Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: deprecate application_credential_source_ids #260

Merged
merged 2 commits into from
Sep 8, 2022
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@

Canonical reference for changes, improvements, and bugfixes for the Boundary Terraform provider.

## Next

### Deprecations/Changes

* Deprecate `application_credential_source_ids` of the `target` resource
([PR](https://github.com/hashicorp/terraform-provider-boundary/pull/260)).

## 1.0.11 (August 26, 2022)

### New and Improved
Expand Down
6 changes: 4 additions & 2 deletions docs/resources/target.md
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ resource "boundary_target" "foo" {
host_source_ids = [
boundary_host_set.foo.id
]
application_credential_source_ids = [
brokered_credential_source_ids = [
boundary_credential_library_vault.foo.id
]
}
Expand All @@ -108,10 +108,12 @@ resource "boundary_target" "foo" {

### Optional

- `application_credential_source_ids` (Set of String) A list of application credential source ID's.
- `application_credential_source_ids` (Set of String, Deprecated) A list of application credential source ID's.
- `brokered_credential_source_ids` (Set of String) A list of brokered credential source ID's.
- `default_port` (Number) The default port for this target.
- `description` (String) The target description.
- `host_source_ids` (Set of String) A list of host source ID's.
- `injected_application_credential_source_ids` (Set of String) A list of injected application credential source ID's.
- `name` (String) The target name. Defaults to the resource name.
- `session_connection_limit` (Number)
- `session_max_seconds` (Number)
Expand Down
2 changes: 1 addition & 1 deletion examples/resources/boundary_target/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ resource "boundary_target" "foo" {
host_source_ids = [
boundary_host_set.foo.id
]
application_credential_source_ids = [
brokered_credential_source_ids = [
boundary_credential_library_vault.foo.id
]
}
127 changes: 114 additions & 13 deletions internal/provider/resource_target.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ import (

const (
targetHostSourceIdsKey = "host_source_ids"
targetApplicationCredentialSourceIdsKey = "application_credential_source_ids"
targetBrokeredCredentialSourceIdsKey = "brokered_credential_source_ids"
targetInjectedAppCredentialSourceIdsKey = "injected_application_credential_source_ids"
targetDefaultPortKey = "default_port"
targetSessionMaxSecondsKey = "session_max_seconds"
targetSessionConnectionLimitKey = "session_connection_limit"
Expand Down Expand Up @@ -73,8 +74,22 @@ func resourceTarget() *schema.Resource {
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
targetApplicationCredentialSourceIdsKey: {
Description: "A list of application credential source ID's.",
"application_credential_source_ids": {
Description: "A list of application credential source ID's.",
Type: schema.TypeSet,
Optional: true,
Deprecated: "Please use 'brokered_credential_source_ids' instead",
ConflictsWith: []string{targetBrokeredCredentialSourceIdsKey},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this conflict not apply the other way too?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It absolutely does

Elem: &schema.Schema{Type: schema.TypeString},
},
targetBrokeredCredentialSourceIdsKey: {
Description: "A list of brokered credential source ID's.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
targetInjectedAppCredentialSourceIdsKey: {
Description: "A list of injected application credential source ID's.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
Expand Down Expand Up @@ -114,7 +129,17 @@ func setFromTargetResponseMap(d *schema.ResourceData, raw map[string]interface{}
if err := d.Set(targetHostSourceIdsKey, raw["host_source_ids"]); err != nil {
return err
}
if err := d.Set(targetApplicationCredentialSourceIdsKey, raw["application_credential_source_ids"]); err != nil {
// TODO: remove when fully deprecating 'application_credential_source_ids'
if _, ok := d.GetOk("application_credential_source_ids"); ok {
if err := d.Set("application_credential_source_ids", raw["application_credential_source_ids"]); err != nil {
return err
}
} else {
if err := d.Set(targetBrokeredCredentialSourceIdsKey, raw["brokered_credential_source_ids"]); err != nil {
return err
}
}
if err := d.Set(targetInjectedAppCredentialSourceIdsKey, raw["injected_application_credential_source_ids"]); err != nil {
return err
}
if err := d.Set(targetSessionMaxSecondsKey, raw["session_max_seconds"]); err != nil {
Expand Down Expand Up @@ -215,12 +240,28 @@ func resourceTargetCreate(ctx context.Context, d *schema.ResourceData, meta inte
}
}

