From 28e0b198af36dde49bddf74b93b702679371daa8 Mon Sep 17 00:00:00 2001 From: Ben Ash <32777270+benashz@users.noreply.github.com> Date: Mon, 8 Jul 2024 10:56:41 -0400 Subject: [PATCH] Ensure all mount errors are covered (#2289) * CI: Test against vault enterprise 1.17.1 and bump other versions * Build: Add support running tests using gotestsum * CI: Drop 1.11.12-ent --- .github/workflows/build.yml | 8 +- Makefile | 11 ++- go.mod | 2 +- util/mountutil/mountutil.go | 90 +++++++++-------- util/mountutil/mountutil_test.go | 99 +++++++++++++++++++ vault/resource_ad_secret_backend.go | 15 ++- vault/resource_auth_backend.go | 20 ++-- vault/resource_aws_secret_backend.go | 12 +-- vault/resource_azure_secret_backend.go | 12 +-- vault/resource_consul_secret_backend.go | 12 +-- vault/resource_gcp_auth_backend.go | 12 +-- vault/resource_gcp_secret_backend.go | 12 +-- vault/resource_github_auth_backend.go | 18 ++-- vault/resource_jwt_auth_backend.go | 17 ++-- vault/resource_kmip_secret_backend.go | 4 +- vault/resource_ldap_auth_backend.go | 20 ++-- vault/resource_mount.go | 19 ++-- vault/resource_nomad_secret_backend.go | 15 ++- vault/resource_okta_auth_backend.go | 11 +-- vault/resource_pki_secret_backend_cert.go | 12 +-- vault/resource_rabbitmq_secret_backend.go | 25 +++-- vault/resource_secrets_sync_association.go | 8 +- ...resource_terraform_cloud_secret_backend.go | 23 +++-- 23 files changed, 282 insertions(+), 195 deletions(-) create mode 100644 util/mountutil/mountutil_test.go diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index de24a441a0..7041137c6c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -63,12 +63,12 @@ jobs: fail-fast: false matrix: image: - - "vault-enterprise:1.11.12-ent" - "vault-enterprise:1.12.11-ent" - "vault-enterprise:1.13.13-ent" - - "vault-enterprise:1.14.12-ent" - - "vault-enterprise:1.15.8-ent" - - "vault-enterprise:1.16.2-ent" + - "vault-enterprise:1.14.13-ent" + - "vault-enterprise:1.15.11-ent" + - "vault-enterprise:1.16.5-ent" + - "vault-enterprise:1.17.1-ent" - "vault:latest" services: vault: diff --git a/Makefile b/Makefile index 5034707e8f..356e0589a1 100644 --- a/Makefile +++ b/Makefile @@ -17,12 +17,21 @@ build: go-version-check fmtcheck test: go-version-check fmtcheck TF_ACC= VAULT_TOKEN= go test $(TESTARGS) -timeout 10m $(TEST_PATH) +testsum: go-version-check fmtcheck + TF_ACC= VAULT_TOKEN= gotestsum $(TEST_PATH) $(TESTARGS) -test.timeout 10m + testacc: fmtcheck TF_ACC=1 go test $(TESTARGS) -timeout 30m $(TEST_PATH) +testaccsum: fmtcheck + TF_ACC=1 gotestsum $(TEST_PATH) $(TESTARGS) -timeout 30m + testacc-ent: make testacc TF_ACC_ENTERPRISE=1 +testaccsum-ent: + make testaccsum TF_ACC_ENTERPRISE=1 + dev: go-version-check fmtcheck go build -o terraform-provider-vault mv terraform-provider-vault ~/.terraform.d/plugins/ @@ -71,4 +80,4 @@ ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO))) endif @$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME) -.PHONY: build test testacc testacc-ent vet fmt fmtcheck errcheck test-compile website website-test go-version-check +.PHONY: build test testacc testacc-ent vet fmt fmtcheck errcheck test-compile website website-test go-version-check testaccsum testaccsum-ent diff --git a/go.mod b/go.mod index 913148b1a1..6485737826 100644 --- a/go.mod +++ b/go.mod @@ -34,6 +34,7 @@ require ( github.com/jcmturner/gokrb5/v8 v8.4.4 github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/mapstructure v1.5.0 + github.com/stretchr/testify v1.9.0 golang.org/x/crypto v0.23.0 golang.org/x/net v0.25.0 golang.org/x/oauth2 v0.18.0 @@ -148,7 +149,6 @@ require ( github.com/sasha-s/go-deadlock v0.2.