)
+	go func() {
+		stdin.Write([]byte(content))
+		stdin.Close()
+	}()
+
+	cmd := fmt.Sprint("cat /dev/stdin | sudo tee ", d.Get("path").(string))
+	return session.Run(cmd)
+}
+
+func (c *apiClient) chmodFileSudo(d *schema.ResourceData) error {
+	sshClient, err := c.getSSHClient()
+	if err != nil {
+		return err
+	}
+
+	session, err := sshClient.NewSession()
+	if err != nil {
+		return err
+	}
+	defer session.Close()
+
+	cmd := fmt.Sprintf("sudo chmod %s %s", d.Get("permissions").(string), d.Get("path").(string))
+	return session.Run(cmd)
+}
+
+func (c *apiClient) readFile(d *schema.ResourceData) error {
+	sftpClient, err := c.getSFTPClient()
+	if err != nil {
+		return err
+	}
+	defer sftpClient.Close()
+
+	file, err := sftpClient.Open(d.Get("path").(string))
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	content := bytes.Buffer{}
+	_, err = file.WriteTo(&content)
+
+	if err != nil {
+		return err
+	}
+
+	d.Set("content", string(content.String()))
+	return nil
+}
+
+func (c *apiClient) readFileSudo(d *schema.ResourceData) error {
+	sshClient, err := c.getSSHClient()
+	if err != nil {
+		return err
+	}
+
+	session, err := sshClient.NewSession()
+	if err != nil {
+		return err
+	}
+	defer session.Close()
+
+	cmd := fmt.Sprint("sudo cat ", d.Get("path").(string))
+	content, err := session.Output(cmd)
+	if err != nil {
+		return err
+	}
+
+	d.Set("content", string(content))
+	return nil
+}
+
+func (c *apiClient) deleteFile(d *schema.ResourceData) error {
+	sftpClient, err := c.getSFTPClient()
+	if err != nil {
+		return err
+	}
+	defer sftpClient.Close()
+
+	return sftpClient.Remove(d.Get("path").(string))
+}
+
+func (c *apiClient) deleteFileSudo(d *schema.ResourceData) error {
+	sshClient, err := c.getSSHClient()
+	if err != nil {
+		return err
+	}
+
+	session, err := sshClient.NewSession()
+	if err != nil {
+		return err
+	}
+	defer session.Close()
+
+	cmd := fmt.Sprint("sudo cat ", d.Get("path").(string))
+	return session.Run(cmd)
+}
+
 func (c apiClient) getSSHClient() (*ssh.Client, error) {
 	sshClient, err := ssh.Dial("tcp", c.host, &c.clientConfig)
 	if err != nil {

diff --git a/internal/provider/resource_remotefile.go b/internal/provider/resource_remotefile.go
@@ -1,10 +1,8 @@
 package provider
 
 import (
-	"bytes"
 	"context"
 	"fmt"
-	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -42,6 +40,12 @@ func resourceRemotefile() *schema.Resource {
 							Required:    true,
 							Description: "The username on the target host.",
 						},
+						"sudo": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Default:     false,
+							Description: "Use sudo to gain access to read/write file.",
+						},
 						"password": {
 							Type:        schema.TypeString,
 							Optional:    true,
@@ -90,16 +94,21 @@ func resourceRemotefileCreate(ctx context.Context, d *schema.ResourceData, meta
 		return diag.Errorf(err.Error())
 	}
 
-	scpClient, err := client.getSCPClient()
-	if err != nil {
-		return diag.Errorf(err.Error())
-	}
-	defer scpClient.Close()
-
-	err = scpClient.CopyFile(strings.NewReader(d.Get("content").(string)), d.Get("path").(string), d.Get("permissions").(string))
-
-	if err != nil {
-		return diag.Errorf("error while copying file: %s", err.Error())
+	sudo, ok := d.GetOk("conn.0.sudo")
+	if ok && sudo.(bool) {
+		err := client.writeFileSudo(d)
+		if err != nil {
+			return diag.Errorf("error while creating remote file with sudo: %s", err.Error())
+		}
+		err = client.chmodFileSudo(d)
+		if err != nil {
+			return diag.Errorf("error while changing permissions of remote file with sudo: %s", err.Error())
+		}
+	} else {
+		err := client.writeFile(d)
+		if err != nil {
+			return diag.Errorf("error while creating remote file: %s", err.Error())
+		}
 	}
 
 	return diag.Diagnostics{}
@@ -113,26 +122,18 @@ func resourceRemotefileRead(ctx context.Context, d *schema.ResourceData, meta in
 		return diag.Errorf(err.Error())
 	}
 
