we are terraform devloprs! (#804)

jspiro · web-flow · commit cfd2861dffa7 · 2021-06-07T20:03:53.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## Unreleased
+
+BREAKING CHANGES:
+
+- Allow GitHub App PEM data to be passed directly ([#803](https://github.com/integrations/terraform-provider-github/issues/803))
+
 ## 4.10.1 (May 25, 2021)
 
 BUG FIXES:
diff --git a/github/apps.go b/github/apps.go
@@ -4,23 +4,20 @@ import (
 	"crypto/x509"
 	"encoding/json"
 	"encoding/pem"
+	"errors"
 	"fmt"
-	"gopkg.in/square/go-jose.v2"
-	"gopkg.in/square/go-jose.v2/jwt"
 	"io/ioutil"
 	"net/http"
 	"time"
-)
 
-// GenerateOAuthTokenFromApp generates a GitHub OAuth access token from a set of valid GitHub App credentials. The
-// returned token can be used to interact with both GitHub's REST and GraphQL APIs.
-func GenerateOAuthTokenFromApp(baseURL, appID, appInstallationID, appPemFile string) (string, error) {
-	pemData, err := ioutil.ReadFile(appPemFile)
-	if err != nil {
-		return "", err
-	}
+	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/square/go-jose.v2/jwt"
+)
 
-	appJWT, err := generateAppJWT(appID, time.Now(), pemData)
+// GenerateOAuthTokenFromApp generates a GitHub OAuth access token from a set of valid GitHub App credentials.
+// The returned token can be used to interact with both GitHub's REST and GraphQL APIs.
+func GenerateOAuthTokenFromApp(baseURL, appID, appInstallationID, pemData string) (string, error) {
+	appJWT, err := generateAppJWT(appID, time.Now(), []byte(pemData))
 	if err != nil {
 		return "", err
 	}
@@ -73,6 +70,10 @@ func getInstallationAccessToken(baseURL string, jwt string, installationID strin
 
 func generateAppJWT(appID string, now time.Time, pemData []byte) (string, error) {
 	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return "", errors.New("No decodeable PEM data found")
+	}
+
 	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
 	if err != nil {
 		return "", err
diff --git a/github/apps_test.go b/github/apps_test.go
@@ -5,33 +5,30 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"gopkg.in/square/go-jose.v2"
-	"gopkg.in/square/go-jose.v2/jwt"
 	"io/ioutil"
 	"strings"
 	"testing"
 	"time"
+
+	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/square/go-jose.v2/jwt"
 )
 
 const (
 	testGitHubAppID             string = "123456789"
 	testGitHubAppInstallationID string = "987654321"
-	testGitHubAppPrivateKeyFile string = "test-fixtures/github-app-key.pem"
 	testGitHubAppPublicKeyFile  string = "test-fixtures/github-app-key.pub"
+	testGitHubAppPrivateKeyFile string = "test-fixtures/github-app-key.pem"
 )
 
 var (
 	testEpochTime = time.Unix(0, 0)
+
+	testGitHubAppPrivateKeyPemData, _ = ioutil.ReadFile(testGitHubAppPrivateKeyFile)
 )
 
 func TestGenerateAppJWT(t *testing.T) {
-	pemData, err := ioutil.ReadFile(testGitHubAppPrivateKeyFile)
-	if err != nil {
-		t.Logf("Failed to read private key file '%s': %s", testGitHubAppPrivateKeyFile, err)
-		t.FailNow()
-	}
-
-	appJWT, err := generateAppJWT(testGitHubAppID, testEpochTime, pemData)
+	appJWT, err := generateAppJWT(testGitHubAppID, testEpochTime, testGitHubAppPrivateKeyPemData)
 	t.Log(appJWT)
 	if err != nil {
 		t.Logf("Failed to generate GitHub app JWT: %s", err)
diff --git a/github/provider.go b/github/provider.go
@@ -2,6 +2,7 @@ package github
 
 import (
 	"fmt"
+
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/terraform"
 )
@@ -150,7 +151,7 @@ func init() {
 			"`token`. Anonymous mode is enabled if both `token` and `app_auth` are not set.",
 		"app_auth.id":              "The GitHub App ID.",
 		"app_auth.installation_id": "The GitHub App installation instance ID.",
-		"app_auth.pem_file":        "The GitHub App PEM file path.",
+		"app_auth.pem_file":        "The GitHub App PEM file contents.",
 	}
 }
 
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -104,7 +104,9 @@ The following arguments are supported in the `provider` block:
 * `app_auth` - (Optional) Configuration block to use GitHub App installation token. When not provided, the provider can only access resources available anonymously.
   * `id` - (Required) This is the ID of the GitHub App. It can sourced from the `GITHUB_APP_ID` environment variable.
   * `installation_id` - (Required) This is the ID of the GitHub App installation. It can sourced from the `GITHUB_APP_INSTALLATION_ID` environment variable.
-  * `pem_file` - (Required) This is the path to the GitHub App private key file. It can sourced from the `GITHUB_APP_PEM_FILE` environment variable.
+  * `pem_file` - (Required) This is the contents of the GitHub App private key PEM file. It can also be sourced from the `GITHUB_APP_PEM_FILE` environment variable.
+
+Note: If you have a PEM file on disk, you can pass it in via `pem_file = file("path/to/file.pem")`.
 
 For backwards compatibility, if more than one of `owner`, `organization`,
 `GITHUB_OWNER` and `GITHUB_ORGANIZATION` are set, the first in this

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package github`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"fmt"`
	`5`	`+`
`5`	`6`	`"github.com/hashicorp/terraform-plugin-sdk/helper/schema"`
`6`	`7`	`"github.com/hashicorp/terraform-plugin-sdk/terraform"`
`7`	`8`	`)`
`@@ -150,7 +151,7 @@ func init() {`
`150`	`151`	"`token`. Anonymous mode is enabled if both `token` and `app_auth` are not set.",
`151`	`152`	`"app_auth.id": "The GitHub App ID.",`
`152`	`153`	`"app_auth.installation_id": "The GitHub App installation instance ID.",`
`153`		`- "app_auth.pem_file": "The GitHub App PEM file path.",`
	`154`	`+ "app_auth.pem_file": "The GitHub App PEM file contents.",`
`154`	`155`	`}`
`155`	`156`	`}`
`156`	`157`