go generate

docs/resources/auth_method_oidc.md

@@ -21,9 +21,11 @@ The OIDC auth method resource allows you to configure a Boundary auth_method_oid
 
 ### Optional
 
+- **account_claim_maps** (List of String) Account claim maps for the to_claim of sub.
 - **allowed_audiences** (List of String) Audiences for which the provider responses will be allowed
 - **api_url_prefix** (String) The API prefix to use when generating callback URLs for the provider. Should be set to an address at which the provider can reach back to the controller.
 - **callback_url** (String) The URL that should be provided to the IdP for callbacks.
+- **claims_scopes** (List of String) Claims scopes.
 - **client_id** (String) The client ID assigned to this auth method from the provider.
 - **client_secret** (String) The secret key assigned to this auth method from the provider. Once set, only the hash will be kept and the original value can be removed from configuration.
 - **client_secret_hmac** (String) The HMAC of the client secret returned by the Boundary controller, which is used for comparison after initial setting of the value.

docs/resources/credential_library_vault.md

@@ -0,0 +1,73 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "boundary_credential_library_vault Resource - terraform-provider-boundary"
+subcategory: ""
+description: |-
+  The credential library for Vault resource allows you to configure a Boundary credential library for Vault.
+---
+
+# boundary_credential_library_vault (Resource)
+
+The credential library for Vault resource allows you to configure a Boundary credential library for Vault.
+
+## Example Usage
+
+```terraform
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_scope" "project" {
+  name                   = "project_one"
+  description            = "My first scope!"
+  scope_id               = boundary_scope.org.id
+  auto_create_admin_role = true
+}
+
+resource "boundary_credential_store_vault" "example" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
+
+resource "boundary_credential_library_vault" "example" {
+  name                = "vault_library"
+  description         = "My first Vault credential library!"
+  credential_store_id = boundary_credential_store_vault.example.id
+  vault_path          = "database/creds/opened"
+  http_method         = "GET"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **credential_store_id** (String) The ID of the credential store that this library belongs to.
+- **vault_path** (String) The Vault path to query
+
+### Optional
+
+- **description** (String) The Vault credential library description.
+- **http_method** (String) The HTTP method to use when contacting Vault
+- **http_request_body** (String) The raw string to use in HTTP request to Vault
+- **name** (String) The Vault credential library name. Defaults to the resource name.
+
+### Read-Only
+
+- **id** (String) The ID of the Vault credential library.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import boundary_credential_library_vault.foo <my-id>
+```

docs/resources/credential_store_vault.md

@@ -0,0 +1,72 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "boundary_credential_store_vault Resource - terraform-provider-boundary"
+subcategory: ""
+description: |-
+  The credential store for Vault resource allows you to configure a Boundary credential store for Vault.
+---
+
+# boundary_credential_store_vault (Resource)
+
+The credential store for Vault resource allows you to configure a Boundary credential store for Vault.
+
+## Example Usage
+
+```terraform
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_scope" "project" {
+  name                   = "project_one"
+  description            = "My first scope!"
+  scope_id               = boundary_scope.org.id
+  auto_create_admin_role = true
+}
+
+resource "boundary_credential_store_vault" "example" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **address** (String) The address to Vault server
+- **scope_id** (String) The scope for this credential store
+- **token** (String) The Vault token
+
+### Optional
+
+- **ca_cert** (String) The Vault CA certificate to use
+- **client_certificate** (String) The Vault client certificate
+- **client_certificate_key** (String) The Vault client certificate key
+- **description** (String) The Vault credential store description.
+- **name** (String) The Vault credential store name. Defaults to the resource name.
+- **namespace** (String) The namespace within Vault to use
+- **tls_server_name** (String) The Vault TLS server name
+- **tls_skip_verify** (Boolean) Whether or not to skip TLS verification
+
+### Read-Only
+
+- **client_certificate_key_hmac** (String) The Vault client certificate key hmac
+- **id** (String) The ID of the Vault credential store.
+- **token_hmac** (String) The Vault token hmac
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import boundary_credential_store_vault.foo <my-id>
+```

examples/resources/boundary_credential_library_vault/import.sh

@@ -0,0 +1 @@
+terraform import boundary_credential_library_vault.foo <my-id>

examples/resources/boundary_credential_library_vault/resource.tf

@@ -0,0 +1,30 @@
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_scope" "project" {
+  name                   = "project_one"
+  description            = "My first scope!"
+  scope_id               = boundary_scope.org.id
+  auto_create_admin_role = true
+}
+
+resource "boundary_credential_store_vault" "example" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
+
+resource "boundary_credential_library_vault" "example" {
+  name                = "vault_library"
+  description         = "My first Vault credential library!"
+  credential_store_id = boundary_credential_store_vault.example.id
+  vault_path          = "database/creds/opened"
+  http_method         = "GET"
+}

examples/resources/boundary_credential_store_vault/import.sh

@@ -0,0 +1 @@
+terraform import boundary_credential_store_vault.foo <my-id>

examples/resources/boundary_credential_store_vault/resource.tf

@@ -0,0 +1,22 @@
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_scope" "project" {
+  name                   = "project_one"
+  description            = "My first scope!"
+  scope_id               = boundary_scope.org.id
+  auto_create_admin_role = true
+}
+
+resource "boundary_credential_store_vault" "example" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}