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sony/gobreaker v0.5.0 // indirect - github.com/stretchr/testify v1.9.0 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect diff --git a/util/mountutil/mountutil.go b/util/mountutil/mountutil.go index 6aab562b65..dc44f15c62 100644 --- a/util/mountutil/mountutil.go +++ b/util/mountutil/mountutil.go @@ -6,17 +6,18 @@ package mountutil import ( "context" "errors" - "fmt" + "net/http" "strings" - "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/vault/api" + + "github.com/hashicorp/terraform-provider-vault/internal/consts" ) // Error strings that are returned by the Vault API. const ( - ErrVaultSecretMountNotFound = "No secret engine mount at" - ErrVaultAuthMountNotFound = "No auth engine at" + VaultSecretMountNotFoundErrMsg = "No secret engine mount at" + VaultAuthMountNotFoundErrMsg = "No auth engine at" ) // Error strings that are used internally by TFVP @@ -28,40 +29,24 @@ var ( // GetMount will fetch the secret mount at the given path. func GetMount(ctx context.Context, client *api.Client, path string) (*api.MountOutput, error) { - mount, err := client.Sys().GetMountWithContext(ctx, path) - // Hardcoding the error string check is not ideal, but Vault does not - // return 404 in this case - if err != nil && strings.Contains(err.Error(), ErrVaultSecretMountNotFound) { - return nil, fmt.Errorf("%w: %s", ErrMountNotFound, err) - } - // some other error occured, like 403, etc. - if err != nil { - return nil, fmt.Errorf("error reading from Vault: %s", err) - } - // no error but no mount either, so return not found - if mount == nil { - return nil, fmt.Errorf("%w: %s", ErrMountNotFound, err) + if resp, err := client.Sys().GetMountWithContext(ctx, path); err != nil { + return nil, err + } else if resp == nil { + return nil, ErrMountNotFound + } else { + return resp, nil } - return mount, nil } // GetAuthMount will fetch the auth mount at the given path. func GetAuthMount(ctx context.Context, client *api.Client, path string) (*api.MountOutput, error) { - mount, err := client.Sys().GetAuthWithContext(ctx, path) - // Hardcoding the error string check is not ideal, but Vault does not - // return 404 in this case - if err != nil && strings.Contains(err.Error(), ErrVaultAuthMountNotFound) { - return nil, fmt.Errorf("%w: %s", ErrMountNotFound, err) + if resp, err := client.Sys().GetAuthWithContext(ctx, path); err != nil { + return nil, err + } else if resp == nil { + return nil, ErrMountNotFound + } else { + return resp, nil } - // some other error occured, like 403, etc. - if err != nil { - return nil, fmt.Errorf("error reading from Vault: %s", err) - } - // no error but no mount either, so return not found - if mount == nil { - return nil, fmt.Errorf("%w: %s", ErrMountNotFound, err) - } - return mount, nil } // NormalizeMountPath to be in a form valid for accessing values from api.MountOutput @@ -74,21 +59,40 @@ func TrimSlashes(path string) string { return strings.Trim(path, consts.PathDelim) } -// CheckMountEnabledWithContext in Vault -func CheckMountEnabledWithContext(ctx context.Context, client *api.Client, path string) (bool, error) { - _, err := GetMount(ctx, client, path) - if errors.Is(err, ErrMountNotFound) { - return false, err - } - - if err != nil { +// CheckMountEnabled in Vault +func CheckMountEnabled(ctx context.Context, client *api.Client, path string) (bool, error) { + if _, err := GetMount(ctx, client, path); err != nil { + if IsMountNotFoundError(err) { + return false, nil + } return false, err } return true, nil } -// CheckMountEnabled in Vault -func CheckMountEnabled(client *api.Client, path string) (bool, error) { - return CheckMountEnabledWithContext(context.Background(), client, path) +// IsMountNotFoundError returns true if error is a mount not found error. +func IsMountNotFoundError(err error) bool { + var respErr *api.ResponseError + if errors.As(err, &respErr) && respErr != nil { + if respErr.StatusCode == http.StatusNotFound { + return true + } + if respErr.StatusCode == http.StatusBadRequest { + for _, e := range respErr.Errors { + if strings.Contains(e, VaultSecretMountNotFoundErrMsg) { + return true + } + if strings.Contains(e, VaultAuthMountNotFoundErrMsg) { + return true + } + } + } + } + + if errors.Is(err, ErrMountNotFound) { + return true + } + + return false } diff --git a/util/mountutil/mountutil_test.go b/util/mountutil/mountutil_test.go new file mode 100644 index 0000000000..ab894a467a --- /dev/null +++ b/util/mountutil/mountutil_test.go @@ -0,0 +1,99 