From 0d1e5f1b13c9ad9c987cd8f6f02145b1d070541b Mon Sep 17 00:00:00 2001 From: Vinay Gopalan Date: Thu, 26 Sep 2024 16:36:00 -0700 Subject: [PATCH] update all secrets mount resources with API fields --- go.mod | 60 +++--- go.sum | 122 ++++++------ vault/resource_ad_secret_backend.go | 174 +++++++---------- vault/resource_aws_secret_backend.go | 101 +++------- vault/resource_aws_secret_backend_test.go | 89 +++++++++ vault/resource_azure_secret_backend.go | 54 ++---- vault/resource_azure_secret_backend_test.go | 97 ++++++++++ vault/resource_consul_secret_backend.go | 93 ++++------ vault/resource_database_secrets_mount.go | 2 +- vault/resource_gcp_secret_backend.go | 95 +++------- vault/resource_kmip_secret_backend.go | 142 ++++++-------- vault/resource_kubernetes_secret_backend.go | 2 +- vault/resource_ldap_secret_backend.go | 2 +- vault/resource_mount.go | 26 +-- vault/resource_mount_test.go | 23 +-- vault/resource_nomad_secret_backend.go | 137 ++++++-------- vault/resource_rabbitmq_secret_backend.go | 135 +++++--------- ...resource_terraform_cloud_secret_backend.go | 175 +++++++----------- 18 files changed, 696 insertions(+), 833 deletions(-) diff --git a/go.mod b/go.mod index 5b2ed697dd..e9c640705b 100644 --- a/go.mod +++ b/go.mod @@ -1,15 +1,17 @@ module github.com/hashicorp/terraform-provider-vault -go 1.21 +go 1.22 + +toolchain go1.22.5 require ( - cloud.google.com/go/compute/metadata v0.2.3 - cloud.google.com/go/iam v1.1.5 + cloud.google.com/go/compute/metadata v0.3.0 + cloud.google.com/go/iam v1.1.6 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 github.com/aws/aws-sdk-go v1.50.13 - github.com/cenkalti/backoff/v4 v4.2.1 + github.com/cenkalti/backoff/v4 v4.3.0 github.com/coreos/pkg v0.0.0-20230601102743-20bbbf26f4d8 github.com/denisenkom/go-mssqldb v0.12.3 github.com/go-sql-driver/mysql v1.7.1 @@ -29,22 +31,21 @@ require ( github.com/hashicorp/vault-plugin-auth-jwt v0.20.3 github.com/hashicorp/vault-plugin-auth-kerberos v0.11.0 github.com/hashicorp/vault-plugin-auth-oci v0.15.1 - github.com/hashicorp/vault/api v1.14.0 - github.com/hashicorp/vault/sdk v0.13.0 + github.com/hashicorp/vault/api v1.15.0 + github.com/hashicorp/vault/sdk v0.14.0 github.com/jcmturner/gokrb5/v8 v8.4.4 github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/mapstructure v1.5.0 github.com/stretchr/testify v1.9.0 - golang.org/x/crypto v0.24.0 - golang.org/x/net v0.26.0 - golang.org/x/oauth2 v0.18.0 - google.golang.org/api v0.163.0 - google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe + golang.org/x/crypto v0.26.0 + golang.org/x/net v0.28.0 + golang.org/x/oauth2 v0.20.0 + google.golang.org/api v0.169.0 + google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 k8s.io/utils v0.0.0-20240102154912-e7106e64919e ) require ( - cloud.google.com/go/compute v1.23.3 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect @@ -61,7 +62,7 @@ require ( github.com/coreos/go-oidc/v3 v3.10.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/docker v25.0.6+incompatible // indirect + github.com/docker/docker v26.1.5+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect @@ -72,7 +73,7 @@ require ( github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-ldap/ldap/v3 v3.4.6 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect @@ -84,7 +85,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect + github.com/googleapis/gax-go/v2 v2.12.2 // indirect github.com/gosimple/unidecode v1.0.1 // indirect github.com/hashicorp/cap v0.6.0 // indirect github.com/hashicorp/cap/ldap v0.0.0-20240328153749-fcfe271d0227 // indirect @@ -92,11 +93,11 @@ require ( github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.1 // indirect github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 // indirect - github.com/hashicorp/go-plugin v1.6.0 // indirect + github.com/hashicorp/go-plugin v1.6.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 // indirect - github.com/hashicorp/go-secure-stdlib/plugincontainer v0.3.0 // indirect + github.com/hashicorp/go-secure-stdlib/plugincontainer v0.4.0 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.3 // indirect github.com/hashicorp/go-sockaddr v1.0.6 // indirect @@ -130,6 +131,7 @@ require ( github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/pointerstructure v1.2.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/patternmatcher v0.5.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/sys/user v0.1.0 // indirect @@ -153,24 +155,24 @@ require ( github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/zclconf/go-cty v1.14.1 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect - go.opentelemetry.io/otel v1.24.0 // indirect - go.opentelemetry.io/otel/metric v1.24.0 // indirect - go.opentelemetry.io/otel/trace v1.24.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect go.uber.org/atomic v1.11.0 // indirect golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.24.0 // indirect + golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/grpc v1.61.1 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240812133136-8ffd90a71988 // indirect + google.golang.org/grpc v1.65.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 8b72b7403e..0d6fe1b159 100644 --- a/go.sum +++ b/go.sum @@ -304,13 +304,13 @@ cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdi cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78= cloud.google.com/go/compute v1.23.2/go.mod h1:JJ0atRC0J/oWYiiVBmsSsrRnh92DhZPG4hFDcR04Rns= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= @@ -593,8 +593,9 @@ cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+K cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE= cloud.google.com/go/iam v1.1.4/go.mod h1:l/rg8l1AaA+VFMho/HYx2Vv6xinPSLMF8qfhRPIZ0L8= -cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI= cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= +cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= +cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= @@ -1331,8 +1332,8 @@ github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInq github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= @@ -1376,7 +1377,6 @@ github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230428030218-4003588d1b74/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= @@ -1590,8 +1590,8 @@ github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05 github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= -github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g= +github.com/docker/docker v26.1.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= @@ -1637,7 +1637,6 @@ github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0+ github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -1730,8 +1729,8 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= @@ -1933,8 +1932,9 @@ github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38 github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA= +github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= @@ -2020,8 +2020,8 @@ github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9 github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= github.com/hashicorp/go-plugin v1.5.1/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4= github.com/hashicorp/go-plugin v1.5.2/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4= -github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= -github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= +github.com/hashicorp/go-plugin v1.6.1 h1:P7MR2UP6gNKGPp+y7EZw2kOiq4IR9WiqLvp0XOsVdwI= +github.com/hashicorp/go-plugin v1.6.1/go.mod h1:XPHFku2tFo3o3QKFgSYo+cghcUhw1NA1hZyMK0PWAw0= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= @@ -2046,8 +2046,8 @@ github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSY github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0= github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= github.com/hashicorp/go-secure-stdlib/plugincontainer v0.2.2/go.mod h1:7xQt0+IfRmzYBLpFx+4MYfLpBdd1PT1VatGKRswf7xE= -github.com/hashicorp/go-secure-stdlib/plugincontainer v0.3.0 h1:KMWpBsC65ZBXDpoxJ0n2/zVfZaZIW73k2d8cy5Dv/Kk= -github.com/hashicorp/go-secure-stdlib/plugincontainer v0.3.0/go.mod h1:qKYwSZ2EOpppko5ud+Sh9TrUgiTAZSaQCr8XWIYXsbM= +github.com/hashicorp/go-secure-stdlib/plugincontainer v0.4.0 h1:7Yran48kl6X7jfUg3sfYDrFot1gD3LvzdC3oPu5l/qo= +github.com/hashicorp/go-secure-stdlib/plugincontainer v0.4.0/go.mod h1:9WJFu7L3d+Z4ViZmwUf+6/73/Uy7YMY1NXrB9wdElYE= github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= @@ -2114,12 +2114,12 @@ github.com/hashicorp/vault-plugin-auth-oci v0.15.1/go.mod h1:i3KYRLQFpAIJuvbXHBM github.com/hashicorp/vault/api v1.4.1/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidgVBq6YiTq/bM= github.com/hashicorp/vault/api v1.9.1/go.mod h1:78kktNcQYbBGSrOjQfHjXN32OhhxXnbYl3zxpd2uPUs= github.com/hashicorp/vault/api v1.11.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= -github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= -github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= +github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= +github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/vault/sdk v0.10.2/go.mod h1:VxJIQgftEX7FCDM3i6TTLjrZszAeLhqPicNbCVNRg4I= -github.com/hashicorp/vault/sdk v0.13.0 h1:UmcLF+7r70gy1igU44Suflgio30P2GOL4MkHPhJuiP8= -github.com/hashicorp/vault/sdk v0.13.0/go.mod h1:LxhNTWRG99mXg9xijBCnCnIus+brLC5uFsQUQ4zgOnU= +github.com/hashicorp/vault/sdk v0.14.0 h1:8vagjlpLurkFTnKT9aFSGs4U1XnK2IFytnWSxgFrDo0= +github.com/hashicorp/vault/sdk v0.14.0/go.mod h1:3hnGK5yjx3CW2hFyk+Dw1jDgKxdBvUvjyxMHhq0oUFc= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= @@ -2373,6 +2373,8 @@ github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs= +github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= +github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= @@ -2822,13 +2824,13 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0/go.mod h1:UMklln0+MRhZC4e3PwmN3pCtq4DyIadWw4yikh6bNrw= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0/go.mod h1:5eCOqeGphOyz6TsY3ZDNjE33SM/TFAK3RGuCL2naTgY= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU= go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= @@ -2836,8 +2838,8 @@ go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+n go.opentelemetry.io/otel v1.8.0/go.mod h1:2pkj+iMj0o03Y+cW6/m8Y4WkRdYN3AvCXCnzRMp9yvM= go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= -go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= -go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel/exporters/otlp v0.20.0 h1:PTNgq9MRmQqqJY0REVbZFvwkYOA85vbdQU/nVfxDyqg= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= @@ -2858,14 +2860,14 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0/go.mod h1:5w41DY6S9gZrbjuq6Y+753e96WfPha5IcsOSZTtullM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0/go.mod h1:+N7zNjIJv4K+DeX67XXET0P+eIciESgaFDBqh+ZJFS4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 h1:FyjCyI9jVEfqhUh2MoSkmolPjfh5fp2hnV0b0irxH4Q= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0/go.mod h1:hYwym2nDEeZfG/motx0p7L7J1N1vyzIThemQsb4g2qY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 h1:j9+03ymgYhPKmeXGk5Zu+cIZOlVzd9Zv7QIiyItjFBU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0/go.mod h1:Y5+XiUG4Emn1hTfciPzGPJaSI+RpDts6BnCIir0SLqk= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU= go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= go.opentelemetry.io/otel/metric v0.37.0/go.mod h1:DmdaHfGt54iV6UKxsV9slj2bBRJcKC1B1uvDLIioc1s= -go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= -go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzmCQhxTcZkI= @@ -2873,8 +2875,8 @@ go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1t go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE= go.opentelemetry.io/otel/sdk v1.14.0/go.mod h1:bwIC5TjrNG6QDCHNWvW4HLHtUQ4I+VQDsnjhvyZCALM= -go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= -go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= @@ -2884,8 +2886,8 @@ go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48 go.opentelemetry.io/otel/trace v1.8.0/go.mod h1:0Bt3PXY8w+3pheS3hQUt+wow8b1ojPaTBoTCh2zIFI4= go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= -go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= -go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg= go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= @@ -2967,8 +2969,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -3126,8 +3128,8 @@ golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -3163,8 +3165,8 @@ golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQ golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= -golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= -golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -3185,8 +3187,8 @@ golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -3346,8 +3348,8 @@ golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -3369,8 +3371,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -3392,8 +3394,8 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -3584,8 +3586,8 @@ google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWL google.golang.org/api v0.134.0/go.mod h1:sjRL3UnjTx5UqNQS9EWr9N8p7xbHpy1k0XGRLCf3Spk= google.golang.org/api v0.139.0/go.mod h1:CVagp6Eekz9CjGZ718Z+sloknzkDJE7Vc1Ckj9+viBk= google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI= -google.golang.org/api v0.163.0 h1:4BBDpPaSH+H28NhnX+WwjXxbRLQ7TWuEKp4BQyEjxvk= -google.golang.org/api v0.163.