Add credential library resource for Vault #114

malnick · 2021-06-01T04:59:36Z

Adds the credential library resource for Vault:

resource "boundary_credential_store_vault" "example" {
    name  =  "foo"
    description = "foo bar"
    address = 127.0.0.1"
    namespace = "default"
 }

resource "boundary_credential_library_vault" "example" {
  name  = "example"
  description = "example resource"
  credential_store_id = boundary_credential_store.example.id

  vault_path = "/my/secrets"
  vault_http_method = "POST"
  vault_request_body = <<EOF
{
  "key": "Value",
}
EOF
}

Built on https://github.com/hashicorp/boundary/tree/mgaffney-vault

talanknight

Looks like it is going in the right direction.

internal/provider/provider.go

internal/provider/resource_credential_library_vault.go

internal/provider/provider.go

louisruch · 2021-06-12T23:57:10Z

@malnick PTAL I exposed NewVaultTestServer in this PR hashicorp/boundary#1321
And then made these updates to get all tests to pass
@talanknight PTAL

louisruch · 2021-06-13T07:27:14Z

Just FYI I have now added the target cred lib Set functionality and associated tests...tests are all going green now, would be good to get a review so we can have this PR ready to merge once vault work merges to boundary@main

talanknight

@louisruch

examples/resources/boundary_target/resource.tf

internal/provider/const.go

internal/provider/resource_credential_store_vault.go

talanknight · 2021-06-16T16:35:10Z

internal/provider/resource_credential_store_vault.go

+
+	if len(opts) > 0 {
+		opts = append(opts, credentialstores.WithAutomaticVersioning(true))
+		aur, err := client.Update(ctx, d.Id(), 0, opts...)


If aur has a different value for credentialStoreVaultTokenHmacKey than we have stored we should issue another update just on the token or maybe we should issue a read before the update. Same thing for the clientCertificate Key. Please also add a test for this.

malnick · 2021-06-16T17:07:19Z

Just a note that this PR is ready to go but we're waiting to rebase the go.mod on boundary:main when that gets merged next week to ensure our provider main branch isn't pointed at a Boundary feature branch.

Relies on hashicorp/boundary#1308 being merged to main.

* docs: update host catalog resource with correct value for type attribute * build: add Makefile target for auto-generating docs * bugfix: make OIDC account attribute for subject ForceNew * docs: update auto-generated docs * Add credential library resource for Vault (#114) * Integrate with Vault to retrieve and manage per session credentials Co-authored-by: Louis Ruch <[email protected]> * Update token/clientKey on hmac change (#125) * Update token/clientKey on hmac change * Update changelog * Update docs * Prep for 1.0.3 * v1.0.3 * Update terraform-plugin-sdk * Fix Typo * Adopt American spelling * fix the parameter that is actually being sent as the auth method id Co-authored-by: Jeff Malnick <[email protected]> Co-authored-by: Louis Ruch <[email protected]> Co-authored-by: Jeff Mitchell <[email protected]> Co-authored-by: tf-release-bot <[email protected]> Co-authored-by: Lewis Cowper <[email protected]>

* feat: add managed group resource * feat: add tests for managed group resource * update go.sum * update tests * simplify the managed group resource * use WithDefaultPasswordAuthMethodId * Managed groups (#129) * docs: update host catalog resource with correct value for type attribute * build: add Makefile target for auto-generating docs * bugfix: make OIDC account attribute for subject ForceNew * docs: update auto-generated docs * Add credential library resource for Vault (#114) * Integrate with Vault to retrieve and manage per session credentials Co-authored-by: Louis Ruch <[email protected]> * Update token/clientKey on hmac change (#125) * Update token/clientKey on hmac change * Update changelog * Update docs * Prep for 1.0.3 * v1.0.3 * Update terraform-plugin-sdk * Fix Typo * Adopt American spelling * fix the parameter that is actually being sent as the auth method id Co-authored-by: Jeff Malnick <[email protected]> Co-authored-by: Louis Ruch <[email protected]> Co-authored-by: Jeff Mitchell <[email protected]> Co-authored-by: tf-release-bot <[email protected]> Co-authored-by: Lewis Cowper <[email protected]> * nits and updates * OIDC auth method + get filter from attributes * Add changelog * Fix schema description Co-authored-by: Riley Guerin <[email protected]> Co-authored-by: Louis Ruch <[email protected]> Co-authored-by: Jeff Mitchell <[email protected]> Co-authored-by: tf-release-bot <[email protected]> Co-authored-by: Lewis Cowper <[email protected]>