var credentialSourceIds []string
if credentialSourceIdsVal, ok := d.GetOk(targetApplicationCredentialSourceIdsKey); ok {
var brokeredCreds []string
if credentialSourceIdsVal, ok := d.GetOk(targetBrokeredCredentialSourceIdsKey); ok {
list := credentialSourceIdsVal.(*schema.Set).List()
brokeredCreds = make([]string, 0, len(list))
for _, i := range list {
brokeredCreds = append(brokeredCreds, i.(string))
}
} else if credentialSourceIdsVal, ok := d.GetOk("application_credential_source_ids"); ok {
// TODO: remove when fully deprecating 'application_credential_source_ids'
list := credentialSourceIdsVal.(*schema.Set).List()
brokeredCreds = make([]string, 0, len(list))
for _, i := range list {
brokeredCreds = append(brokeredCreds, i.(string))
}
}

var injectedCreds []string
if credentialSourceIdsVal, ok := d.GetOk(targetInjectedAppCredentialSourceIdsKey); ok {
list := credentialSourceIdsVal.(*schema.Set).List()
credentialSourceIds = make([]string, 0, len(list))
injectedCreds = make([]string, 0, len(list))
for _, i := range list {
credentialSourceIds = append(credentialSourceIds, i.(string))
injectedCreds = append(injectedCreds, i.(string))
}
}

Expand Down Expand Up @@ -251,8 +292,15 @@ func resourceTargetCreate(ctx context.Context, d *schema.ResourceData, meta inte
version = tur.Item.Version
}

if credentialSourceIds != nil {
tur, err := tc.SetCredentialSources(ctx, tcr.Item.Id, version, targets.WithApplicationCredentialSourceIds(credentialSourceIds))
var credOpts []targets.Option
if brokeredCreds != nil {
credOpts = append(credOpts, targets.WithBrokeredCredentialSourceIds(brokeredCreds))
}
if injectedCreds != nil {
credOpts = append(credOpts, targets.WithInjectedApplicationCredentialSourceIds(injectedCreds))
}
if len(credOpts) > 0 {
tur, err := tc.SetCredentialSources(ctx, tcr.Item.Id, version, credOpts...)
if err != nil {
return diag.Errorf("error setting credential sources on target: %v", err)
}
Expand Down Expand Up @@ -430,9 +478,10 @@ func resourceTargetUpdate(ctx context.Context, d *schema.ResourceData, meta inte

// The above calls may not actually happen, so we use d.Id() and automatic
// versioning here
if d.HasChange(targetApplicationCredentialSourceIdsKey) {
// TODO: remove when fully deprecating 'application_credential_source_ids'
if d.HasChange("application_credential_source_ids") {
var credentialSourceIds []string
if credentialSourceIdsVal, ok := d.GetOk(targetApplicationCredentialSourceIdsKey); ok {
if credentialSourceIdsVal, ok := d.GetOk("application_credential_source_ids"); ok {
credSourceIds := credentialSourceIdsVal.(*schema.Set).List()
for _, credSourceId := range credSourceIds {
credentialSourceIds = append(credentialSourceIds, credSourceId.(string))
Expand All @@ -451,7 +500,59 @@ func resourceTargetUpdate(ctx context.Context, d *schema.ResourceData, meta inte
if err != nil {
return diag.Errorf("error updating credential sources in target: %v", err)
}
if err := d.Set(targetApplicationCredentialSourceIdsKey, credentialSourceIds); err != nil {
if err := d.Set("application_credential_source_ids", credentialSourceIds); err != nil {
return diag.FromErr(err)
}
}

if d.HasChange(targetBrokeredCredentialSourceIdsKey) {
var credentialSourceIds []string
if credentialSourceIdsVal, ok := d.GetOk(targetBrokeredCredentialSourceIdsKey); ok {
credSourceIds := credentialSourceIdsVal.(*schema.Set).List()
for _, credSourceId := range credSourceIds {
credentialSourceIds = append(credentialSourceIds, credSourceId.(string))
}
}

opts := []targets.Option{
targets.WithAutomaticVersioning(true),
targets.DefaultBrokeredCredentialSourceIds(),
}
if len(credentialSourceIds) > 0 {
opts = append(opts, targets.WithBrokeredCredentialSourceIds(credentialSourceIds))
}

_, err := tc.SetCredentialSources(ctx, d.Id(), 0, opts...)
if err != nil {
return diag.Errorf("error updating brokered credential sources in target: %v", err)
}
if err := d.Set(targetBrokeredCredentialSourceIdsKey, credentialSourceIds); err != nil {
return diag.FromErr(err)
}
}

if d.HasChange(targetInjectedAppCredentialSourceIdsKey) {
var credentialSourceIds []string
if credentialSourceIdsVal, ok := d.GetOk(targetInjectedAppCredentialSourceIdsKey); ok {
credSourceIds := credentialSourceIdsVal.(*schema.Set).List()
for _, credSourceId := range credSourceIds {
credentialSourceIds = append(credentialSourceIds, credSourceId.(string))
}
}

opts := []targets.Option{
targets.WithAutomaticVersioning(true),
targets.DefaultInjectedApplicationCredentialSourceIds(),
}
if len(credentialSourceIds) > 0 {
opts = append(opts, targets.WithInjectedApplicationCredentialSourceIds(credentialSourceIds))
}