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYlAHs0= +google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY= +google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -3755,8 +3757,8 @@ google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:EMfReVxb google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI= google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405/go.mod h1:3WDQMjmJk36UQhjQ89emUzb1mdaHcPeeAh4SCBKznB4= google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe h1:USL2DhxfgRchafRvt/wYyyQNzwgL7ZiURcozOE/Pkvo= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= +google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU= +google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= @@ -3774,8 +3776,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a/go. google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870= google.golang.org/genproto/googleapis/api v0.0.0-20231030173426-d783a09b4405/go.mod h1:oT32Z4o8Zv2xPQTg0pbVaPr0MPOH6f14RgXt7zfIpwg= google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230720185612-659f7aaaa771/go.mod h1:3QoBVwTHkXbY1oRGzlhwhOykfcATQN43LJ6iT8Wy8kE= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230807174057-1744710a1577/go.mod h1:NjCQG/D8JandXxM57PZbAJL1DCNL6EypA0vPPwfsc7c= @@ -3798,8 +3800,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE= google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe h1:bQnxqljG/wqi4NTXu2+DJ3n7APcEA882QZ1JvhQAq9o= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240812133136-8ffd90a71988 h1:V71AcdLZr2p8dC9dbOIMCpqi4EmRl8wUwnJzXXLmbmc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240812133136-8ffd90a71988/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -3856,8 +3858,8 @@ google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSs google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= -google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= -google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -3878,8 +3880,8 @@ google.golang.org/protobuf v1.28.2-0.20230222093303-bc1253ad3743/go.mod h1:HV8QO google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vault/resource_ad_secret_backend.go b/vault/resource_ad_secret_backend.go index 3365057ada..7155c17e96 100644 --- a/vault/resource_ad_secret_backend.go +++ b/vault/resource_ad_secret_backend.go @@ -6,16 +6,14 @@ package vault import ( "context" "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "log" "strings" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" - "github.com/hashicorp/terraform-provider-vault/util/mountutil" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" ) func adSecretBackendResource() *schema.Resource { @@ -199,44 +197,44 @@ func adSecretBackendResource() *schema.Resource { Description: `LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`, }, } - return provider.MustAddMountMigrationSchema(&schema.Resource{ + r := provider.MustAddMountMigrationSchema(&schema.Resource{ DeprecationMessage: `This resource is replaced by "vault_ldap_secret_backend" and will be removed in the next major release.`, - Create: createConfigResource, - Update: updateConfigResource, - Read: provider.ReadWrapper(readConfigResource), - Delete: deleteConfigResource, + CreateContext: createConfigResource, + UpdateContext: updateConfigResource, + ReadContext: provider.ReadContextWrapper(readConfigResource), + DeleteContext: deleteConfigResource, Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, + StateContext: schema.ImportStatePassthroughContext, }, CustomizeDiff: getMountCustomizeDiffFunc(consts.FieldBackend), Schema: fields, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(r, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldDefaultLeaseTTL, + consts.FieldMaxLeaseTTL, + consts.FieldLocal, + )) + + return r } -func createConfigResource(d *schema.ResourceData, meta interface{}) error { +func createConfigResource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } backend := d.Get("backend").(string) - description := d.Get("description").(string) - defaultTTL := d.Get("default_lease_ttl_seconds").(int) - local := d.Get("local").(bool) - maxTTL := d.Get("max_lease_ttl_seconds").(int) log.Printf("[DEBUG] Mounting AD backend at %q", backend) - err := client.Sys().Mount(backend, &api.MountInput{ - Type: consts.MountTypeAD, - Description: description, - Local: local, - Config: api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", defaultTTL), - MaxLeaseTTL: fmt.Sprintf("%ds", maxTTL), - }, - }) - if err != nil { - return fmt.Errorf("error mounting to %q: %s", backend, err) + + if err := createMount(d, meta, client, backend, consts.MountTypeAD); err != nil { + return diag.FromErr(err) } log.Printf("[DEBUG] Mounted AD backend at %q", backend) @@ -327,44 +325,34 @@ func createConfigResource(d *schema.ResourceData, meta interface{}) error { configPath := fmt.Sprintf("%s/config", backend) log.Printf("[DEBUG] Writing %q", configPath) - if _, err := client.Logical().Write(configPath, data); err != nil { - return fmt.Errorf("error writing %q: %s", configPath, err) + if _, err := client.Logical().WriteWithContext(ctx, configPath, data); err != nil { + return diag.Errorf("error writing %q: %s", configPath, err) } log.Printf("[DEBUG] Wrote %q", configPath) - return readConfigResource(d, meta) + return readConfigResource(ctx, d, meta) } -func readConfigResource(d *schema.ResourceData, meta interface{}) error { +func readConfigResource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } path := d.Id() log.Printf("[DEBUG] Reading %q", path) - ctx := context.Background() - mount, err := mountutil.GetMount(ctx, client, path) - if err != nil { - if mountutil.IsMountNotFoundError(err) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - return err - } - d.Set("backend", d.Id()) - d.Set("default_lease_ttl_seconds", mount.Config.DefaultLeaseTTL) - d.Set("max_lease_ttl_seconds", mount.Config.MaxLeaseTTL) + if err := readMount(d, meta, true); err != nil { + return diag.FromErr(err) + } configPath := fmt.Sprintf("%s/config", d.Id()) log.Printf("[DEBUG] Reading %q", configPath) - resp, err := client.Logical().Read(configPath) + resp, err := client.Logical().ReadWithContext(ctx, configPath) if err != nil { - return fmt.Errorf("error reading %q: %s", configPath, err) + return diag.Errorf("error reading %q: %s", configPath, err) } log.Printf("[DEBUG] Read %q", configPath) if resp == nil { @@ -375,167 +363,147 @@ func readConfigResource(d *schema.ResourceData, meta interface{}) error { if val, ok := resp.Data["anonymous_group_search"]; ok { if err := d.Set("anonymous_group_search", val); err != nil { - return fmt.Errorf("error setting state key 'anonymous_group_search': %s", err) + return diag.Errorf("error setting state key 'anonymous_group_search': %s", err) } } if val, ok := resp.Data["binddn"]; ok { if err := d.Set("binddn", val); err != nil { - return fmt.Errorf("error setting state key 'binddn': %s", err) + return diag.Errorf("error setting state key 'binddn': %s", err) } } if val, ok := resp.Data["case_sensitive_names"]; ok { if err := d.Set("case_sensitive_names", val); err != nil { - return fmt.Errorf("error setting state key 'case_sensitive_names': %s", err) + return diag.Errorf("error setting state key 'case_sensitive_names': %s", err) } } if val, ok := resp.Data["client_tls_cert"]; ok { if err := d.Set("client_tls_cert", val); err != nil { - return fmt.Errorf("error setting state key 'client_tls_cert': %s", err) + return diag.Errorf("error setting state key 'client_tls_cert': %s", err) } } if val, ok := resp.Data["client_tls_key"]; ok { if err := d.Set("client_tls_key", val); err != nil { - return fmt.Errorf("error setting state key 'client_tls_key': %s", err) + return diag.Errorf("error setting state key 'client_tls_key': %s", err) } } if val, ok := resp.Data["deny_null_bind"]; ok { if err := d.Set("deny_null_bind", val); err != nil { - return fmt.Errorf("error setting state key 'deny_null_bind': %s", err) + return diag.Errorf("error setting state key 'deny_null_bind': %s", err) } } if val, ok := resp.Data["discoverdn"]; ok { if err := d.Set("discoverdn", val); err != nil { - return fmt.Errorf("error setting state key 'discoverdn': %s", err) + return diag.Errorf("error setting state key 'discoverdn': %s", err) } } if val, ok := resp.Data["groupattr"]; ok { if err := d.Set("groupattr", val); err != nil { - return fmt.Errorf("error setting state key 'groupattr': %s", err) + return diag.Errorf("error setting state key 'groupattr': %s", err) } } if val, ok := resp.Data["groupdn"]; ok { if err := d.Set("groupdn", val); err != nil { - return fmt.Errorf("error setting state key 'groupdn': %s", err) + return diag.Errorf("error setting state key 'groupdn': %s", err) } } if val, ok := resp.Data["groupfilter"]; ok { if err := d.Set("groupfilter", val); err != nil { - return fmt.Errorf("error setting state key 'groupfilter': %s", err) + return diag.Errorf("error setting state key 'groupfilter': %s", err) } } if val, ok := resp.Data["insecure_tls"]; ok { if err := d.Set("insecure_tls", val); err != nil { - return fmt.Errorf("error setting state key 'insecure_tls': %s", err) + return diag.Errorf("error setting state key 'insecure_tls': %s", err) } } if val, ok := resp.Data["last_rotation_tolerance"]; ok { if err := d.Set("last_rotation_tolerance", val); err != nil { - return fmt.Errorf("error setting state key 'last_rotation_tolerance': %s", err) + return diag.Errorf("error setting state key 'last_rotation_tolerance': %s", err) } } if val, ok := resp.Data["max_ttl"]; ok { if err := d.Set("max_ttl", val); err != nil { - return fmt.Errorf("error setting state key 'max_ttl': %s", err) + return diag.Errorf("error setting state key 'max_ttl': %s", err) } } if val, ok := resp.Data["password_policy"]; ok { if err := d.Set("password_policy", val); err != nil { - return fmt.Errorf("error setting state key 'password_policy': %s", err) + return diag.Errorf("error setting state key 'password_policy': %s", err) } } if val, ok := resp.Data["request_timeout"]; ok { if err := d.Set("request_timeout", val); err != nil { - return fmt.Errorf("error setting state key 'request_timeout': %s", err) + return diag.Errorf("error setting state key 'request_timeout': %s", err) } } if val, ok := resp.Data["starttls"]; ok { if err := d.Set("starttls", val); err != nil { - return fmt.Errorf("error setting state key 'starttls': %s", err) + return diag.Errorf("error setting state key 'starttls': %s", err) } } if val, ok := resp.Data["tls_max_version"]; ok { if err := d.Set("tls_max_version", val); err != nil { - return fmt.Errorf("error setting state key 'tls_max_version': %s", err) + return diag.Errorf("error setting state key 'tls_max_version': %s", err) } } if val, ok := resp.Data["tls_min_version"]; ok { if err := d.Set("tls_min_version", val); err != nil { - return fmt.Errorf("error setting state key 'tls_min_version': %s", err) + return diag.Errorf("error setting state key 'tls_min_version': %s", err) } } if val, ok := resp.Data["ttl"]; ok { if err := d.Set("ttl", val); err != nil { - return fmt.Errorf("error setting state key 'ttl': %s", err) + return diag.Errorf("error setting state key 'ttl': %s", err) } } if val, ok := resp.Data["upndomain"]; ok { if err := d.Set("upndomain", val); err != nil { - return fmt.Errorf("error setting state key 'upndomain': %s", err) + return diag.Errorf("error setting state key 'upndomain': %s", err) } } if val, ok := resp.Data["url"]; ok { if err := d.Set("url", val); err != nil { - return fmt.Errorf("error setting state key 'url': %s", err) + return diag.Errorf("error setting state key 'url': %s", err) } } if val, ok := resp.Data["use_pre111_group_cn_behavior"]; ok { if err := d.Set("use_pre111_group_cn_behavior", val); err != nil { - return fmt.Errorf("error setting state key 'use_pre111_group_cn_behavior': %s", err) + return diag.Errorf("error setting state key 'use_pre111_group_cn_behavior': %s", err) } } if val, ok := resp.Data["use_token_groups"]; ok { if err := d.Set("use_token_groups", val); err != nil { - return fmt.Errorf("error setting state key 'use_token_groups': %s", err) + return diag.Errorf("error setting state key 'use_token_groups': %s", err) } } if val, ok := resp.Data["userattr"]; ok { if err := d.Set("userattr", val); err != nil { - return fmt.Errorf("error setting state key 'userattr': %s", err) + return diag.Errorf("error setting state key 'userattr': %s", err) } } if val, ok := resp.Data["userdn"]; ok { if err := d.Set("userdn", val); err != nil { - return fmt.Errorf("error setting state key 'userdn': %s", err) + return diag.Errorf("error setting state key 'userdn': %s", err) } } return nil } -func updateConfigResource(d *schema.ResourceData, meta interface{}) error { +func updateConfigResource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { backend := d.Id() client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } backend, e = util.Remount(d, client, consts.FieldBackend, false) if e != nil { - return e + return diag.FromErr(e) } - defaultTTL := d.Get("default_lease_ttl_seconds").(int) - maxTTL := d.Get("max_lease_ttl_seconds").(int) - tune := api.MountConfigInput{} data := map[string]interface{}{} - if defaultTTL != 0 { - tune.DefaultLeaseTTL = fmt.Sprintf("%ds", defaultTTL) - data["default_lease_ttl_seconds"] = defaultTTL - } - - if maxTTL != 0 { - tune.MaxLeaseTTL = fmt.Sprintf("%ds", maxTTL) - data["max_lease_ttl_seconds"] = maxTTL - } - - if tune.DefaultLeaseTTL != "0" || tune.MaxLeaseTTL != "0" { - err := client.Sys().TuneMount(backend, tune) - if err != nil { - return fmt.Errorf("error mounting to %q: %s", backend, err) - } - } - vaultPath := fmt.Sprintf("%s/config", backend) log.Printf("[DEBUG] Updating %q", vaultPath) @@ -618,29 +586,29 @@ func updateConfigResource(d *schema.ResourceData, meta interface{}) error { data["userdn"] = raw } data["insecure_tls"] = d.Get("insecure_tls") - if _, err := client.Logical().Write(vaultPath, data); err != nil { - return fmt.Errorf("error updating template auth backend role %q: %s", vaultPath, err) + if _, err := client.Logical().WriteWithContext(ctx, vaultPath, data); err != nil { + return diag.Errorf("error updating template auth backend role %q: %s", vaultPath, err) } log.Printf("[DEBUG] Updated %q", vaultPath) - return readConfigResource(d, meta) + return readConfigResource(ctx, d, meta) } -func deleteConfigResource(d *schema.ResourceData, meta interface{}) error { +func deleteConfigResource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } vaultPath := d.Id() log.Printf("[DEBUG] Unmounting AD backend %q", vaultPath) - err := client.Sys().Unmount(vaultPath) + err := client.Sys().UnmountWithContext(ctx, vaultPath) if err != nil && util.Is404(err) { log.Printf("[WARN] %q not found, removing from state", vaultPath) d.SetId("") - return fmt.Errorf("error unmounting AD backend from %q: %s", vaultPath, err) + return diag.Errorf("error unmounting AD backend from %q: %s", vaultPath, err) } else if err != nil { - return fmt.Errorf("error unmounting AD backend from %q: %s", vaultPath, err) + return diag.Errorf("error unmounting AD backend from %q: %s", vaultPath, err) } log.Printf("[DEBUG] Unmounted AD backend %q", vaultPath) return nil diff --git a/vault/resource_aws_secret_backend.go b/vault/resource_aws_secret_backend.go index 8cf22b25a8..231bf44dfd 100644 --- a/vault/resource_aws_secret_backend.go +++ b/vault/resource_aws_secret_backend.go @@ -17,7 +17,6 @@ import ( "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" - "github.com/hashicorp/terraform-provider-vault/util/mountutil" ) var awsSecretFields = []string{ @@ -27,7 +26,7 @@ var awsSecretFields = []string{ } func awsSecretBackendResource() *schema.Resource { - return provider.MustAddMountMigrationSchema(&schema.Resource{ + r := provider.MustAddMountMigrationSchema(&schema.Resource{ CreateContext: awsSecretBackendCreate, ReadContext: provider.ReadContextWrapper(awsSecretBackendRead), UpdateContext: awsSecretBackendUpdate, @@ -135,6 +134,19 @@ func awsSecretBackendResource() *schema.Resource { }, }, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(r, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldDefaultLeaseTTL, + consts.FieldMaxLeaseTTL, + consts.FieldIdentityTokenKey, + consts.FieldLocal, + )) + + return r } func getMountCustomizeDiffFunc(field string) schema.CustomizeDiffFunc { @@ -169,36 +181,17 @@ func awsSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta in } path := d.Get(consts.FieldPath).(string) - description := d.Get(consts.FieldDescription).(string) - defaultTTL := d.Get(consts.FieldDefaultLeaseTTL).(int) - maxTTL := d.Get(consts.FieldMaxLeaseTTL).(int) accessKey := d.Get(consts.FieldAccessKey).(string) secretKey := d.Get(consts.FieldSecretKey).(string) region := d.Get(consts.FieldRegion).(string) - local := d.Get(consts.FieldLocal).(bool) d.Partial(true) log.Printf("[DEBUG] Mounting AWS backend at %q", path) - mountConfig := api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", defaultTTL), - MaxLeaseTTL: fmt.Sprintf("%ds", maxTTL), - } - useAPIVer116 := provider.IsAPISupported(meta, provider.VaultVersion116) && provider.IsEnterpriseSupported(meta) - if useAPIVer116 { - identityTokenKey := d.Get(consts.FieldIdentityTokenKey).(string) - if identityTokenKey != "" { - mountConfig.IdentityTokenKey = identityTokenKey - } - } - err := client.Sys().MountWithContext(ctx, path, &api.MountInput{ - Type: consts.MountTypeAWS, - Description: description, - Local: local, - Config: mountConfig, - }) - if err != nil { - return diag.Errorf("error mounting to %q: %s", path, err) + + if err := createMount(d, meta, client, path, consts.MountTypeAWS); err != nil { + return diag.FromErr(err) } + log.Printf("[DEBUG] Mounted AWS backend at %q", path) d.SetId(path) @@ -213,7 +206,8 @@ func awsSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta in } } - if useAPIVer116 { + useAPIVer116Ent := provider.IsAPISupported(meta, provider.VaultVersion116) && provider.IsEnterpriseSupported(meta) + if useAPIVer116Ent { if v, ok := d.GetOk(consts.FieldIdentityTokenAudience); ok && v != "" { data[consts.FieldIdentityTokenAudience] = v.(string) } @@ -229,7 +223,7 @@ func awsSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta in data[consts.FieldRegion] = region } - _, err = client.Logical().WriteWithContext(ctx, path+"/config/root", data) + _, err := client.Logical().WriteWithContext(ctx, path+"/config/root", data) if err != nil { return diag.Errorf("error configuring root credentials for %q: %s", path, err) } @@ -252,20 +246,6 @@ func awsSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta inte path := d.Id() - log.Printf("[DEBUG] Reading AWS backend mount %q from Vault", path) - - mount, err := mountutil.GetMount(ctx, client, path) - if err != nil { - if mountutil.IsMountNotFoundError(err) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - return diag.FromErr(err) - } - - log.Printf("[DEBUG] Read AWS backend mount %q from Vault", path) - log.Printf("[DEBUG] Read AWS secret backend config/root %s", path) resp, err := client.Logical().ReadWithContext(ctx, path+"/config/root") if err != nil { @@ -320,23 +300,10 @@ func awsSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta inte if err := d.Set(consts.FieldPath, path); err != nil { return diag.FromErr(err) } - if err := d.Set(consts.FieldDescription, mount.Description); err != nil { - return diag.FromErr(err) - } - if err := d.Set(consts.FieldDefaultLeaseTTL, mount.Config.DefaultLeaseTTL); err != nil { - return diag.FromErr(err) - } - if err := d.Set(consts.FieldMaxLeaseTTL, mount.Config.MaxLeaseTTL); err != nil { - return diag.FromErr(err) - } - if err := d.Set(consts.FieldLocal, mount.Local); err != nil { + + if err := readMount(d, meta, true); err != nil { return diag.FromErr(err) } - if useAPIVer116 { - if err := d.Set(consts.FieldIdentityTokenKey, mount.Config.IdentityTokenKey); err != nil { - return diag.FromErr(err) - } - } return nil } @@ -356,26 +323,8 @@ func awsSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta in if err != nil { return diag.FromErr(err) } - if d.HasChanges(consts.FieldDefaultLeaseTTL, consts.FieldMaxLeaseTTL, consts.FieldDescription, consts.FieldIdentityTokenKey) { - description := d.Get(consts.FieldDescription).(string) - config := api.MountConfigInput{ - Description: &description, - DefaultLeaseTTL: fmt.Sprintf("%ds", d.Get(consts.FieldDefaultLeaseTTL)), - MaxLeaseTTL: fmt.Sprintf("%ds", d.Get(consts.FieldMaxLeaseTTL)), - } - - if useAPIVer116 { - identityTokenKey := d.Get(consts.FieldIdentityTokenKey).(string) - if identityTokenKey != "" { - config.IdentityTokenKey = identityTokenKey - } - } - log.Printf("[DEBUG] Updating mount config input for %q", path) - err := client.Sys().TuneMountWithContext(ctx, path, config) - if err != nil { - return diag.Errorf("error updating mount config input for %q: %s", path, err) - } - log.Printf("[DEBUG] Updated mount config input for %q", path) + if err := updateMount(d, meta, true); err != nil { + return diag.FromErr(err) } if d.HasChanges(consts.FieldAccessKey, consts.FieldSecretKey, consts.FieldRegion, consts.FieldIAMEndpoint, consts.FieldSTSEndpoint, consts.FieldIdentityTokenTTL, consts.FieldIdentityTokenAudience, consts.FieldRoleArn) { log.Printf("[DEBUG] Updating root credentials at %q", path+"/config/root") diff --git a/vault/resource_aws_secret_backend_test.go b/vault/resource_aws_secret_backend_test.go index 159eca615f..2872b834d6 100644 --- a/vault/resource_aws_secret_backend_test.go +++ b/vault/resource_aws_secret_backend_test.go @@ -166,6 +166,95 @@ func TestAccAWSSecretBackend_remount(t *testing.T) { }) } +func TestAccAWSSecretBackendRole_MountConfig(t *testing.T) { + path := acctest.RandomWithPrefix("tf-test-aws") + + resourceType := "vault_aws_secret_backend" + resourceName := resourceType + ".test" + resource.Test(t, resource.TestCase{ + ProviderFactories: providerFactories, + PreCheck: func() { + testutil.TestEntPreCheck(t) + SkipIfAPIVersionLT(t, testProvider.Meta(), provider.VaultVersion117) + }, + CheckDestroy: testCheckMountDestroyed(resourceType, consts.MountTypeAWS, consts.FieldPath), + Steps: []resource.TestStep{ + { + Config: testAccAWSSecretBackendConfig_MountConfig(path, false), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, consts.FieldPath, path), + resource.TestCheckResourceAttr(resourceName, consts.FieldAccessKey, "access-key-test"), + resource.TestCheckResourceAttr(resourceName, consts.FieldSecretKey, "secret-key-test"), + resource.TestCheckResourceAttr(resourceName, "default_lease_ttl_seconds", "3600"), + resource.TestCheckResourceAttr(resourceName, "max_lease_ttl_seconds", "36000"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.#", "2"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.