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package mountutil + +import ( + "net/http" + "testing" + + "github.com/hashicorp/vault/api" + "github.com/stretchr/testify/assert" +) + +func TestIsMountNotFoundError(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + err error + want bool + }{ + { + name: "with-err-mount-not-found", + err: ErrMountNotFound, + want: true, + }, + { + name: "with-response-error-no-secret-engine-mount", + err: &api.ResponseError{ + StatusCode: http.StatusBadRequest, + Errors: []string{ + "No secret engine mount at auth/operator/", + }, + }, + want: true, + }, + { + name: "with-response-error-no-auth-engine-mount", + err: &api.ResponseError{ + StatusCode: http.StatusBadRequest, + Errors: []string{ + "No auth engine at auth/operator/", + }, + }, + want: true, + }, + { + name: "with-response-error-both", + err: &api.ResponseError{ + StatusCode: http.StatusBadRequest, + Errors: []string{ + "No secret engine mount at auth/operator/", + "No auth engine at auth/operator/", + }, + }, + want: true, + }, + { + name: "with-response-error-others", + err: &api.ResponseError{ + StatusCode: http.StatusBadRequest, + Errors: []string{ + "Some other error", + "No auth engine at auth/operator/", + }, + }, + want: true, + }, + { + name: "with-not-found-status-code", + err: &api.ResponseError{ + StatusCode: http.StatusNotFound, + Errors: []string{ + "some error", + }, + }, + want: true, + }, + { + name: "with-response-error-canary", + err: &api.ResponseError{ + StatusCode: http.StatusBadRequest, + Errors: []string{ + "secret engine mount", + }, + }, + want: false, + }, + { + name: "with-nil-error", + want: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equalf(t, tt.want, IsMountNotFoundError(tt.err), "IsMountNotFoundError(%v)", tt.err) + }) + } +} diff --git a/vault/resource_ad_secret_backend.go b/vault/resource_ad_secret_backend.go index b287cbfcfb..3365057ada 100644 --- a/vault/resource_ad_secret_backend.go +++ b/vault/resource_ad_secret_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -344,14 +343,14 @@ func readConfigResource(d *schema.ResourceData, meta interface{}) error { path := d.Id() log.Printf("[DEBUG] Reading %q", path) - mount, err := mountutil.GetMount(context.Background(), client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - + ctx := context.Background() + mount, err := mountutil.GetMount(ctx, client, path) if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return err } diff --git a/vault/resource_auth_backend.go b/vault/resource_auth_backend.go index 2f6731334e..5d28679ba3 100644 --- a/vault/resource_auth_backend.go +++ b/vault/resource_auth_backend.go @@ -5,17 +5,16 @@ package vault import ( "context" - "errors" - "log" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/vault/api" + "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" "github.com/hashicorp/terraform-provider-vault/util/mountutil" - "github.com/hashicorp/vault/api" ) func AuthBackendResource() *schema.Resource { @@ -145,13 +144,12 @@ func authBackendRead(ctx context.Context, d *schema.ResourceData, meta interface path := d.Id() mount, err := mountutil.GetAuthMount(ctx, client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } @@ -171,9 +169,9 @@ func authBackendRead(ctx context.Context, d *schema.ResourceData, meta interface return diag.FromErr(err) } // TODO: uncomment when identity token key is being returned on the read mount endpoint - //if err := d.Set(consts.FieldIdentityTokenKey, mount.Config.IdentityTokenKey); err != nil { + // if err := d.Set(consts.FieldIdentityTokenKey, mount.Config.IdentityTokenKey); err != nil { // return diag.FromErr(err) - //} + // } return nil } diff --git a/vault/resource_aws_secret_backend.go b/vault/resource_aws_secret_backend.go index 1c317d541e..8cf22b25a8 100644 --- a/vault/resource_aws_secret_backend.go +++ b/vault/resource_aws_secret_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -256,13 +255,12 @@ func awsSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta inte log.Printf("[DEBUG] Reading AWS backend mount %q from Vault", path) mount, err := mountutil.GetMount(ctx, client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_azure_secret_backend.go b/vault/resource_azure_secret_backend.go index cf4727e945..d9011cd80b 100644 --- a/vault/resource_azure_secret_backend.go +++ b/vault/resource_azure_secret_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -166,13 +165,12 @@ func azureSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta in log.Printf("[DEBUG] Reading Azure backend mount %q from Vault", path) mount, err := mountutil.GetMount(ctx, client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index 2d5e36b249..24e38309b7 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -201,13 +200,12 @@ func consulSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta i log.Printf("[DEBUG] Reading Consul backend mount %q from Vault", path) mount, err := mountutil.GetMount(ctx, client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_gcp_auth_backend.go b/vault/resource_gcp_auth_backend.go index 79110eab89..f4db02170e 100644 --- a/vault/resource_gcp_auth_backend.go +++ b/vault/resource_gcp_auth_backend.go @@ -6,7 +6,6 @@ package vault import ( "context" "encoding/json" - "errors" "fmt" "log" "strings" @@ -383,13 +382,12 @@ func gcpAuthBackendRead(ctx context.Context, d *schema.ResourceData, meta interf } mount, err := mountutil.GetAuthMount(ctx, client, gcpPath) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", gcpPath) - d.SetId("") - return nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", gcpPath) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_gcp_secret_backend.go b/vault/resource_gcp_secret_backend.go index cecb653391..f5d386eaa8 100644 --- a/vault/resource_gcp_secret_backend.go +++ b/vault/resource_gcp_secret_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -197,13 +196,12 @@ func gcpSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta inte log.Printf("[DEBUG] Reading GCP backend mount %q from Vault", path) mount, err := mountutil.GetMount(ctx, client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_github_auth_backend.go b/vault/resource_github_auth_backend.go index ecb8aa2fc6..edf83442c5 100644 --- a/vault/resource_github_auth_backend.go +++ b/vault/resource_github_auth_backend.go @@ -5,18 +5,17 @@ package vault import ( "context" - "errors" - "log" "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/vault/api" + "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" "github.com/hashicorp/terraform-provider-vault/util/mountutil" - "github.com/hashicorp/vault/api" ) func githubAuthBackendResource() *schema.Resource { @@ -183,14 +182,13 @@ func githubAuthBackendRead(ctx context.Context, d *schema.ResourceData, meta int configPath := path + "/config" log.Printf("[DEBUG] Reading github auth mount from '%q'", path) - mount, err := mountutil.GetAuthMount(context.Background(), client, d.Id()) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - + mount, err := mountutil.GetAuthMount(ctx, client, d.Id()) if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_jwt_auth_backend.go b/vault/resource_jwt_auth_backend.go index 3cb0ef9842..a0a61da3c5 100644 --- a/vault/resource_jwt_auth_backend.go +++ b/vault/resource_jwt_auth_backend.go @@ -7,18 +7,18 @@ import ( "context" "errors" "fmt" - "log" "strconv" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/hashicorp/vault/api" + "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" "github.com/hashicorp/terraform-provider-vault/util/mountutil" - "github.com/hashicorp/vault/api" ) func jwtAuthBackendResource() *schema.Resource { @@ -276,14 +276,13 @@ func jwtAuthBackendRead(ctx context.Context, d *schema.ResourceData, meta interf } d.Set("path", path) - mount, err := mountutil.GetAuthMount(context.Background(), client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - + mount, err := mountutil.GetAuthMount(ctx, client, path) if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_kmip_secret_backend.go b/vault/resource_kmip_secret_backend.go index f771d7129b..ad65e91ad6 100644 --- a/vault/resource_kmip_secret_backend.go +++ b/vault/resource_kmip_secret_backend.go @@ -4,6 +4,7 @@ package vault import ( + "context" "fmt" "log" "time" @@ -157,6 +158,7 @@ func kmipSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("error remounting in Vault: %s", err) } + ctx := context.Background() // There is something similar in resource_mount.go, but in the call to TuneMount(). var tries int for { @@ -165,7 +167,7 @@ func kmipSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { "mount %q did did not become available after %d tries, interval=1s", dest, tries) } - enabled, err := mountutil.CheckMountEnabled(client, dest) + enabled, err := mountutil.CheckMountEnabled(ctx, client, dest) if err != nil { return err } diff --git a/vault/resource_ldap_auth_backend.go b/vault/resource_ldap_auth_backend.go index e892fa46e8..497e07d5fc 100644 --- a/vault/resource_ldap_auth_backend.go +++ b/vault/resource_ldap_auth_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "log" "strings" @@ -319,21 +318,20 @@ func ldapAuthBackendRead(ctx context.Context, d *schema.ResourceData, meta inter path := d.Id() - authMount, err := mountutil.GetAuthMount(ctx, client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - + mount, err := mountutil.GetAuthMount(ctx, client, path) if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } d.Set(consts.FieldPath, path) - d.Set(consts.FieldDescription, authMount.Description) - d.Set(consts.FieldAccessor, authMount.Accessor) - d.Set(consts.FieldLocal, authMount.Local) + d.Set(consts.FieldDescription, mount.Description) + d.Set(consts.FieldAccessor, mount.Accessor) + d.Set(consts.FieldLocal, mount.Local) path = ldapAuthBackendConfigPath(path) diff --git a/vault/resource_mount.go b/vault/resource_mount.go index 1a2dccfff3..b4c0fb2879 100644 --- a/vault/resource_mount.go +++ b/vault/resource_mount.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "time" @@ -383,14 +382,14 @@ func readMount(d *schema.ResourceData, meta interface{}, excludeType bool) error log.Printf("[DEBUG] Reading mount %s from Vault", path) - mount, err := mountutil.GetMount(context.Background(), client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - + ctx := context.Background() + mount, err := mountutil.GetMount(ctx, client, path) if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return err } @@ -457,9 +456,9 @@ func readMount(d *schema.ResourceData, meta interface{}, excludeType bool) error } // @TODO add this back in when Vault 1.16.3 is released - //if err := d.Set(consts.FieldDelegatedAuthAccessors, mount.Config.DelegatedAuthAccessors); err != nil { + // if err := d.Set(consts.FieldDelegatedAuthAccessors, mount.Config.DelegatedAuthAccessors); err != nil { // return err - //} + // } if err := d.Set(consts.FieldListingVisibility, mount.Config.ListingVisibility); err != nil { return err } diff --git a/vault/resource_nomad_secret_backend.go b/vault/resource_nomad_secret_backend.go index dd1489ce01..37e0ebea19 100644 --- a/vault/resource_nomad_secret_backend.go +++ b/vault/resource_nomad_secret_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -201,14 +200,14 @@ func readNomadAccessConfigResource(d *schema.ResourceData, meta interface{}) err path := d.Id() log.Printf("[DEBUG] Reading %q", path) - mount, err := mountutil.GetMount(context.Background(), client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - + ctx := context.Background() + mount, err := mountutil.GetMount(ctx, client, path) if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return err } diff --git a/vault/resource_okta_auth_backend.go b/vault/resource_okta_auth_backend.go index ffcf048d44..697f5e78ae 100644 --- a/vault/resource_okta_auth_backend.go +++ b/vault/resource_okta_auth_backend.go @@ -315,13 +315,12 @@ func oktaAuthBackendRead(ctx context.Context, d *schema.ResourceData, meta inter log.Printf("[DEBUG] Reading auth %s from Vault", path) mount, err := mountutil.GetAuthMount(ctx, client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_pki_secret_backend_cert.go b/vault/resource_pki_secret_backend_cert.go index fc44a5ee60..421f19ec5e 100644 --- a/vault/resource_pki_secret_backend_cert.go +++ b/vault/resource_pki_secret_backend_cert.