From 18a63f0b6505191e7a660111aa10b77a3abfa23c Mon Sep 17 00:00:00 2001 From: "Julian V. Modesto" Date: Tue, 27 Aug 2019 15:33:45 -0400 Subject: [PATCH] Support GCP auth backend role import --- vault/resource_gcp_auth_backend_role.go | 45 ++++++++++++++++++++ vault/resource_gcp_auth_backend_role_test.go | 5 +++ website/docs/r/gcp_auth_backend.html.md | 8 ++++ website/docs/r/gcp_auth_backend_role.html.md | 9 ++++ 4 files changed, 67 insertions(+) diff --git a/vault/resource_gcp_auth_backend_role.go b/vault/resource_gcp_auth_backend_role.go index 3e5a969ac..3d81641a2 100644 --- a/vault/resource_gcp_auth_backend_role.go +++ b/vault/resource_gcp_auth_backend_role.go @@ -149,6 +149,10 @@ func gcpAuthBackendRoleResource() *schema.Resource { Update: gcpAuthResourceUpdate, Read: gcpAuthResourceRead, Delete: gcpAuthResourceDelete, + Exists: gcpAuthResourceExists, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, Schema: fields, } } @@ -278,6 +282,17 @@ func gcpAuthResourceRead(d *schema.ResourceData, meta interface{}) error { return nil } + backend, err := gcpAuthResourceBackendFromPath(path) + if err != nil { + return fmt.Errorf("invalid path %q for GCP auth backend role: %s", path, err) + } + d.Set("backend", backend) + role, err := gcpAuthResourceRoleFromPath(path) + if err != nil { + return fmt.Errorf("invalid path %q for GCP auth backend role: %s", path, err) + } + d.Set("role", role) + readTokenFields(d, resp) // Check if the user is using the deprecated `policies` @@ -367,3 +382,33 @@ func gcpAuthResourceDelete(d *schema.ResourceData, meta interface{}) error { return nil } + +func gcpAuthResourceExists(d *schema.ResourceData, meta interface{}) (bool, error) { + client := meta.(*api.Client) + path := d.Id() + + log.Printf("[DEBUG] Checking if gcp auth role %q exists", path) + resp, err := client.Logical().Read(path) + if err != nil { + return true, fmt.Errorf("error checking for existence of gcp auth resource config %q: %s", path, err) + } + log.Printf("[DEBUG] Checked if gcp auth role %q exists", path) + + return resp != nil, nil +} + +func gcpAuthResourceBackendFromPath(path string) (string, error) { + var parts = strings.Split(path, "/") + if len(parts) != 4 { + return "", fmt.Errorf("Expecdted 4 parts in path '%s'", path) + } + return parts[1], nil +} + +func gcpAuthResourceRoleFromPath(path string) (string, error) { + var parts = strings.Split(path, "/") + if len(parts) != 4 { + return "", fmt.Errorf("Expecdted 4 parts in path '%s'", path) + } + return parts[3], nil +} diff --git a/vault/resource_gcp_auth_backend_role_test.go b/vault/resource_gcp_auth_backend_role_test.go index 181c7c0d8..0db57eed9 100644 --- a/vault/resource_gcp_auth_backend_role_test.go +++ b/vault/resource_gcp_auth_backend_role_test.go @@ -48,6 +48,11 @@ func TestGCPAuthBackendRole_basic(t *testing.T) { "token_policies.#", "0"), ), }, + { + ResourceName: "vault_gcp_auth_backend_role.test", + ImportState: true, + ImportStateVerify: true, + }, }, }) } diff --git a/website/docs/r/gcp_auth_backend.html.md b/website/docs/r/gcp_auth_backend.html.md index 6ecbdb10a..257d1dda2 100644 --- a/website/docs/r/gcp_auth_backend.html.md +++ b/website/docs/r/gcp_auth_backend.html.md @@ -37,3 +37,11 @@ In addition to the fields above, the following attributes are also exposed: * `project_id` - The GCP Project ID * `client_email` - The clients email associated with the credentials + +## Import + +GCP authentication backends can be imported using the backend name, e.g. + +``` +$ terraform import vault_gcp_auth_backend.gcp gcp +``` diff --git a/website/docs/r/gcp_auth_backend_role.html.md b/website/docs/r/gcp_auth_backend_role.html.md index 1928e64b5..108d100eb 100644 --- a/website/docs/r/gcp_auth_backend_role.html.md +++ b/website/docs/r/gcp_auth_backend_role.html.md @@ -123,3 +123,12 @@ documented above. ## Attribute Reference No additional attributes are exposed by this resource. + + +## Import + +GCP authentication roles can be imported using the `path`, e.g. + +``` +$ terraform import vault_gcp_auth_backend_role.my_role auth/gcp/role/my_role +```