#", "2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "listing_visibility", "hidden"), + ), + }, + { + Config: testAccAWSSecretBackendConfig_MountConfig(path, true), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, consts.FieldPath, path), + resource.TestCheckResourceAttr(resourceName, consts.FieldAccessKey, "access-key-test"), + resource.TestCheckResourceAttr(resourceName, consts.FieldSecretKey, "secret-key-test"), + resource.TestCheckResourceAttr(resourceName, "default_lease_ttl_seconds", "7200"), + resource.TestCheckResourceAttr(resourceName, "max_lease_ttl_seconds", "48000"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.#", "2"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.#", "3"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.2", "header3"), + resource.TestCheckResourceAttr(resourceName, "listing_visibility", "unauth"), + ), + }, + testutil.GetImportTestStep(resourceName, false, nil, + consts.FieldDisableRemount, + consts.FieldSecretKey), + }, + }) +} + +func testAccAWSSecretBackendConfig_MountConfig(path string, isUpdate bool) string { + if !isUpdate { + + return fmt.Sprintf(` +resource "vault_aws_secret_backend" "test" { + path = "%s" + description = "test desc" + access_key = "access-key-test" + secret_key = "secret-key-test" + default_lease_ttl_seconds = 3600 + max_lease_ttl_seconds = 36000 + passthrough_request_headers = ["header1", "header2"] + allowed_response_headers = ["header1", "header2"] + delegated_auth_accessors = ["header1", "header2"] + listing_visibility = "hidden" +}`, path) + } else { + return fmt.Sprintf(` +resource "vault_aws_secret_backend" "test" { + path = "%s" + description = "test desc updated" + access_key = "access-key-test" + secret_key = "secret-key-test" + default_lease_ttl_seconds = 7200 + max_lease_ttl_seconds = 48000 + passthrough_request_headers = ["header1", "header2"] + allowed_response_headers = ["header1", "header2", "header3"] + delegated_auth_accessors = ["header1", "header2"] + listing_visibility = "unauth" +}`, path) + } +} + func testAccAWSSecretBackendConfig_basic(path, accessKey, secretKey string) string { return fmt.Sprintf(` resource "vault_aws_secret_backend" "test" { diff --git a/vault/resource_azure_secret_backend.go b/vault/resource_azure_secret_backend.go index d9011cd80b..aa584f652d 100644 --- a/vault/resource_azure_secret_backend.go +++ b/vault/resource_azure_secret_backend.go @@ -9,10 +9,8 @@ import ( "log" "strings" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" @@ -21,7 +19,7 @@ import ( ) func azureSecretBackendResource() *schema.Resource { - return provider.MustAddMountMigrationSchema(&schema.Resource{ + resource := provider.MustAddMountMigrationSchema(&schema.Resource{ CreateContext: azureSecretBackendCreate, ReadContext: provider.ReadContextWrapper(azureSecretBackendRead), UpdateContext: azureSecretBackendUpdate, @@ -108,6 +106,15 @@ func azureSecretBackendResource() *schema.Resource { }, }, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(resource, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldIdentityTokenKey, + )) + return resource } func azureSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { @@ -117,27 +124,13 @@ func azureSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta } path := d.Get(consts.FieldPath).(string) - description := d.Get(consts.FieldDescription).(string) configPath := azureSecretBackendPath(path) d.Partial(true) log.Printf("[DEBUG] Mounting Azure backend at %q", path) - mountConfig := api.MountConfigInput{} - useAPIVer117Ent := provider.IsAPISupported(meta, provider.VaultVersion117) && provider.IsEnterpriseSupported(meta) - if useAPIVer117Ent { - identityTokenKey := d.Get(consts.FieldIdentityTokenKey).(string) - if identityTokenKey != "" { - mountConfig.IdentityTokenKey = identityTokenKey - } - } - input := &api.MountInput{ - Type: "azure", - Description: description, - Config: mountConfig, - } - if err := client.Sys().MountWithContext(ctx, path, input); err != nil { - return diag.Errorf("error mounting to %q: %s", path, err) + if err := createMount(d, meta, client, path, consts.MountTypeAzure); err != nil { + return diag.FromErr(err) } log.Printf("[DEBUG] Mounted Azure backend at %q", path) @@ -219,9 +212,6 @@ func azureSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta in useAPIVer117Ent := provider.IsAPISupported(meta, provider.VaultVersion117) && provider.IsEnterpriseSupported(meta) if useAPIVer117Ent { - if err := d.Set(consts.FieldIdentityTokenKey, mount.Config.IdentityTokenKey); err != nil { - return diag.FromErr(err) - } if err := d.Set(consts.FieldIdentityTokenAudience, resp.Data[consts.FieldIdentityTokenAudience]); err != nil { return diag.FromErr(err) } @@ -230,6 +220,10 @@ func azureSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta in } } + if err := readMount(d, meta, true); err != nil { + return diag.FromErr(err) + } + return nil } @@ -246,18 +240,8 @@ func azureSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta return diag.FromErr(err) } - if d.HasChanges(consts.FieldIdentityTokenKey, consts.FieldDescription) { - desc := d.Get(consts.FieldDescription).(string) - config := api.MountConfigInput{ - Description: &desc, - } - useAPIVer117Ent := provider.IsAPISupported(meta, provider.VaultVersion117) && provider.IsEnterpriseSupported(meta) - if useAPIVer117Ent { - config.IdentityTokenKey = d.Get(consts.FieldIdentityTokenKey).(string) - } - if err := client.Sys().TuneMountWithContext(ctx, path, config); err != nil { - return diag.FromErr(err) - } + if err := updateMount(d, meta, true); err != nil { + return diag.FromErr(err) } data := azureSecretBackendRequestData(d, meta) diff --git a/vault/resource_azure_secret_backend_test.go b/vault/resource_azure_secret_backend_test.go index 531dae66c6..6bb273fd4c 100644 --- a/vault/resource_azure_secret_backend_test.go +++ b/vault/resource_azure_secret_backend_test.go @@ -145,6 +145,66 @@ func TestAccAzureSecretBackend_wif(t *testing.T) { }) } +func TestAccAzureSecretBackend_MountConfig(t *testing.T) { + path := acctest.RandomWithPrefix("tf-test-azure") + + resourceType := "vault_azure_secret_backend" + resourceName := resourceType + ".test" + resource.Test(t, resource.TestCase{ + ProviderFactories: providerFactories, + PreCheck: func() { + testutil.TestEntPreCheck(t) + SkipIfAPIVersionLT(t, testProvider.Meta(), provider.VaultVersion117) + }, + CheckDestroy: testCheckMountDestroyed(resourceType, consts.MountTypeAzure, consts.FieldPath), + Steps: []resource.TestStep{ + { + Config: testAccAzureSecretBackendConfig_MountConfig(path, false), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, consts.FieldPath, path), + resource.TestCheckResourceAttr(resourceName, consts.FieldSubscriptionID, "11111111-2222-3333-4444-111111111111"), + resource.TestCheckResourceAttr(resourceName, consts.FieldTenantID, "22222222-3333-4444-5555-333333333333"), + resource.TestCheckResourceAttr(resourceName, consts.FieldClientID, "22222222-3333-4444-5555-444444444444"), + resource.TestCheckResourceAttr(resourceName, consts.FieldDescription, "test desc"), + resource.TestCheckResourceAttr(resourceName, "default_lease_ttl_seconds", "3600"), + resource.TestCheckResourceAttr(resourceName, "max_lease_ttl_seconds", "36000"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.#", "2"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.#", "2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "listing_visibility", "hidden"), + ), + }, + { + Config: testAccAzureSecretBackendConfig_MountConfig(path, true), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, consts.FieldPath, path), + resource.TestCheckResourceAttr(resourceName, consts.FieldSubscriptionID, "11111111-2222-3333-4444-111111111111"), + resource.TestCheckResourceAttr(resourceName, consts.FieldTenantID, "22222222-3333-4444-5555-333333333333"), + resource.TestCheckResourceAttr(resourceName, consts.FieldClientID, "22222222-3333-4444-5555-444444444444"), + resource.TestCheckResourceAttr(resourceName, consts.FieldDescription, "test desc updated"), + resource.TestCheckResourceAttr(resourceName, "default_lease_ttl_seconds", "7200"), + resource.TestCheckResourceAttr(resourceName, "max_lease_ttl_seconds", "48000"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.#", "2"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "passthrough_request_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.#", "3"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.2", "header3"), + resource.TestCheckResourceAttr(resourceName, "listing_visibility", "unauth"), + ), + }, + testutil.GetImportTestStep(resourceName, false, nil, + consts.FieldDisableRemount, + consts.FieldClientSecret), + }, + }) +} + func TestAzureSecretBackend_remount(t *testing.T) { testutil.SkipTestAcc(t) @@ -253,3 +313,40 @@ resource "vault_azure_secret_backend" "test" { identity_token_ttl = 1800 }`, path) } + +func testAccAzureSecretBackendConfig_MountConfig(path string, isUpdate bool) string { + + if !isUpdate { + return fmt.Sprintf(` +resource "vault_azure_secret_backend" "test" { + path = "%s" + description = "test desc" + subscription_id = "11111111-2222-3333-4444-111111111111" + tenant_id = "22222222-3333-4444-5555-333333333333" + client_id = "22222222-3333-4444-5555-444444444444" + client_secret = "12345678901234567890" + default_lease_ttl_seconds = 3600 + max_lease_ttl_seconds = 36000 + passthrough_request_headers = ["header1", "header2"] + allowed_response_headers = ["header1", "header2"] + delegated_auth_accessors = ["header1", "header2"] + listing_visibility = "hidden" +}`, path) + } else { + return fmt.Sprintf(` +resource "vault_azure_secret_backend" "test" { + path = "%s" + description = "test desc updated" + subscription_id = "11111111-2222-3333-4444-111111111111" + tenant_id = "22222222-3333-4444-5555-333333333333" + client_id = "22222222-3333-4444-5555-444444444444" + client_secret = "12345678901234567890" + default_lease_ttl_seconds = 7200 + max_lease_ttl_seconds = 48000 + passthrough_request_headers = ["header1", "header2"] + allowed_response_headers = ["header1", "header2", "header3"] + delegated_auth_accessors = ["header1", "header2"] + listing_visibility = "unauth" +}`, path) + } +} diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index 24e38309b7..40ed9dbb51 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -11,18 +11,14 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-provider-vault/internal/consts" - "github.com/hashicorp/terraform-provider-vault/util" - "github.com/hashicorp/terraform-provider-vault/util/mountutil" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" - + "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" + "github.com/hashicorp/terraform-provider-vault/util" ) func consulSecretBackendResource() *schema.Resource { - return provider.MustAddMountMigrationSchema(&schema.Resource{ + r := provider.MustAddMountMigrationSchema(&schema.Resource{ CreateContext: consulSecretBackendCreate, ReadContext: provider.ReadContextWrapper(consulSecretBackendRead), UpdateContext: consulSecretBackendUpdate, @@ -115,6 +111,18 @@ func consulSecretBackendResource() *schema.Resource { }, }, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(r, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldDefaultLeaseTTL, + consts.FieldMaxLeaseTTL, + consts.FieldLocal, + )) + + return r } func consulSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { @@ -130,22 +138,16 @@ func consulSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta caCert := d.Get("ca_cert").(string) clientCert := d.Get("client_cert").(string) clientKey := d.Get("client_key").(string) - local := d.Get("local").(bool) configPath := consulSecretBackendConfigPath(path) - info := &api.MountInput{ - Type: consts.MountTypeConsul, - Description: d.Get("description").