From c3d4ecc7e3cce1ac5127155c1ab83b9f382088b7 Mon Sep 17 00:00:00 2001
From: Jan Nabbefeld <jan@odise.de>
Date: Wed, 12 Jan 2022 10:59:37 +0100
Subject: [PATCH] Add `wireguard_preshared_key` resource (#7)

Closes #6.
---
 docs/data-sources/config_document.md          |  3 +-
 docs/resources/preshared_key.md               | 37 ++++++++++++++
 .../wireguard_config_document/data-source.tf  |  3 +-
 .../wireguard_config_document/versions.tf     |  2 +
 .../wireguard_preshared_key/resource.tf       |  8 +++
 .../wireguard_preshared_key/versions.tf       |  7 +++
 provider/provider.go                          |  1 +
 provider/resource_wireguard_preshared_key.go  | 51 +++++++++++++++++++
 8 files changed, 110 insertions(+), 2 deletions(-)
 create mode 100644 docs/resources/preshared_key.md
 create mode 100644 examples/resources/wireguard_preshared_key/resource.tf
 create mode 100644 examples/resources/wireguard_preshared_key/versions.tf
 create mode 100644 provider/resource_wireguard_preshared_key.go

diff --git a/docs/data-sources/config_document.md b/docs/data-sources/config_document.md
index f05d663..74c7b6c 100644
--- a/docs/data-sources/config_document.md
+++ b/docs/data-sources/config_document.md
@@ -24,7 +24,8 @@ data "wireguard_config_document" "peer1" {
   ]
 
   peer {
-    public_key = wireguard_asymmetric_key.peer2.public_key
+    public_key    = wireguard_asymmetric_key.peer2.public_key
+    preshared_key = wireguard_preshared_key.peer2.key
     allowed_ips = [
       "0.0.0.0/0",
     ]
diff --git a/docs/resources/preshared_key.md b/docs/resources/preshared_key.md
new file mode 100644
index 0000000..23de7ce
--- /dev/null
+++ b/docs/resources/preshared_key.md
@@ -0,0 +1,37 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "wireguard_preshared_key Resource - terraform-provider-wireguard"
+subcategory: ""
+description: |-
+  Provides a WireGuard key resource. This can be used to create, read, and delete WireGuard preshared keys in terraform state.
+---
+
+# wireguard_preshared_key (Resource)
+
+Provides a WireGuard key resource. This can be used to create, read, and delete WireGuard preshared keys in terraform state.
+
+## Example Usage
+
+```terraform
+resource "wireguard_preshared_key" "example" {
+}
+
+output "wg_preshared_key" {
+  description = "Example's preshared WireGuard key"
+  value       = wireguard_preshared_key.example.key
+  sensitive   = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **key** (String, Sensitive) Additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
+
+
diff --git a/examples/data-sources/wireguard_config_document/data-source.tf b/examples/data-sources/wireguard_config_document/data-source.tf
index d90aee6..04d59e4 100644
--- a/examples/data-sources/wireguard_config_document/data-source.tf
+++ b/examples/data-sources/wireguard_config_document/data-source.tf
@@ -9,7 +9,8 @@ data "wireguard_config_document" "peer1" {
   ]
 
   peer {
-    public_key = wireguard_asymmetric_key.peer2.public_key
+    public_key    = wireguard_asymmetric_key.peer2.public_key
+    preshared_key = wireguard_preshared_key.peer2.key
     allowed_ips = [
       "0.0.0.0/0",
     ]
diff --git a/examples/data-sources/wireguard_config_document/versions.tf b/examples/data-sources/wireguard_config_document/versions.tf
index c001553..945b2be 100644
--- a/examples/data-sources/wireguard_config_document/versions.tf
+++ b/examples/data-sources/wireguard_config_document/versions.tf
@@ -9,3 +9,5 @@ terraform {
 resource "wireguard_asymmetric_key" "peer1" {}
 resource "wireguard_asymmetric_key" "peer2" {}
 resource "wireguard_asymmetric_key" "peer3" {}
+
+resource "wireguard_preshared_key" "peer2" {}
diff --git a/examples/resources/wireguard_preshared_key/resource.tf b/examples/resources/wireguard_preshared_key/resource.tf
new file mode 100644
index 0000000..db018ea
--- /dev/null
+++ b/examples/resources/wireguard_preshared_key/resource.tf
@@ -0,0 +1,8 @@
+resource "wireguard_preshared_key" "example" {
+}
+
+output "wg_preshared_key" {
+  description = "Example's preshared WireGuard key"
+  value       = wireguard_preshared_key.example.key
+  sensitive   = true
+}
diff --git a/examples/resources/wireguard_preshared_key/versions.tf b/examples/resources/wireguard_preshared_key/versions.tf
new file mode 100644
index 0000000..0b8f58a
--- /dev/null
+++ b/examples/resources/wireguard_preshared_key/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    wireguard = {
+      source = "OJFord/wireguard"
+    }
+  }
+}
diff --git a/provider/provider.go b/provider/provider.go
index 9496ffb..2176fbd 100644
--- a/provider/provider.go
+++ b/provider/provider.go
@@ -11,6 +11,7 @@ func Provider() *schema.Provider {
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"wireguard_asymmetric_key": resourceWireguardAsymmetricKey(),
+			"wireguard_preshared_key":  resourceWireguardPresharedKey(),
 		},
 	}
 }
diff --git a/provider/resource_wireguard_preshared_key.go b/provider/resource_wireguard_preshared_key.go
new file mode 100644
index 0000000..3639a6b
--- /dev/null
+++ b/provider/resource_wireguard_preshared_key.go
@@ -0,0 +1,51 @@
+package provider
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+)
+
+func resourceWireguardPresharedKey() *schema.Resource {
+	return &schema.Resource{
+		Description: "Provides a WireGuard key resource. This can be used to create, read, and delete WireGuard preshared keys in terraform state.",
+
+		Create: resourceWireguardPresharedKeyCreate,
+		Read:   resourceWireguardPresharedKeyRead,
+		Delete: resourceWireguardPresharedKeyDelete,
+
+		Schema: map[string]*schema.Schema{
+			"key": {
+				Description: "Additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.",
+				Computed:    true,
+				Sensitive:   true,
+				Type:        schema.TypeString,
+			},
+		},
+	}
+}
+
+func resourceWireguardPresharedKeyCreate(d *schema.ResourceData, m interface{}) error {
+	var key wgtypes.Key
+	var err error
+
+	key, err = wgtypes.GenerateKey()
+	err = d.Set("key", key.String())
+	if err != nil {
+		return err
+	}
+	hash := sha256.Sum256([]byte(key.String()))
+	d.SetId(hex.EncodeToString(hash[:]))
+
+	return nil
+}
+
+func resourceWireguardPresharedKeyRead(d *schema.ResourceData, m interface{}) error {
+	return nil
+}
+
+func resourceWireguardPresharedKeyDelete(d *schema.ResourceData, m interface{}) error {
+	d.SetId("")
+	return nil
+}