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -336,13 +335,12 @@ func pkiSecretBackendCertRead(ctx context.Context, d *schema.ResourceData, meta path := d.Get(consts.FieldBackend).(string) _, err := mountutil.GetMount(ctx, client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return diag.FromErr(err) } diff --git a/vault/resource_rabbitmq_secret_backend.go b/vault/resource_rabbitmq_secret_backend.go index 3b28c8435c..5404fe1baf 100644 --- a/vault/resource_rabbitmq_secret_backend.go +++ b/vault/resource_rabbitmq_secret_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -155,14 +154,14 @@ func rabbitMQSecretBackendRead(d *schema.ResourceData, meta interface{}) error { path := d.Id() log.Printf("[DEBUG] Reading RabbitMQ secret backend mount %q from Vault", path) - mount, err := mountutil.GetMount(context.Background(), client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", path) - d.SetId("") - return nil - } - + ctx := context.Background() + mount, err := mountutil.GetMount(ctx, client, path) if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", path) + d.SetId("") + return nil + } return err } @@ -249,12 +248,12 @@ func rabbitMQSecretBackendExists(d *schema.ResourceData, meta interface{}) (bool path := d.Id() log.Printf("[DEBUG] Checking if RabbitMQ backend exists at %q", path) - _, err := mountutil.GetMount(context.Background(), client, path) - if errors.Is(err, mountutil.ErrMountNotFound) { - return false, nil - } + if _, err := mountutil.GetMount(context.Background(), client, path); err != nil { + if mountutil.IsMountNotFoundError(err) { + return false, nil + } - if err != nil { + // TODO: returning true here is probably wrong. We should move existence checks to the Read function. return true, err } diff --git a/vault/resource_secrets_sync_association.go b/vault/resource_secrets_sync_association.go index 25b9ed8dea..3921b915bc 100644 --- a/vault/resource_secrets_sync_association.go +++ b/vault/resource_secrets_sync_association.go @@ -6,7 +6,6 @@ package vault import ( "context" "encoding/json" - "errors" "fmt" "log" "regexp" @@ -251,11 +250,10 @@ func getMountAccessor(ctx context.Context, d *schema.ResourceData, meta interfac log.Printf("[DEBUG] Reading mount %s from Vault", mount) m, err := mountutil.GetMount(ctx, client, mount) - if errors.Is(err, mountutil.ErrMountNotFound) { - return "", fmt.Errorf("expected mount at %s; no mount found", mount) - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + return "", fmt.Errorf("expected mount at %s; no mount found: %w", mount, err) + } return "", err } diff --git a/vault/resource_terraform_cloud_secret_backend.go b/vault/resource_terraform_cloud_secret_backend.go index 3586a98144..72ea1a312f 100644 --- a/vault/resource_terraform_cloud_secret_backend.go +++ b/vault/resource_terraform_cloud_secret_backend.go @@ -5,7 +5,6 @@ package vault import ( "context" - "errors" "fmt" "log" "strings" @@ -150,14 +149,14 @@ func terraformCloudSecretBackendRead(d *schema.ResourceData, meta interface{}) e log.Printf("[DEBUG] Reading Terraform Cloud backend mount %q from Vault", backend) - mount, err := mountutil.GetMount(context.Background(), client, backend) - if errors.Is(err, mountutil.ErrMountNotFound) { - log.Printf("[WARN] Mount %q not found, removing from state.", backend) - d.SetId("") - return nil - } - + ctx := context.Background() + mount, err := mountutil.GetMount(ctx, client, backend) if err != nil { + if mountutil.IsMountNotFoundError(err) { + log.Printf("[WARN] Mount %q not found, removing from state.", backend) + d.SetId("") + return nil + } return err } @@ -257,11 +256,11 @@ func terraformCloudSecretBackendExists(d *schema.ResourceData, meta interface{}) log.Printf("[DEBUG] Checking if Terraform Cloud backend exists at %q", backend) _, err := mountutil.GetMount(context.Background(), client, backend) - if errors.Is(err, mountutil.ErrMountNotFound) { - return false, nil - } - if err != nil { + if mountutil.IsMountNotFoundError(err) { + return false, nil + } + return true, fmt.Errorf("error retrieving list of mounts: %s", err) }