(string), - Local: local, - Config: api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", d.Get("default_lease_ttl_seconds")), - MaxLeaseTTL: fmt.Sprintf("%ds", d.Get("max_lease_ttl_seconds")), - }, - } - log.Printf("[DEBUG] Mounting Consul backend at %q", path) + if err := createMount(d, meta, client, path, consts.MountTypeConsul); err != nil { + return diag.FromErr(err) + } + + log.Printf("[DEBUG] Mounted Consul backend at %q", path) // If a token isn't provided and the Vault version is less than 1.11, fail before // mounting the path in Vault. useAPIVer1 := provider.IsAPISupported(meta, provider.VaultVersion111) @@ -155,11 +157,6 @@ func consulSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta Vault client version does not meet the minimum requirement for this feature (Vault 1.11+)`) } - if err := client.Sys().Mount(path, info); err != nil { - return diag.Errorf("error mounting to %q: %s", path, err) - } - log.Printf("[DEBUG] Mounted Consul backend at %q", path) - log.Printf("[DEBUG] Writing Consul configuration to %q", configPath) data := map[string]interface{}{ "address": address, @@ -197,37 +194,25 @@ func consulSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta i path := d.Id() configPath := consulSecretBackendConfigPath(path) - log.Printf("[DEBUG] Reading Consul backend mount %q from Vault", path) - - mount, err := mountutil.GetMount(ctx, client, path) - if err != nil { - if mountutil.IsMountNotFoundError(err) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - return diag.FromErr(err) - } - - log.Printf("[DEBUG] Read Consul backend mount %q from Vault", path) - log.Printf("[DEBUG] Reading %s from Vault", configPath) secret, err := client.Logical().Read(configPath) if err != nil { return diag.Errorf("error reading from Vault: %s", err) } - d.Set("path", path) - d.Set("description", mount.Description) - d.Set("default_lease_ttl_seconds", mount.Config.DefaultLeaseTTL) - d.Set("max_lease_ttl_seconds", mount.Config.MaxLeaseTTL) - d.Set("local", mount.Local) + if err := d.Set("path", path); err != nil { + return diag.FromErr(err) + } + if err := readMount(d, meta, true); err != nil { + return diag.FromErr(err) + } - // token, sadly, we can't read out - // the API doesn't support it - // So... if it drifts, it drift. - d.Set("address", secret.Data["address"].(string)) - d.Set("scheme", secret.Data["scheme"].(string)) + if err := d.Set("address", secret.Data["address"].(string)); err != nil { + return diag.FromErr(err) + } + if err := d.Set("scheme", secret.Data["scheme"].(string)); err != nil { + return diag.FromErr(err) + } return nil } @@ -246,18 +231,10 @@ func consulSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta return diag.FromErr(err) } - if d.HasChange("default_lease_ttl_seconds") || d.HasChange("max_lease_ttl_seconds") { - config := api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", d.Get("default_lease_ttl_seconds")), - MaxLeaseTTL: fmt.Sprintf("%ds", d.Get("max_lease_ttl_seconds")), - } - - log.Printf("[DEBUG] Updating lease TTLs for %q", path) - if err := client.Sys().TuneMount(path, config); err != nil { - return diag.Errorf("error updating mount TTLs for %q: %s", path, err) - } - + if err := updateMount(d, meta, true); err != nil { + return diag.FromErr(err) } + if d.HasChange("address") || d.HasChange("token") || d.HasChange("scheme") || d.HasChange("ca_cert") || d.HasChange("client_cert") || d.HasChange("client_key") { log.Printf("[DEBUG] Updating Consul configuration at %q", configPath) diff --git a/vault/resource_database_secrets_mount.go b/vault/resource_database_secrets_mount.go index e553361a5e..dcf9a341f2 100644 --- a/vault/resource_database_secrets_mount.go +++ b/vault/resource_database_secrets_mount.go @@ -223,7 +223,7 @@ func databaseSecretsMountCreateOrUpdate(d *schema.ResourceData, meta interface{} var root string if d.IsNewResource() { root = d.Get("path").(string) - if err := createMount(d, client, root, consts.MountTypeDatabase); err != nil { + if err := createMount(d, meta, client, root, consts.MountTypeDatabase); err != nil { return err } } else { diff --git a/vault/resource_gcp_secret_backend.go b/vault/resource_gcp_secret_backend.go index f5d386eaa8..27915379af 100644 --- a/vault/resource_gcp_secret_backend.go +++ b/vault/resource_gcp_secret_backend.go @@ -11,16 +11,13 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" - "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" - "github.com/hashicorp/terraform-provider-vault/util/mountutil" ) func gcpSecretBackendResource(name string) *schema.Resource { - return provider.MustAddMountMigrationSchema(&schema.Resource{ + r := provider.MustAddMountMigrationSchema(&schema.Resource{ CreateContext: gcpSecretBackendCreate, ReadContext: provider.ReadContextWrapper(gcpSecretBackendRead), UpdateContext: gcpSecretBackendUpdate, @@ -111,6 +108,20 @@ func gcpSecretBackendResource(name string) *schema.Resource { }, }, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(r, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldDefaultLeaseTTL, + consts.FieldMaxLeaseTTL, + consts.FieldIdentityTokenKey, + consts.FieldAccessor, + consts.FieldLocal, + )) + + return r } func gcpSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { @@ -120,37 +131,16 @@ func gcpSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta in } path := d.Get(consts.FieldPath).(string) - description := d.Get(consts.FieldDescription).(string) - defaultTTL := d.Get(consts.FieldDefaultLeaseTTL).(int) - maxTTL := d.Get(consts.FieldMaxLeaseTTL).(int) - local := d.Get(consts.FieldLocal).(bool) - identityTokenKey := d.Get(consts.FieldIdentityTokenKey).(string) configPath := gcpSecretBackendConfigPath(path) d.Partial(true) log.Printf("[DEBUG] Mounting GCP backend at %q", path) - useAPIVer117Ent := provider.IsAPISupported(meta, provider.VaultVersion117) && provider.IsEnterpriseSupported(meta) - - mountConfig := api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", defaultTTL), - MaxLeaseTTL: fmt.Sprintf("%ds", maxTTL), - } - // ID Token Key is only used in GCP mounts for 1.17+ - if useAPIVer117Ent { - mountConfig.IdentityTokenKey = identityTokenKey + if err := createMount(d, meta, client, path, consts.MountTypeGCP); err != nil { + return diag.FromErr(err) } - err := client.Sys().Mount(path, &api.MountInput{ - Type: consts.MountTypeGCP, - Description: description, - Config: mountConfig, - Local: local, - }) - if err != nil { - return diag.Errorf("error mounting to %q: %s", path, err) - } log.Printf("[DEBUG] Mounted GCP backend at %q", path) d.SetId(path) @@ -161,6 +151,7 @@ func gcpSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta in consts.FieldCredentials, } + useAPIVer117Ent := provider.IsAPISupported(meta, provider.VaultVersion117) && provider.IsEnterpriseSupported(meta) if useAPIVer117Ent { fields = append(fields, consts.FieldIdentityTokenAudience, @@ -193,37 +184,11 @@ func gcpSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta inte path := d.Id() - log.Printf("[DEBUG] Reading GCP backend mount %q from Vault", path) - - mount, err := mountutil.GetMount(ctx, client, path) - if err != nil { - if mountutil.IsMountNotFoundError(err) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - return diag.FromErr(err) - } - - log.Printf("[DEBUG] Read GCP backend mount %q from Vault", path) - if err := d.Set(consts.FieldPath, path); err != nil { return diag.FromErr(err) } - if err := d.Set(consts.FieldDescription, mount.Description); err != nil { - return diag.FromErr(err) - } - if err := d.Set(consts.FieldDefaultLeaseTTL, mount.Config.DefaultLeaseTTL); err != nil { - return diag.FromErr(err) - } - if err := d.Set(consts.FieldMaxLeaseTTL, mount.Config.MaxLeaseTTL); err != nil { - return diag.FromErr(err) - } - if err := d.Set(consts.FieldLocal, mount.Local); err != nil { - return diag.FromErr(err) - } - if err := d.Set(consts.FieldAccessor, mount.Accessor); err != nil { + if err := readMount(d, meta, true); err != nil { return diag.FromErr(err) } @@ -266,24 +231,8 @@ func gcpSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta in return diag.FromErr(err) } - useAPIVer117Ent := provider.IsAPISupported(meta, provider.VaultVersion117) && provider.IsEnterpriseSupported(meta) - - if d.HasChanges(consts.FieldDefaultLeaseTTL, consts.FieldMaxLeaseTTL, consts.FieldIdentityTokenKey) { - config := api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", d.Get(consts.FieldDefaultLeaseTTL)), - MaxLeaseTTL: fmt.Sprintf("%ds", d.Get(consts.FieldMaxLeaseTTL)), - } - - if useAPIVer117Ent { - config.IdentityTokenKey = d.Get(consts.FieldIdentityTokenKey).(string) - } - - log.Printf("[DEBUG] Updating mount config for %q", path) - err := client.Sys().TuneMountWithContext(ctx, path, config) - if err != nil { - return diag.Errorf("error updating mount config for %q: %s", path, err) - } - log.Printf("[DEBUG] Updated mount config for %q", path) + if err := updateMount(d, meta, true); err != nil { + return diag.FromErr(err) } data := make(map[string]interface{}) @@ -291,6 +240,8 @@ func gcpSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta in if d.HasChange(consts.FieldCredentials) { data[consts.FieldCredentials] = d.Get(consts.FieldCredentials) } + + useAPIVer117Ent := provider.IsAPISupported(meta, provider.VaultVersion117) && provider.IsEnterpriseSupported(meta) if useAPIVer117Ent { if d.HasChange(consts.FieldIdentityTokenAudience) { data[consts.FieldIdentityTokenAudience] = d.Get(consts.FieldIdentityTokenAudience) diff --git a/vault/resource_kmip_secret_backend.go b/vault/resource_kmip_secret_backend.go index ad65e91ad6..b500fc2d88 100644 --- a/vault/resource_kmip_secret_backend.go +++ b/vault/resource_kmip_secret_backend.go @@ -6,16 +6,12 @@ package vault import ( "context" "fmt" - "log" - "time" - + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" - "github.com/hashicorp/terraform-provider-vault/util/mountutil" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" + "log" ) var kmipAPIFields = []string{ @@ -31,14 +27,14 @@ var kmipAPIFields = []string{ } func kmipSecretBackendResource() *schema.Resource { - return provider.MustAddMountMigrationSchema(&schema.Resource{ - Create: kmipSecretBackendCreate, - Read: provider.ReadWrapper(kmipSecretBackendRead), - Update: kmipSecretBackendUpdate, - Delete: kmipSecretBackendDelete, + r := provider.MustAddMountMigrationSchema(&schema.Resource{ + CreateContext: kmipSecretBackendCreate, + ReadContext: provider.ReadContextWrapper(kmipSecretBackendRead), + UpdateContext: kmipSecretBackendUpdate, + DeleteContext: kmipSecretBackendDelete, CustomizeDiff: getMountCustomizeDiffFunc(consts.FieldPath), Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, + StateContext: schema.ImportStatePassthroughContext, }, Schema: map[string]*schema.Schema{ @@ -113,91 +109,55 @@ func kmipSecretBackendResource() *schema.Resource { }, }, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(r, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldDefaultLeaseTTL, + consts.FieldMaxLeaseTTL, + consts.FieldIdentityTokenKey, + consts.FieldLocal, + )) + + return r } -func kmipSecretBackendCreate(d *schema.ResourceData, meta interface{}) error { +func kmipSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } path := d.Get("path").(string) - defaultTLSClientTTL := fmt.Sprintf("%ds", d.Get("default_tls_client_ttl").(int)) log.Printf("[DEBUG] Mounting KMIP backend at %q", path) - if err := client.Sys().Mount(path, &api.MountInput{ - Type: consts.MountTypeKMIP, - Description: d.Get("description").(string), - Config: api.MountConfigInput{ - DefaultLeaseTTL: defaultTLSClientTTL, - }, - }); err != nil { - return fmt.Errorf("error mounting to %q, err=%w", path, err) + if err := createMount(d, meta, client, path, consts.MountTypeKMIP); err != nil { + return diag.FromErr(err) } log.Printf("[DEBUG] Mounted KMIP backend at %q", path) d.SetId(path) - return kmipSecretBackendUpdate(d, meta) + return kmipSecretBackendUpdate(ctx, d, meta) } -func kmipSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { +func kmipSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } path := d.Id() - if !d.IsNewResource() && d.HasChange("path") { - src := path - dest := d.Get("path").