Add wireguard_preshared_key resource (#7)

Closes #6.
OJFord · Feb 3, 2022 · c3d4ecc · c3d4ecc
1 parent 104fab4
commit c3d4ecc
Show file tree

Hide file tree

Showing 8 changed files with 110 additions and 2 deletions.
diff --git a/docs/data-sources/config_document.md b/docs/data-sources/config_document.md
@@ -24,7 +24,8 @@ data "wireguard_config_document" "peer1" {
   ]
 
   peer {
-    public_key = wireguard_asymmetric_key.peer2.public_key
+    public_key    = wireguard_asymmetric_key.peer2.public_key
+    preshared_key = wireguard_preshared_key.peer2.key
     allowed_ips = [
       "0.0.0.0/0",
     ]

diff --git a/docs/resources/preshared_key.md b/docs/resources/preshared_key.md
@@ -0,0 +1,37 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "wireguard_preshared_key Resource - terraform-provider-wireguard"
+subcategory: ""
+description: |-
+  Provides a WireGuard key resource. This can be used to create, read, and delete WireGuard preshared keys in terraform state.
+---
+
+# wireguard_preshared_key (Resource)
+
+Provides a WireGuard key resource. This can be used to create, read, and delete WireGuard preshared keys in terraform state.
+
+## Example Usage
+
+```terraform
+resource "wireguard_preshared_key" "example" {
+}
+
+output "wg_preshared_key" {
+  description = "Example's preshared WireGuard key"
+  value       = wireguard_preshared_key.example.key
+  sensitive   = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **key** (String, Sensitive) Additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
+
+
diff --git a/examples/data-sources/wireguard_config_document/data-source.tf b/examples/data-sources/wireguard_config_document/data-source.tf
@@ -9,7 +9,8 @@ data "wireguard_config_document" "peer1" {
   ]
 
   peer {
-    public_key = wireguard_asymmetric_key.peer2.public_key
+    public_key    = wireguard_asymmetric_key.peer2.public_key
+    preshared_key = wireguard_preshared_key.peer2.key
     allowed_ips = [
       "0.0.0.0/0",
     ]

diff --git a/examples/data-sources/wireguard_config_document/versions.tf b/examples/data-sources/wireguard_config_document/versions.tf
@@ -9,3 +9,5 @@ terraform {
 resource "wireguard_asymmetric_key" "peer1" {}
 resource "wireguard_asymmetric_key" "peer2" {}
 resource "wireguard_asymmetric_key" "peer3" {}
+
+resource "wireguard_preshared_key" "peer2" {}
diff --git a/examples/resources/wireguard_preshared_key/resource.tf b/examples/resources/wireguard_preshared_key/resource.tf
@@ -0,0 +1,8 @@
+resource "wireguard_preshared_key" "example" {
+}
+
+output "wg_preshared_key" {
+  description = "Example's preshared WireGuard key"
+  value       = wireguard_preshared_key.example.key
+  sensitive   = true
+}
diff --git a/examples/resources/wireguard_preshared_key/versions.tf b/examples/resources/wireguard_preshared_key/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    wireguard = {
+      source = "OJFord/wireguard"
+    }
+  }
+}
diff --git a/provider/provider.go b/provider/provider.go
@@ -11,6 +11,7 @@ func Provider() *schema.Provider {
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"wireguard_asymmetric_key": resourceWireguardAsymmetricKey(),
+			"wireguard_preshared_key":  resourceWireguardPresharedKey(),
 		},
 	}
 }
diff --git a/provider/resource_wireguard_preshared_key.go b/provider/resource_wireguard_preshared_key.go
@@ -0,0 +1,51 @@
+package provider
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+)
+
+func resourceWireguardPresharedKey() *schema.Resource {
+	return &schema.Resource{
+		Description: "Provides a WireGuard key resource. This can be used to create, read, and delete WireGuard preshared keys in terraform state.",
+
+		Create: resourceWireguardPresharedKeyCreate,
+		Read:   resourceWireguardPresharedKeyRead,
+		Delete: resourceWireguardPresharedKeyDelete,
+
+		Schema: map[string]*schema.Schema{
+			"key": {
+				Description: "Additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.",
+				Computed:    true,
+				Sensitive:   true,
+				Type:        schema.TypeString,
+			},
+		},
+	}
+}
+
+func resourceWireguardPresharedKeyCreate(d *schema.ResourceData, m interface{}) error {
+	var key wgtypes.Key
+	var err error
+
+	key, err = wgtypes.GenerateKey()
+	err = d.Set("key", key.String())
+	if err != nil {
+		return err
+	}
+	hash := sha256.Sum256([]byte(key.String()))
+	d.SetId(hex.EncodeToString(hash[:]))
+
+	return nil
+}
+
+func resourceWireguardPresharedKeyRead(d *schema.ResourceData, m interface{}) error {
+	return nil
+}
+
+func resourceWireguardPresharedKeyDelete(d *schema.ResourceData, m interface{}) error {
+	d.SetId("")
+	return nil
+}