malnick added 4 commits May 31, 2021 21:58

update boundary and boundary/api to mgaffney-vault

5d4566d

feat: add credential library resource

fa8be7d

update deps

668eff5

add vault cred library attrs

a6da757

malnick changed the title ~~Add credential library resource~~ Add credential library resource for Vault Jun 3, 2021

malnick added 3 commits June 4, 2021 21:33

add credential library test and update modules

ec3f51a

add resource to provider map

2e89d61

fix up tests

c3df76d

talanknight reviewed Jun 7, 2021

View reviewed changes

internal/provider/provider.go Show resolved Hide resolved

internal/provider/resource_credential_library_vault.go Outdated Show resolved Hide resolved

internal/provider/resource_credential_library_vault.go Show resolved Hide resolved

internal/provider/provider.go Show resolved Hide resolved

malnick and others added 8 commits June 8, 2021 05:36

need credential store resource to make this test pass

b445d02

add vault credential store resource

39f006b

start adding test for credential store

620bba0

fix up store tests

01bf2e5

add options for update on store resource

50da156

bump mod

b52d3fc

add store resource to library test

4bdaa55

Updates

6a9bdb1

go generate

3fafc4c

louisruch force-pushed the resource-credential-library branch from bab14bc to 3fafc4c Compare June 13, 2021 04:29

louisruch added 4 commits June 12, 2021 21:30

nl

297cd18

Add cred lib ids

0aa43c0

Add SAD tests

ff11d25

clean up tests

d5e7023

malnick marked this pull request as ready for review June 16, 2021 00:04

talanknight suggested changes Jun 16, 2021

View reviewed changes

louisruch added 2 commits June 16, 2021 10:23

feedback

b0125a8

Update examples

beb6efc

Set sensitive

b61e923

louisruch force-pushed the resource-credential-library branch 2 times, most recently from 18fcc98 to 244e8a6 Compare June 19, 2021 23:11

Update latest

ac41548

louisruch force-pushed the resource-credential-library branch from 244e8a6 to ac41548 Compare June 19, 2021 23:30

louisruch added 2 commits June 22, 2021 20:45

Merge branch 'main' into resource-credential-library

512f08d

Update to boundary@main

4ab4664

louisruch merged commit 4f0509c into main Jun 23, 2021

louisruch deleted the resource-credential-library branch June 23, 2021 04:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add credential library resource for Vault #114

Add credential library resource for Vault #114

malnick commented Jun 1, 2021 •

edited

Loading

talanknight left a comment

louisruch commented Jun 12, 2021

louisruch commented Jun 13, 2021 •

edited

Loading

talanknight left a comment

talanknight Jun 16, 2021

malnick commented Jun 16, 2021 •

edited

Loading

Add credential library resource for Vault #114

Add credential library resource for Vault #114

Conversation

malnick commented Jun 1, 2021 • edited Loading

talanknight left a comment

Choose a reason for hiding this comment

louisruch commented Jun 12, 2021

louisruch commented Jun 13, 2021 • edited Loading

talanknight left a comment

Choose a reason for hiding this comment

talanknight Jun 16, 2021

Choose a reason for hiding this comment

malnick commented Jun 16, 2021 • edited Loading

malnick commented Jun 1, 2021 •

edited

Loading

louisruch commented Jun 13, 2021 •

edited

Loading

malnick commented Jun 16, 2021 •

edited

Loading