(string) - - log.Printf("[DEBUG] Remount %s to %s in Vault", src, dest) - - err := client.Sys().Remount(src, dest) - if err != nil { - return fmt.Errorf("error remounting in Vault: %s", err) - } - - ctx := context.Background() - // There is something similar in resource_mount.go, but in the call to TuneMount(). - var tries int - for { - if tries > 10 { - return fmt.Errorf( - "mount %q did did not become available after %d tries, interval=1s", dest, tries) - } - - enabled, err := mountutil.CheckMountEnabled(ctx, client, dest) - if err != nil { - return err - } - if !enabled { - tries++ - time.Sleep(1 * time.Second) - continue - } - - break - } - - path = dest - d.SetId(path) + path, err := util.Remount(d, client, consts.FieldPath, false) + if err != nil { + return diag.FromErr(err) } log.Printf("[DEBUG] Updating mount %s in Vault", path) - if d.HasChange("default_tls_client_ttl") || d.HasChange("description") { - tune := api.MountConfigInput{} - tune.DefaultLeaseTTL = fmt.Sprintf("%ds", d.Get("default_tls_client_ttl")) - description := d.Get("description").(string) - tune.Description = &description - - log.Printf("[DEBUG] Updating mount for %q", path) - err := client.Sys().TuneMount(path, tune) - if err != nil { - return fmt.Errorf("error updating mount for %q, err=%w", path, err) - } - log.Printf("[DEBUG] Updated mount for %q", path) + if err := updateMount(d, meta, true); err != nil { + return diag.FromErr(err) } data := map[string]interface{}{} @@ -217,26 +177,26 @@ func kmipSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { } } - if _, err := client.Logical().Write(configPath, data); err != nil { - return fmt.Errorf("error updating KMIP config %q, err=%w", configPath, err) + if _, err := client.Logical().WriteWithContext(ctx, configPath, data); err != nil { + return diag.Errorf("error updating KMIP config %q, err=%s", configPath, err) } log.Printf("[DEBUG] Updated %q", configPath) - return kmipSecretBackendRead(d, meta) + return kmipSecretBackendRead(ctx, d, meta) } -func kmipSecretBackendRead(d *schema.ResourceData, meta interface{}) error { +func kmipSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } path := d.Id() log.Printf("[DEBUG] Reading KMIP config at %s/config", path) - resp, err := client.Logical().Read(path + "/config") + resp, err := client.Logical().ReadWithContext(ctx, path+"/config") if err != nil { - return fmt.Errorf("error reading KMIP config at %q/config: err=%w", path, err) + return diag.Errorf("error reading KMIP config at %q/config: err=%s", path, err) } if resp == nil { @@ -248,30 +208,38 @@ func kmipSecretBackendRead(d *schema.ResourceData, meta interface{}) error { for _, k := range kmipAPIFields { if err := d.Set(k, resp.Data[k]); err != nil { - return fmt.Errorf("error setting state key %q on KMIP config, err=%w", k, err) + return diag.Errorf("error setting state key %q on KMIP config, err=%s", k, err) } } + if err := d.Set(consts.FieldPath, path); err != nil { + return diag.FromErr(err) + } + + if err := readMount(d, meta, true); err != nil { + return diag.FromErr(err) + } + return nil } -func kmipSecretBackendDelete(d *schema.ResourceData, meta interface{}) error { +func kmipSecretBackendDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } path := d.Id() log.Printf("[DEBUG] Unmounting KMIP backend %q", path) - if err := client.Sys().Unmount(path); err != nil { + if err := client.Sys().UnmountWithContext(ctx, path); err != nil { if util.Is404(err) { log.Printf("[WARN] %q not found, removing from state", path) d.SetId("") - return fmt.Errorf("error unmounting KMIP backend from %q, err=%w", path, err) + return diag.Errorf("error unmounting KMIP backend from %q, err=%s", path, err) } - return fmt.Errorf("error unmounting KMIP backend from %q, err=%w", path, err) + return diag.Errorf("error unmounting KMIP backend from %q, err=%s", path, err) } log.Printf("[DEBUG] Unmounted KMIP backend %q", path) diff --git a/vault/resource_kubernetes_secret_backend.go b/vault/resource_kubernetes_secret_backend.go index 7dd917fae3..edeb392307 100644 --- a/vault/resource_kubernetes_secret_backend.go +++ b/vault/resource_kubernetes_secret_backend.go @@ -71,7 +71,7 @@ func kubernetesSecretBackendCreateUpdate(ctx context.Context, d *schema.Resource var path string if d.IsNewResource() { path = d.Get(consts.FieldPath).(string) - if err := createMount(d, client, path, consts.MountTypeKubernetes); err != nil { + if err := createMount(d, meta, client, path, consts.MountTypeKubernetes); err != nil { return diag.FromErr(err) } } else { diff --git a/vault/resource_ldap_secret_backend.go b/vault/resource_ldap_secret_backend.go index 0921475f1d..5dbd1a6524 100644 --- a/vault/resource_ldap_secret_backend.go +++ b/vault/resource_ldap_secret_backend.go @@ -142,7 +142,7 @@ func createUpdateLDAPConfigResource(ctx context.Context, d *schema.ResourceData, path := d.Get(consts.FieldPath).(string) log.Printf("[DEBUG] Mounting LDAP mount at %q", path) if d.IsNewResource() { - if err := createMount(d, client, path, consts.MountTypeLDAP); err != nil { + if err := createMount(d, meta, client, path, consts.MountTypeLDAP); err != nil { return diag.FromErr(err) } } else { diff --git a/vault/resource_mount.go b/vault/resource_mount.go index b4c0fb2879..8886b39b3f 100644 --- a/vault/resource_mount.go +++ b/vault/resource_mount.go @@ -192,7 +192,7 @@ func mountWrite(d *schema.ResourceData, meta interface{}) error { } path := d.Get(consts.FieldPath).(string) - if err := createMount(d, client, path, d.Get(consts.FieldType).(string)); err != nil { + if err := createMount(d, meta, client, path, d.Get(consts.FieldType).(string)); err != nil { return err } @@ -201,7 +201,7 @@ func mountWrite(d *schema.ResourceData, meta interface{}) error { return mountRead(d, meta) } -func createMount(d *schema.ResourceData, client *api.Client, path string, mountType string) error { +func createMount(d *schema.ResourceData, meta interface{}, client *api.Client, path string, mountType string) error { input := &api.MountInput{ Type: mountType, Description: d.Get(consts.FieldDescription).(string), @@ -246,8 +246,11 @@ func createMount(d *schema.ResourceData, client *api.Client, path string, mountT input.Config.PluginVersion = v.(string) } - if v, ok := d.GetOk(consts.FieldIdentityTokenKey); ok { - input.Config.IdentityTokenKey = v.(string) + useAPIVer116Ent := provider.IsAPISupported(meta, provider.VaultVersion116) && provider.IsEnterpriseSupported(meta) + if useAPIVer116Ent { + if d.HasChange(consts.FieldIdentityTokenKey) { + input.Config.IdentityTokenKey = d.Get(consts.FieldIdentityTokenKey).(string) + } } log.Printf("[DEBUG] Creating mount %s in Vault", path) @@ -328,8 +331,11 @@ func updateMount(d *schema.ResourceData, meta interface{}, excludeType bool) err config.PluginVersion = d.Get(consts.FieldPluginVersion).(string) } - if d.HasChange(consts.FieldIdentityTokenKey) { - config.IdentityTokenKey = d.Get(consts.FieldIdentityTokenKey).(string) + useAPIVer116Ent := provider.IsAPISupported(meta, provider.VaultVersion116) && provider.IsEnterpriseSupported(meta) + if useAPIVer116Ent { + if d.HasChange(consts.FieldIdentityTokenKey) { + config.IdentityTokenKey = d.Get(consts.FieldIdentityTokenKey).(string) + } } log.Printf("[DEBUG] Updating mount %s in Vault", path) @@ -454,11 +460,9 @@ func readMount(d *schema.ResourceData, meta interface{}, excludeType bool) error if err := d.Set(consts.FieldAllowedResponseHeaders, mount.Config.AllowedResponseHeaders); err != nil { return err } - - // @TODO add this back in when Vault 1.16.3 is released - // if err := d.Set(consts.FieldDelegatedAuthAccessors, mount.Config.DelegatedAuthAccessors); err != nil { - // return err - // } + if err := d.Set(consts.FieldDelegatedAuthAccessors, mount.Config.DelegatedAuthAccessors); err != nil { + return err + } if err := d.Set(consts.FieldListingVisibility, mount.Config.ListingVisibility); err != nil { return err } diff --git a/vault/resource_mount_test.go b/vault/resource_mount_test.go index 4b2a4e69ce..ba2db93911 100644 --- a/vault/resource_mount_test.go +++ b/vault/resource_mount_test.go @@ -244,7 +244,7 @@ func TestResourceMount_IDTokenKey(t *testing.T) { ProviderFactories: providerFactories, PreCheck: func() { testutil.TestEntPreCheck(t) - SkipIfAPIVersionLT(t, testProvider.Meta(), provider.VaultVersion116) + SkipIfAPIVersionLT(t, testProvider.Meta(), provider.VaultVersion117) }, Steps: []resource.TestStep{ { @@ -261,10 +261,9 @@ func TestResourceMount_IDTokenKey(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.0", "header1"), resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.1", "header2"), resource.TestCheckResourceAttr(resourceName, "listing_visibility", "hidden"), - // @TODO add these back in when Vault 1.16.3 is released - // resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.#", "2"), - // resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.0", "header1"), - // resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.#", "2"), + resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.1", "header2"), ), }, { @@ -282,17 +281,13 @@ func TestResourceMount_IDTokenKey(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "allowed_response_headers.2", "header3"), resource.TestCheckResourceAttr(resourceName, "listing_visibility", "unauth"), resource.TestCheckResourceAttr(resourceName, "identity_token_key", "my-key"), - // @TODO add these back in when Vault 1.16.3 is released - // resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.#", "3"), - // resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.0", "header1"), - // resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.1", "header2"), - // resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.2", "header3"), + resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.#", "3"), + resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.0", "header1"), + resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.1", "header2"), + resource.TestCheckResourceAttr(resourceName, "delegated_auth_accessors.2", "header3"), ), }, - // @TODO remove ignore_fields once Vault 1.16.3 is released - testutil.GetImportTestStep(resourceName, false, nil, - "delegated_auth_accessors", - ), + testutil.GetImportTestStep(resourceName, false, nil), }, }) } diff --git a/vault/resource_nomad_secret_backend.go b/vault/resource_nomad_secret_backend.go index 37e0ebea19..73835a2d70 100644 --- a/vault/resource_nomad_secret_backend.go +++ b/vault/resource_nomad_secret_backend.go @@ -6,16 +6,14 @@ package vault import ( "context" "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "log" "strings" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" - "github.com/hashicorp/terraform-provider-vault/util/mountutil" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" ) func nomadSecretAccessBackendResource() *schema.Resource { @@ -99,43 +97,42 @@ func nomadSecretAccessBackendResource() *schema.Resource { Description: "Maximum possible lease duration for secrets in seconds.", }, } - return provider.MustAddMountMigrationSchema(&schema.Resource{ - Create: createNomadAccessConfigResource, - Update: updateNomadAccessConfigResource, - Read: provider.ReadWrapper(readNomadAccessConfigResource), - Delete: deleteNomadAccessConfigResource, + r := provider.MustAddMountMigrationSchema(&schema.Resource{ + CreateContext: createNomadAccessConfigResource, + UpdateContext: updateNomadAccessConfigResource, + ReadContext: provider.ReadContextWrapper(readNomadAccessConfigResource), + DeleteContext: deleteNomadAccessConfigResource, CustomizeDiff: getMountCustomizeDiffFunc(consts.FieldBackend), Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, + StateContext: schema.ImportStatePassthroughContext, }, Schema: fields, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(r, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldDefaultLeaseTTL, + consts.FieldMaxLeaseTTL, + consts.FieldLocal, + )) + + return r } -func createNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) error { +func createNomadAccessConfigResource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } backend := d.Get("backend").(string) - description := d.Get("description").(string) - defaultTTL := d.Get("default_lease_ttl_seconds").(int) - local := d.Get("local").(bool) - maxTTL := d.Get("max_lease_ttl_seconds").