test: cover PAM-backed store password import

Author: spbsoluble

cmd/storesBulkOperations.go

@@ -393,29 +393,11 @@ If you do not wish to include credentials in your CSV file they can be provided
 			reqJson.Delete("Properties") // todo: why is this deleting the properties from the request json?
 
 			rowStorePassword := reqJson.S("Password").Data()
-			passwdParams := api.UpdateStorePasswordConfig{
-				SecretValue: nil,
-			}
+			passwdParams := buildUpdateStorePasswordConfig(rowStorePassword)
 			switch rowStorePassword.(type) {
 			case string:
 				if rowStorePassword != "" {
 					reqJson.Delete("Password")
-					passwdValue := rowStorePassword.(string)
-					passwdParams.SecretValue = &passwdValue
-				}
-			case map[string]interface{}:
-				// try to convert it to api.UpdateStorePasswordConfig
-				rowPasswordMap := rowStorePassword.(map[string]interface{})
-				if providerId, ok := rowPasswordMap["ProviderId"].(int); ok {
-					passwdParams.Provider = providerId
-				}
-				if params, ok := rowPasswordMap["Parameters"].(map[string]interface{}); ok {
-					for k, v := range params {
-						if passwdParams.Parameters == nil {
-							passwdParams.Parameters = make(map[string]string)
-						}
-						passwdParams.Parameters[k] = fmt.Sprintf("%v", v)
-					}
 				}
 			}
 
@@ -1187,6 +1169,35 @@ func shouldTreatCSVValueAsSecretString(header string) bool {
 	}
 }
 
+func buildUpdateStorePasswordConfig(rowStorePassword interface{}) api.UpdateStorePasswordConfig {
+	passwdParams := api.UpdateStorePasswordConfig{
+		SecretValue: nil,
+	}
+
+	switch typedPassword := rowStorePassword.(type) {
+	case string:
+		if typedPassword != "" {
+			passwdParams.SecretValue = &typedPassword
+		}
+	case map[string]interface{}:
+		if providerId, ok := typedPassword["ProviderId"].(int); ok {
+			passwdParams.Provider = providerId
+		} else if providerId, ok := typedPassword["Provider"].(int); ok {
+			passwdParams.Provider = providerId
+		}
+		if params, ok := typedPassword["Parameters"].(map[string]interface{}); ok {
+			for k, v := range params {
+				if passwdParams.Parameters == nil {
+					passwdParams.Parameters = make(map[string]string)
+				}
+				passwdParams.Parameters[k] = fmt.Sprintf("%v", v)
+			}
+		}
+	}
+
+	return passwdParams
+}
+
 func writeCsvFile(outpath string, rows [][]string) error {
 	log.Debug().Msgf("Writing CSV file '%s'", outpath)
 	csvFile, err := os.Create(outpath)

cmd/stores_test.go

@@ -369,6 +369,31 @@ func Test_GetJsonForRequest_TreatsJsonSecretValuesAsStrings(t *testing.T) {
 	assert.Equal(t, row[1], reqJson.S("Properties", "ServerUsername", "SecretValue").Data())
 }
 
+func Test_BuildUpdateStorePasswordConfig_FormatsManagedPamStorePassword(t *testing.T) {
+	header := []string{
+		"Password.ProviderId",
+		"Password.Parameters.SecretName",
+		"Password.Parameters.SecretType",
+		"Password.Parameters.StaticSecretFieldName",
+	}
+	row := []string{"30", "dev/aks/kf-integrations", "static_json", " "}
+
+	reqJson := getJsonForRequest(header, row)
+	storePassword := buildUpdateStorePasswordConfig(reqJson.S("Password").Data())
+
+	assert.Equal(t, 30, storePassword.Provider)
+	assert.Nil(t, storePassword.SecretValue)
+	assert.Equal(
+		t,
+		map[string]string{
+			"SecretName":            "dev/aks/kf-integrations",
+			"SecretType":            "static_json",
+			"StaticSecretFieldName": " ",
+		},
+		storePassword.Parameters,
+	)
+}
+
 func testExportStore(t *testing.T, storeTypeName string) (string, []string) {
 	var (
 		output string

