Support GCP auth backend role import

dandandy · Aug 28, 2019 · 18a63f0 · 18a63f0
1 parent 52a0ab2
commit 18a63f0
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 0 deletions.
diff --git a/vault/resource_gcp_auth_backend_role.go b/vault/resource_gcp_auth_backend_role.go
@@ -149,6 +149,10 @@ func gcpAuthBackendRoleResource() *schema.Resource {
 		Update: gcpAuthResourceUpdate,
 		Read:   gcpAuthResourceRead,
 		Delete: gcpAuthResourceDelete,
+		Exists: gcpAuthResourceExists,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
 		Schema: fields,
 	}
 }
@@ -278,6 +282,17 @@ func gcpAuthResourceRead(d *schema.ResourceData, meta interface{}) error {
 		return nil
 	}
 
+	backend, err := gcpAuthResourceBackendFromPath(path)
+	if err != nil {
+		return fmt.Errorf("invalid path %q for GCP auth backend role: %s", path, err)
+	}
+	d.Set("backend", backend)
+	role, err := gcpAuthResourceRoleFromPath(path)
+	if err != nil {
+		return fmt.Errorf("invalid path %q for GCP auth backend role: %s", path, err)
+	}
+	d.Set("role", role)
+
 	readTokenFields(d, resp)
 
 	// Check if the user is using the deprecated `policies`
@@ -367,3 +382,33 @@ func gcpAuthResourceDelete(d *schema.ResourceData, meta interface{}) error {
 
 	return nil
 }
+
+func gcpAuthResourceExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	client := meta.(*api.Client)
+	path := d.Id()
+
+	log.Printf("[DEBUG] Checking if gcp auth role %q exists", path)
+	resp, err := client.Logical().Read(path)
+	if err != nil {
+		return true, fmt.Errorf("error checking for existence of gcp auth resource config %q: %s", path, err)
+	}
+	log.Printf("[DEBUG] Checked if gcp auth role %q exists", path)
+
+	return resp != nil, nil
+}
+
+func gcpAuthResourceBackendFromPath(path string) (string, error) {
+	var parts = strings.Split(path, "/")
+	if len(parts) != 4 {
+		return "", fmt.Errorf("Expecdted 4 parts in path '%s'", path)
+	}
+	return parts[1], nil
+}
+
+func gcpAuthResourceRoleFromPath(path string) (string, error) {
+	var parts = strings.Split(path, "/")
+	if len(parts) != 4 {
+		return "", fmt.Errorf("Expecdted 4 parts in path '%s'", path)
+	}
+	return parts[3], nil
+}
diff --git a/vault/resource_gcp_auth_backend_role_test.go b/vault/resource_gcp_auth_backend_role_test.go
@@ -48,6 +48,11 @@ func TestGCPAuthBackendRole_basic(t *testing.T) {
 						"token_policies.#", "0"),
 				),
 			},
+			{
+				ResourceName:      "vault_gcp_auth_backend_role.test",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }

diff --git a/website/docs/r/gcp_auth_backend.html.md b/website/docs/r/gcp_auth_backend.html.md
@@ -37,3 +37,11 @@ In addition to the fields above, the following attributes are also exposed:
 * `project_id` - The GCP Project ID
 
 * `client_email` - The clients email associated with the credentials
+
+## Import
+
+GCP authentication backends can be imported using the backend name, e.g.
+
+```
+$ terraform import vault_gcp_auth_backend.gcp gcp
+```
diff --git a/website/docs/r/gcp_auth_backend_role.html.md b/website/docs/r/gcp_auth_backend_role.html.md
@@ -123,3 +123,12 @@ documented above.
 ## Attribute Reference
 
 No additional attributes are exposed by this resource.
+
+
+## Import
+
+GCP authentication roles can be imported using the `path`, e.g.
+
+```
+$ terraform import vault_gcp_auth_backend_role.my_role auth/gcp/role/my_role
+```