(int) log.Printf("[DEBUG] Mounting Nomad backend at %q", backend) - err := client.Sys().Mount(backend, &api.MountInput{ - Type: consts.MountTypeNomad, - Description: description, - Local: local, - Config: api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", defaultTTL), - MaxLeaseTTL: fmt.Sprintf("%ds", maxTTL), - }, - }) - if err != nil { - return fmt.Errorf("error mounting to %q: %s", backend, err) + if err := createMount(d, meta, client, backend, consts.MountTypeNomad); err != nil { + return diag.FromErr(err) } log.Printf("[DEBUG] Mounted Nomad backend at %q", backend) @@ -168,8 +165,8 @@ func createNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) e configPath := fmt.Sprintf("%s/config/access", backend) log.Printf("[DEBUG] Writing %q", configPath) - if _, err := client.Logical().Write(configPath, data); err != nil { - return fmt.Errorf("error writing %q: %s", configPath, err) + if _, err := client.Logical().WriteWithContext(ctx, configPath, data); err != nil { + return diag.Errorf("error writing %q: %s", configPath, err) } dataLease := map[string]interface{}{} @@ -183,44 +180,33 @@ func createNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) e configLeasePath := fmt.Sprintf("%s/config/lease", backend) log.Printf("[DEBUG] Writing %q", configLeasePath) - if _, err := client.Logical().Write(configLeasePath, dataLease); err != nil { - return fmt.Errorf("error writing %q: %s", configLeasePath, err) + if _, err := client.Logical().WriteWithContext(ctx, configLeasePath, dataLease); err != nil { + return diag.Errorf("error writing %q: %s", configLeasePath, err) } log.Printf("[DEBUG] Wrote %q", configLeasePath) - return readNomadAccessConfigResource(d, meta) + return readNomadAccessConfigResource(ctx, d, meta) } -func readNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) error { +func readNomadAccessConfigResource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } - path := d.Id() - log.Printf("[DEBUG] Reading %q", path) + backend := d.Id() - ctx := context.Background() - mount, err := mountutil.GetMount(ctx, client, path) - if err != nil { - if mountutil.IsMountNotFoundError(err) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - return err + d.Set("backend", backend) + if err := readMount(d, meta, true); err != nil { + return diag.FromErr(err) } - d.Set("backend", d.Id()) - d.Set("default_lease_ttl_seconds", mount.Config.DefaultLeaseTTL) - d.Set("max_lease_ttl_seconds", mount.Config.MaxLeaseTTL) - - configPath := fmt.Sprintf("%s/config/access", d.Id()) + configPath := fmt.Sprintf("%s/config/access", backend) log.Printf("[DEBUG] Reading %q", configPath) resp, err := client.Logical().Read(configPath) if err != nil { - return fmt.Errorf("error reading %q: %s", configPath, err) + return diag.Errorf("error reading %q: %s", configPath, err) } log.Printf("[DEBUG] Read %q", configPath) if resp == nil { @@ -231,31 +217,31 @@ func readNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) err if val, ok := resp.Data["address"]; ok { if err := d.Set("address", val); err != nil { - return fmt.Errorf("error setting state key 'address': %s", err) + return diag.Errorf("error setting state key 'address': %s", err) } } if val, ok := resp.Data["ca_cert"]; ok { if err := d.Set("ca_cert", val); err != nil { - return fmt.Errorf("error setting state key 'ca_cert': %s", err) + return diag.Errorf("error setting state key 'ca_cert': %s", err) } } if val, ok := resp.Data["client_cert"]; ok { if err := d.Set("client_cert", val); err != nil { - return fmt.Errorf("error setting state key 'client_cert': %s", err) + return diag.Errorf("error setting state key 'client_cert': %s", err) } } if val, ok := resp.Data["client_key"]; ok { if err := d.Set("client_key", val); err != nil { - return fmt.Errorf("error setting state key 'client_key': %s", err) + return diag.Errorf("error setting state key 'client_key': %s", err) } } if val, ok := resp.Data["max_token_name_length"]; ok { if err := d.Set("max_token_name_length", val); err != nil { - return fmt.Errorf("error setting state key 'max_token_name_length': %s", err) + return diag.Errorf("error setting state key 'max_token_name_length': %s", err) } } @@ -264,7 +250,7 @@ func readNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) err resp, err = client.Logical().Read(configLeasePath) if err != nil { - return fmt.Errorf("error reading %q: %s", configLeasePath, err) + return diag.Errorf("error reading %q: %s", configLeasePath, err) } log.Printf("[DEBUG] Read %q", configLeasePath) if resp == nil { @@ -275,45 +261,36 @@ func readNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) err if val, ok := resp.Data["max_ttl"]; ok { if err := d.Set("max_ttl", val); err != nil { - return fmt.Errorf("error setting state key 'max_ttl': %s", err) + return diag.Errorf("error setting state key 'max_ttl': %s", err) } } if val, ok := resp.Data["ttl"]; ok { if err := d.Set("ttl", val); err != nil { - return fmt.Errorf("error setting state key 'ttl': %s", err) + return diag.Errorf("error setting state key 'ttl': %s", err) } } return nil } -func updateNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) error { +func updateNomadAccessConfigResource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { backend := d.Id() client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } - tune := api.MountConfigInput{} data := map[string]interface{}{} backend, err := util.Remount(d, client, consts.FieldBackend, false) if err != nil { - return err + return diag.FromErr(e) } - if d.HasChange("default_lease_ttl_seconds") || d.HasChange("max_lease_ttl_seconds") { - tune.DefaultLeaseTTL = fmt.Sprintf("%ds", d.Get("default_lease_ttl_seconds")) - tune.MaxLeaseTTL = fmt.Sprintf("%ds", d.Get("max_lease_ttl_seconds")) - - log.Printf("[DEBUG] Updating mount lease TTLs for %q", backend) - err := client.Sys().TuneMount(backend, tune) - if err != nil { - return fmt.Errorf("error updating mount TTLs for %q: %s", backend, err) - } - log.Printf("[DEBUG] Updated lease TTLs for %q", backend) + if err := updateMount(d, meta, true); err != nil { + return diag.FromErr(err) } configPath := fmt.Sprintf("%s/config/access", backend) @@ -344,7 +321,7 @@ func updateNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) e } if _, err := client.Logical().Write(configPath, data); err != nil { - return fmt.Errorf("error updating access config %q: %s", configPath, err) + return diag.Errorf("error updating access config %q: %s", configPath, err) } log.Printf("[DEBUG] Updated %q", configPath) @@ -362,17 +339,17 @@ func updateNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) e } if _, err := client.Logical().Write(configLeasePath, dataLease); err != nil { - return fmt.Errorf("error updating lease config %q: %s", configLeasePath, err) + return diag.Errorf("error updating lease config %q: %s", configLeasePath, err) } log.Printf("[DEBUG] Updated %q", configLeasePath) - return readNomadAccessConfigResource(d, meta) + return readNomadAccessConfigResource(ctx, d, meta) } -func deleteNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) error { +func deleteNomadAccessConfigResource(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } vaultPath := d.Id() @@ -382,9 +359,9 @@ func deleteNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) e if err != nil && util.Is404(err) { log.Printf("[WARN] %q not found, removing from state", vaultPath) d.SetId("") - return fmt.Errorf("error unmounting Nomad backend from %q: %s", vaultPath, err) + return diag.Errorf("error unmounting Nomad backend from %q: %s", vaultPath, err) } else if err != nil { - return fmt.Errorf("error unmounting Nomad backend from %q: %s", vaultPath, err) + return diag.Errorf("error unmounting Nomad backend from %q: %s", vaultPath, err) } log.Printf("[DEBUG] Unmounted Nomad backend %q", vaultPath) return nil diff --git a/vault/resource_rabbitmq_secret_backend.go b/vault/resource_rabbitmq_secret_backend.go index 5404fe1baf..80915af211 100644 --- a/vault/resource_rabbitmq_secret_backend.go +++ b/vault/resource_rabbitmq_secret_backend.go @@ -5,26 +5,22 @@ package vault import ( "context" - "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "log" "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" - "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" - "github.com/hashicorp/terraform-provider-vault/util/mountutil" ) func rabbitMQSecretBackendResource() *schema.Resource { - return provider.MustAddMountMigrationSchema(&schema.Resource{ - Create: rabbitMQSecretBackendCreate, - Read: provider.ReadWrapper(rabbitMQSecretBackendRead), - Update: rabbitMQSecretBackendUpdate, - Delete: rabbitMQSecretBackendDelete, - Exists: rabbitMQSecretBackendExists, + r := provider.MustAddMountMigrationSchema(&schema.Resource{ + CreateContext: rabbitMQSecretBackendCreate, + ReadContext: provider.ReadContextWrapper(rabbitMQSecretBackendRead), + UpdateContext: rabbitMQSecretBackendUpdate, + DeleteContext: rabbitMQSecretBackendDelete, CustomizeDiff: getMountCustomizeDiffFunc(consts.FieldPath), Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, @@ -94,18 +90,26 @@ func rabbitMQSecretBackendResource() *schema.Resource { }, }, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(r, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldDefaultLeaseTTL, + consts.FieldMaxLeaseTTL, + )) + + return r } -func rabbitMQSecretBackendCreate(d *schema.ResourceData, meta interface{}) error { +func rabbitMQSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } path := d.Get(consts.FieldPath).(string) - description := d.Get("description").(string) - defaultTTL := d.Get("default_lease_ttl_seconds").(int) - maxTTL := d.Get("max_lease_ttl_seconds").(int) connectionUri := d.Get("connection_uri").(string) username := d.Get("username").(string) password := d.Get("password").(string) @@ -113,17 +117,10 @@ func rabbitMQSecretBackendCreate(d *schema.ResourceData, meta interface{}) error d.Partial(true) log.Printf("[DEBUG] Mounting Rabbitmq backend at %q", path) - err := client.Sys().Mount(path, &api.MountInput{ - Type: consts.MountTypeRabbitMQ, - Description: description, - Config: api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", defaultTTL), - MaxLeaseTTL: fmt.Sprintf("%ds", maxTTL), - }, - }) - if err != nil { - return fmt.Errorf("error mounting to %q: %s", path, err) + if err := createMount(d, meta, client, path, consts.MountTypeRabbitMQ); err != nil { + return diag.FromErr(err) } + log.Printf("[DEBUG] Mounted Rabbitmq backend at %q", path) d.SetId(path) @@ -136,51 +133,35 @@ func rabbitMQSecretBackendCreate(d *schema.ResourceData, meta interface{}) error "username_template": d.Get("username_template").(string), "password_policy": d.Get("password_policy").