docs/use-cases/Certificate Store Operations/Store Types/citrixadc.md

@@ -115,7 +115,7 @@ Properties.ServerPassword.Provider,Properties.ServerPassword.Parameters.<Paramet
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-The store password uses the `Password` column. For a PAM-backed store password, use `Password.Provider` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
+The store password uses the `Password` column. For a PAM-backed store password, use `Password.ProviderId` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
 
 | PAM type | Store CSV parameter names |
 | --- | --- |

docs/use-cases/Certificate Store Operations/Store Types/f5-sl-rest.md

@@ -120,7 +120,7 @@ Properties.ServerPassword.Provider,Properties.ServerPassword.Parameters.<Paramet
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-The store password uses the `Password` column. For a PAM-backed store password, use `Password.Provider` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
+The store password uses the `Password` column. For a PAM-backed store password, use `Password.ProviderId` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
 
 | PAM type | Store CSV parameter names |
 | --- | --- |

docs/use-cases/Certificate Store Operations/Store Types/fortigate.md

@@ -85,7 +85,7 @@ This store type does not define additional `Properties.*` CSV columns.
 
 ## Secret And PAM Formatting
 
-The store password uses the `Password` column. For a PAM-backed store password, use `Password.Provider` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
+The store password uses the `Password` column. For a PAM-backed store password, use `Password.ProviderId` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
 
 | PAM type | Store CSV parameter names |
 | --- | --- |

docs/use-cases/Certificate Store Operations/Store Types/gcpscrtmgr.md

@@ -96,7 +96,7 @@ These parameters apply to certificate add/enrollment operations for this store t
 
 ## Secret And PAM Formatting
 
-The store password uses the `Password` column. For a PAM-backed store password, use `Password.Provider` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
+The store password uses the `Password` column. For a PAM-backed store password, use `Password.ProviderId` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
 
 | PAM type | Store CSV parameter names |
 | --- | --- |

docs/use-cases/Certificate Store Operations/Store Types/hcvkvjks.md

@@ -107,7 +107,7 @@ Properties.ServerPassword.Provider,Properties.ServerPassword.Parameters.<Paramet
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-The store password uses the `Password` column. For a PAM-backed store password, use `Password.Provider` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
+The store password uses the `Password` column. For a PAM-backed store password, use `Password.ProviderId` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
 
 | PAM type | Store CSV parameter names |
 | --- | --- |

docs/use-cases/Certificate Store Operations/Store Types/hcvkvp12.md

@@ -107,7 +107,7 @@ Properties.ServerPassword.Provider,Properties.ServerPassword.Parameters.<Paramet
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-The store password uses the `Password` column. For a PAM-backed store password, use `Password.Provider` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
+The store password uses the `Password` column. For a PAM-backed store password, use `Password.ProviderId` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
 
 | PAM type | Store CSV parameter names |
 | --- | --- |

docs/use-cases/Certificate Store Operations/Store Types/hcvkvpem.md

@@ -107,7 +107,7 @@ Properties.ServerPassword.Provider,Properties.ServerPassword.Parameters.<Paramet
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-The store password uses the `Password` column. For a PAM-backed store password, use `Password.Provider` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
+The store password uses the `Password` column. For a PAM-backed store password, use `Password.ProviderId` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
 
 | PAM type | Store CSV parameter names |
 | --- | --- |

docs/use-cases/Certificate Store Operations/Store Types/hcvkvpfx.md

@@ -107,7 +107,7 @@ Properties.ServerPassword.Provider,Properties.ServerPassword.Parameters.<Paramet
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-The store password uses the `Password` column. For a PAM-backed store password, use `Password.Provider` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
+The store password uses the `Password` column. For a PAM-backed store password, use `Password.ProviderId` and `Password.Parameters.<ParameterName>` columns. The `Parameters.*` columns must match the instance-level parameters for the configured PAM provider type.
 
 | PAM type | Store CSV parameter names |
 | --- | --- |