-	sftpClient, err := client.getSFTPClient()
-	if err != nil {
-		return diag.Errorf(err.Error())
+	sudo, ok := d.GetOk("conn.0.sudo")
+	if ok && sudo.(bool) {
+		err := client.readFileSudo(d)
+		if err != nil {
+			return diag.Errorf("error while removing remote file with sudo: %s", err.Error())
+		}
+	} else {
+		err := client.readFile(d)
+		if err != nil {
+			return diag.Errorf("error while removing remote file: %s", err.Error())
+		}
 	}
-	defer sftpClient.Close()
-
-	file, err := sftpClient.Open(d.Get("path").(string))
-	if err != nil {
-		return diag.Errorf("error while opening remote file: %s", err.Error())
-	}
-	defer file.Close()
-
-	content := bytes.Buffer{}
-	_, err = file.WriteTo(&content)
-
-	if err != nil {
-		return diag.Errorf("error while reading remote file: %s", err.Error())
-	}
-
-	d.Set("content", string(content.String()))
 
 	return diag.Diagnostics{}
 }
@@ -147,15 +148,17 @@ func resourceRemotefileDelete(ctx context.Context, d *schema.ResourceData, meta
 		return diag.Errorf(err.Error())
 	}
 
-	sftpClient, err := client.getSFTPClient()
-	if err != nil {
-		return diag.Errorf(err.Error())
-	}
-	defer sftpClient.Close()
-
-	err = sftpClient.Remove(d.Get("path").(string))
-	if err != nil {
-		return diag.Errorf("error while removing remote file: %s", err.Error())
+	sudo, ok := d.GetOk("conn.0.sudo")
+	if ok && sudo.(bool) {
+		err := client.deleteFileSudo(d)
+		if err != nil {
+			return diag.Errorf("error while removing remote file with sudo: %s", err.Error())
+		}
+	} else {
+		err := client.deleteFile(d)
+		if err != nil {
+			return diag.Errorf("error while removing remote file: %s", err.Error())
+		}
 	}
 
 	return diag.Diagnostics{}

diff --git a/internal/provider/resource_remotefile_test.go b/internal/provider/resource_remotefile_test.go
@@ -26,10 +26,11 @@ func TestAccResourceRemotefile(t *testing.T) {
 const testAccResourceRemotefile = `
 resource "remotefile" "foo" {
   conn {
-	  host = "localhost"
+	  host = "terraform-provider-remotefile-test"
 	  username = "root"
+	  sudo = true
 	  password = "password"
-	  port = 8022
+	  port = 22
   }
   path = "/tmp/foo.txt"
   content = "bar"

diff --git a/tests/Dockerfile b/tests/Dockerfile
@@ -1,8 +1,9 @@
 FROM alpine:latest
 
 RUN apk add --no-cache \
-    openssh \
     bash \
+    openssh \
+    sudo \
     && ssh-keygen -A \
     && sed -i "s/#\?PermitRootLogin.*/PermitRootLogin yes/" /etc/ssh/sshd_config \
     && mkdir /root/.ssh \

diff --git a/tests/run.sh b/tests/run.sh
@@ -1,3 +1,3 @@
 ssh-keygen -f "$HOME/.ssh/known_hosts" -R "[localhost]:8022"
 docker build -t terraform-provider-remotefile-test .
-docker run --rm -d -p 8022:22 terraform-provider-remotefile-test
+docker run --rm -d -p 8022:22 --name terraform-provider-remotefile-test terraform-provider-remotefile-test