(string), } - _, err = client.Logical().Write(path+"/config/connection", data) + _, err := client.Logical().Write(path+"/config/connection", data) if err != nil { - return fmt.Errorf("error configuring connection credentials for %q: %s", path, err) + return diag.Errorf("error configuring connection credentials for %q: %s", path, err) } log.Printf("[DEBUG] Wrote connection credentials to %q", path+"/config/connection") d.Partial(false) - return rabbitMQSecretBackendRead(d, meta) + return rabbitMQSecretBackendRead(ctx, d, meta) } -func rabbitMQSecretBackendRead(d *schema.ResourceData, meta interface{}) error { - client, e := provider.GetClient(d, meta) - if e != nil { - return e - } - +func rabbitMQSecretBackendRead(_ context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { path := d.Id() log.Printf("[DEBUG] Reading RabbitMQ secret backend mount %q from Vault", path) - ctx := context.Background() - mount, err := mountutil.GetMount(ctx, client, path) - if err != nil { - if mountutil.IsMountNotFoundError(err) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - return err + if err := d.Set(consts.FieldPath, path); err != nil { + return diag.FromErr(err) + } + if err := readMount(d, meta, true); err != nil { + return diag.FromErr(err) } - d.Set(consts.FieldPath, path) - d.Set("description", mount.Description) - d.Set("default_lease_ttl_seconds", mount.Config.DefaultLeaseTTL) - d.Set("max_lease_ttl_seconds", mount.Config.MaxLeaseTTL) - - // access key, secret key, and region, sadly, we can't read out - // the API doesn't support it - // So... if they drift, they drift. + // the API can't serve the remaining fields return nil } -func rabbitMQSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { +func rabbitMQSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } path := d.Id() @@ -188,20 +169,11 @@ func rabbitMQSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error path, err := util.Remount(d, client, consts.FieldPath, false) if err != nil { - return err + return diag.FromErr(err) } - if d.HasChanges("default_lease_ttl_seconds", "max_lease_ttl_seconds") { - config := api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", d.Get("default_lease_ttl_seconds")), - MaxLeaseTTL: fmt.Sprintf("%ds", d.Get("max_lease_ttl_seconds")), - } - log.Printf("[DEBUG] Updating lease TTLs for %q", path) - err := client.Sys().TuneMount(path, config) - if err != nil { - return fmt.Errorf("error updating mount TTLs for %q: %s", path, err) - } - log.Printf("[DEBUG] Updated lease TTLs for %q", path) + if err := updateMount(d, meta, true); err != nil { + return diag.FromErr(err) } if d.HasChanges("connection_uri", "username", "password", "verify_connection", "username_template", "password_policy") { log.Printf("[DEBUG] Updating connection credentials at %q", path+"/config/connection") @@ -215,47 +187,26 @@ func rabbitMQSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error } _, err := client.Logical().Write(path+"/config/connection", data) if err != nil { - return fmt.Errorf("error configuring connection credentials for %q: %s", path, err) + return diag.Errorf("error configuring connection credentials for %q: %s", path, err) } log.Printf("[DEBUG] Updated root credentials at %q", path+"/config/connection") } d.Partial(false) - return rabbitMQSecretBackendRead(d, meta) + return rabbitMQSecretBackendRead(ctx, d, meta) } -func rabbitMQSecretBackendDelete(d *schema.ResourceData, meta interface{}) error { +func rabbitMQSecretBackendDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } path := d.Id() log.Printf("[DEBUG] Unmounting RabbitMQ backend %q", path) - err := client.Sys().Unmount(path) + err := client.Sys().UnmountWithContext(ctx, path) if err != nil { - return fmt.Errorf("error unmounting RabbitMQ backend from %q: %s", path, err) + return diag.Errorf("error unmounting RabbitMQ backend from %q: %s", path, err) } log.Printf("[DEBUG] Unmounted RabbitMQ backend %q", path) return nil } - -func rabbitMQSecretBackendExists(d *schema.ResourceData, meta interface{}) (bool, error) { - client, e := provider.GetClient(d, meta) - if e != nil { - return false, e - } - - path := d.Id() - log.Printf("[DEBUG] Checking if RabbitMQ backend exists at %q", path) - - if _, err := mountutil.GetMount(context.Background(), client, path); err != nil { - if mountutil.IsMountNotFoundError(err) { - return false, nil - } - - // TODO: returning true here is probably wrong. We should move existence checks to the Read function. - return true, err - } - - return true, nil -} diff --git a/vault/resource_terraform_cloud_secret_backend.go b/vault/resource_terraform_cloud_secret_backend.go index 72ea1a312f..e22377ba1a 100644 --- a/vault/resource_terraform_cloud_secret_backend.go +++ b/vault/resource_terraform_cloud_secret_backend.go @@ -5,29 +5,25 @@ package vault import ( "context" - "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "log" "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" - "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" - "github.com/hashicorp/terraform-provider-vault/util/mountutil" ) func terraformCloudSecretBackendResource() *schema.Resource { - return provider.MustAddMountMigrationSchema(&schema.Resource{ - Create: terraformCloudSecretBackendCreate, - Read: provider.ReadWrapper(terraformCloudSecretBackendRead), - Update: terraformCloudSecretBackendUpdate, - Delete: terraformCloudSecretBackendDelete, - Exists: terraformCloudSecretBackendExists, + r := provider.MustAddMountMigrationSchema(&schema.Resource{ + CreateContext: terraformCloudSecretBackendCreate, + ReadContext: provider.ReadContextWrapper(terraformCloudSecretBackendRead), + UpdateContext: terraformCloudSecretBackendUpdate, + DeleteContext: terraformCloudSecretBackendDelete, CustomizeDiff: getMountCustomizeDiffFunc(consts.FieldBackend), Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, + StateContext: schema.ImportStatePassthroughContext, }, Schema: map[string]*schema.Schema{ @@ -80,110 +76,92 @@ func terraformCloudSecretBackendResource() *schema.Resource { }, }, }, false) + + // Add common mount schema to the resource + provider.MustAddSchema(r, getMountSchema( + consts.FieldPath, + consts.FieldType, + consts.FieldDescription, + consts.FieldDefaultLeaseTTL, + consts.FieldMaxLeaseTTL, + )) + + return r } -func terraformCloudSecretBackendCreate(d *schema.ResourceData, meta interface{}) error { +func terraformCloudSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } backend := d.Get("backend").(string) address := d.Get("address").(string) token := d.Get("token").(string) basePath := d.Get("base_path").(string) - description := d.Get("description").(string) - defaultLeaseTTL := d.Get("default_lease_ttl_seconds") - maxLeaseTTL := d.Get("max_lease_ttl_seconds") configPath := terraformCloudSecretBackendConfigPath(backend) - info := &api.MountInput{ - Type: consts.MountTypeTerraform, - Description: description, - Config: api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", defaultLeaseTTL), - MaxLeaseTTL: fmt.Sprintf("%ds", maxLeaseTTL), - }, - } - log.Printf("[DEBUG] Mounting Terraform Cloud backend at %q", backend) - if err := client.Sys().Mount(backend, info); err != nil { - return fmt.Errorf("Error mounting to %q: %s", backend, err) + if err := createMount(d, meta, client, backend, consts.MountTypeTerraform); err != nil { + return diag.FromErr(err) } log.Printf("[DEBUG] Mounted Terraform Cloud backend at %q", backend) d.SetId(backend) - d.Set("backend", backend) - d.Set("description", description) - d.Set("default_lease_ttl_seconds", defaultLeaseTTL) - d.Set("max_lease_ttl_seconds", maxLeaseTTL) - log.Printf("[DEBUG] Writing Terraform Cloud configuration to %q", configPath) data := map[string]interface{}{ "address": address, "token": token, "base_path": basePath, } - if _, err := client.Logical().Write(configPath, data); err != nil { - return fmt.Errorf("Error writing Terraform Cloud configuration for %q: %s", backend, err) + if _, err := client.Logical().WriteWithContext(ctx, configPath, data); err != nil { + return diag.Errorf("Error writing Terraform Cloud configuration for %q: %s", backend, err) } log.Printf("[DEBUG] Wrote Terraform Cloud configuration to %q", configPath) - d.Set("address", address) - d.Set("token", token) - d.Set("base_path", basePath) - return nil + return terraformCloudSecretBackendRead(ctx, d, meta) } -func terraformCloudSecretBackendRead(d *schema.ResourceData, meta interface{}) error { +func terraformCloudSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } backend := d.Id() configPath := terraformCloudSecretBackendConfigPath(backend) - log.Printf("[DEBUG] Reading Terraform Cloud backend mount %q from Vault", backend) - - ctx := context.Background() - mount, err := mountutil.GetMount(ctx, client, backend) - if err != nil { - if mountutil.IsMountNotFoundError(err) { - log.Printf("[WARN] Mount %q not found, removing from state.", backend) - d.SetId("") - return nil - } - return err + if err := d.Set("backend", backend); err != nil { + return diag.FromErr(err) + } + if err := readMount(d, meta, true); err != nil { + return diag.FromErr(err) } - - d.Set("backend", backend) - d.Set("description", mount.Description) - d.Set("default_lease_ttl_seconds", mount.Config.DefaultLeaseTTL) - d.Set("max_lease_ttl_seconds", mount.Config.MaxLeaseTTL) log.Printf("[DEBUG] Reading %s from Vault", configPath) - secret, err := client.Logical().Read(configPath) + secret, err := client.Logical().ReadWithContext(ctx, configPath) if err != nil { - return fmt.Errorf("error reading from Vault: %s", err) + return diag.Errorf("error reading from Vault: %s", err) } - // token, sadly, we can't read out - // the API doesn't support it - // So... if it drifts, it drift. - d.Set("address", secret.Data["address"].(string)) - d.Set("base_path", secret.Data["base_path"].(string)) + if err := d.Set("address", secret.Data["address"].(string)); err != nil { + return diag.FromErr(err) + } + if err := d.Set("base_path", secret.Data["base_path"].(string)); err != nil { + return diag.FromErr(err) + + } return nil } -func terraformCloudSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { +func terraformCloudSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } backend := d.Id() @@ -191,24 +169,11 @@ func terraformCloudSecretBackendUpdate(d *schema.ResourceData, meta interface{}) backend, e = util.Remount(d, client, consts.FieldBackend, false) if e != nil { - return e + return diag.FromErr(e) } - if d.HasChange("default_lease_ttl_seconds") || d.HasChange("max_lease_ttl_seconds") { - defaultLeaseTTL := d.Get("default_lease_ttl_seconds") - maxLeaseTTL := d.Get("max_lease_ttl_seconds") - config := api.MountConfigInput{ - DefaultLeaseTTL: fmt.Sprintf("%ds", defaultLeaseTTL), - MaxLeaseTTL: fmt.Sprintf("%ds", maxLeaseTTL), - } - - log.Printf("[DEBUG] Updating lease TTLs for %q", backend) - if err := client.Sys().TuneMount(backend, config); err != nil { - return fmt.Errorf("Error updating mount TTLs for %q: %s", backend, err) - } - - d.Set("default_lease_ttl_seconds", defaultLeaseTTL) - d.Set("max_lease_ttl_seconds", maxLeaseTTL) + if err := updateMount(d, meta, true); err != nil { + return diag.FromErr(err) } if d.HasChange("address") || d.HasChange("token") || d.HasChange("base_path") { log.Printf("[DEBUG] Updating Terraform Cloud configuration at %q", configPath) @@ -217,56 +182,40 @@ func terraformCloudSecretBackendUpdate(d *schema.ResourceData, meta interface{}) "token": d.Get("token").(string), "base_path": d.Get("base_path").(string), } - if _, err := client.Logical().Write(configPath, data); err != nil { - return fmt.Errorf("Error configuring Terraform Cloud configuration for %q: %s", backend, err) + if _, err := client.Logical().WriteWithContext(ctx, configPath, data); err != nil { + return diag.Errorf("Error configuring Terraform Cloud configuration for %q: %s", backend, err) } log.Printf("[DEBUG] Updated Terraform Cloud configuration at %q", configPath) - d.Set("address", data["address"]) - d.Set("token", data["token"]) - d.Set("base_path", data["base_path"]) + if err := d.Set("address", data["address"]); err != nil { + return diag.FromErr(err) + } + if err := d.Set("token", data["token"]); err != nil { + return diag.FromErr(err) + } + if err := d.Set("base_path", data["base_path"]); err != nil { + return diag.FromErr(err) + } } - return terraformCloudSecretBackendRead(d, meta) + return terraformCloudSecretBackendRead(ctx, d, meta) } -func terraformCloudSecretBackendDelete(d *schema.ResourceData, meta interface{}) error { +func terraformCloudSecretBackendDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { client, e := provider.GetClient(d, meta) if e != nil { - return e + return diag.FromErr(e) } backend := d.Id() log.Printf("[DEBUG] Unmounting Terraform Cloud backend %q", backend) - err := client.Sys().Unmount(backend) + err := client.Sys().UnmountWithContext(ctx, backend) if err != nil { - return fmt.Errorf("Error unmounting Terraform Cloud backend from %q: %s", backend, err) + return diag.Errorf("Error unmounting Terraform Cloud backend from %q: %s", backend, err) } log.Printf("[DEBUG] Unmounted Terraform Cloud backend %q", backend) return nil } -func terraformCloudSecretBackendExists(d *schema.ResourceData, meta interface{}) (bool, error) { - client, e := provider.GetClient(d, meta) - if e != nil { - return false, e - } - - backend := d.Id() - - log.Printf("[DEBUG] Checking if Terraform Cloud backend exists at %q", backend) - - _, err := mountutil.GetMount(context.Background(), client, backend) - if err != nil { - if mountutil.IsMountNotFoundError(err) { - return false, nil - } - - return true, fmt.Errorf("error retrieving list of mounts: %s", err) - } - - return true, nil -} - func terraformCloudSecretBackendConfigPath(backend string) string { return strings.Trim(backend, "/") + "/config" }