_, err := tc.SetCredentialSources(ctx, d.Id(), 0, opts...)
if err != nil {
return diag.Errorf("error updating injected application credential sources in target: %v", err)
}
if err := d.Set(targetInjectedAppCredentialSourceIdsKey, credentialSourceIds); err != nil {
return diag.FromErr(err)
}
}
Expand Down
20 changes: 10 additions & 10 deletions internal/provider/resource_target_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ resource "boundary_target" "foo" {
host_source_ids = [
boundary_host_set.foo.id
]
application_credential_source_ids = [
brokered_credential_source_ids = [
boundary_credential_library_vault.foo.id
]
default_port = 22
Expand All @@ -108,7 +108,7 @@ resource "boundary_target" "foo" {
host_source_ids = [
boundary_host_set.bar.id
]
application_credential_source_ids = [
brokered_credential_source_ids = [
boundary_credential_library_vault.bar.id
]
default_port = 80
Expand Down Expand Up @@ -166,7 +166,7 @@ func TestAccTarget(t *testing.T) {
resource.TestCheckResourceAttr("boundary_target.foo", targetSessionConnectionLimitKey, "6"),
resource.TestCheckResourceAttr("boundary_target.foo", targetWorkerFilterKey, `type == "foo"`),
testAccCheckTargetResourceHostSource(provider, "boundary_target.foo", []string{"boundary_host_set.foo"}),
testAccCheckTargetResourceAppCredSources(provider, "boundary_target.foo", []string{"boundary_credential_library_vault.foo"}),
testAccCheckTargetResourceBrokeredCredSources(provider, "boundary_target.foo", []string{"boundary_credential_library_vault.foo"}),
),
},
importStep("boundary_target.foo"),
Expand All @@ -181,7 +181,7 @@ func TestAccTarget(t *testing.T) {
resource.TestCheckResourceAttr("boundary_target.foo", targetSessionConnectionLimitKey, "7"),
resource.TestCheckResourceAttr("boundary_target.foo", targetWorkerFilterKey, `type == "bar"`),
testAccCheckTargetResourceHostSource(provider, "boundary_target.foo", []string{"boundary_host_set.bar"}),
testAccCheckTargetResourceAppCredSources(provider, "boundary_target.foo", []string{"boundary_credential_library_vault.bar"}),
testAccCheckTargetResourceBrokeredCredSources(provider, "boundary_target.foo", []string{"boundary_credential_library_vault.bar"}),
),
},
importStep("boundary_target.foo"),
Expand All @@ -196,7 +196,7 @@ func TestAccTarget(t *testing.T) {
resource.TestCheckResourceAttr("boundary_target.foo", targetSessionConnectionLimitKey, "7"),
resource.TestCheckResourceAttr("boundary_target.foo", targetWorkerFilterKey, `type == "bar"`),
testAccCheckTargetResourceHostSource(provider, "boundary_target.foo", nil),
testAccCheckTargetResourceAppCredSources(provider, "boundary_target.foo", nil),
testAccCheckTargetResourceBrokeredCredSources(provider, "boundary_target.foo", nil),
),
},
importStep("boundary_target.foo"),
Expand Down Expand Up @@ -261,7 +261,7 @@ func testAccCheckTargetResourceHostSource(testProvider *schema.Provider, name st
}
}

func testAccCheckTargetResourceAppCredSources(testProvider *schema.Provider, name string, credSources []string) resource.TestCheckFunc {
func testAccCheckTargetResourceBrokeredCredSources(testProvider *schema.Provider, name string, credSources []string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[name]
if !ok {
Expand Down Expand Up @@ -298,19 +298,19 @@ func testAccCheckTargetResourceAppCredSources(testProvider *schema.Provider, nam
return fmt.Errorf("got an error when reading target %q: %w", id, err)
}

if len(t.Item.ApplicationCredentialSourceIds) != len(credSourceIDs) {
return fmt.Errorf("tf state and boundary have different number of application credential sources")
if len(t.Item.BrokeredCredentialSourceIds) != len(credSourceIDs) {
return fmt.Errorf("tf state and boundary have different number of brokered credential sources")
}

for _, stateCredSourceId := range t.Item.ApplicationCredentialSourceIds {
for _, stateCredSourceId := range t.Item.BrokeredCredentialSourceIds {
ok := false
for _, gotCredSourceID := range credSourceIDs {
if gotCredSourceID == stateCredSourceId {
ok = true
}
}
if !ok {
return fmt.Errorf("application credential source id in state not set in boundary: %s", stateCredSourceId)
return fmt.Errorf("brokered credential source id in state not set in boundary: %s", stateCredSourceId)
}
}

Expand Down