diff --git a/internal/consts/consts.go b/internal/consts/consts.go index 2c5172ab9..c594f7b90 100644 --- a/internal/consts/consts.go +++ b/internal/consts/consts.go @@ -427,6 +427,7 @@ const ( FieldAuthenticators = "authenticators" FieldEnableSentinelParsing = "enable_sentinel_parsing" FieldAuditFields = "audit_fields" + FieldLastUpdated = "last_updated" /* common environment variables diff --git a/vault/data_source_pki_secret_backend_config_est.go b/vault/data_source_pki_secret_backend_config_est.go index 078bddaa2..19988fe2a 100644 --- a/vault/data_source_pki_secret_backend_config_est.go +++ b/vault/data_source_pki_secret_backend_config_est.go @@ -76,6 +76,11 @@ func pkiSecretBackendConfigEstDataSource() *schema.Resource { Type: schema.TypeString, }, }, + consts.FieldLastUpdated: { + Type: schema.TypeString, + Computed: true, + Description: "A read-only timestamp representing the last time the configuration was updated", + }, }, } } @@ -118,6 +123,7 @@ func readEstConfig(ctx context.Context, d *schema.ResourceData, client *api.Clie consts.FieldLabelToPathPolicy, consts.FieldEnableSentinelParsing, consts.FieldAuditFields, + consts.FieldLastUpdated, } for _, k := range keyComputedFields { diff --git a/vault/data_source_pki_secret_backend_config_est_test.go b/vault/data_source_pki_secret_backend_config_est_test.go index 49eecd7e8..5fc8e91c8 100644 --- a/vault/data_source_pki_secret_backend_config_est_test.go +++ b/vault/data_source_pki_secret_backend_config_est_test.go @@ -31,6 +31,7 @@ func TestAccDataSourcePKISecretConfigEst(t *testing.T) { resource.TestCheckResourceAttrSet(dataName, consts.FieldEnabled), resource.TestCheckResourceAttrSet(dataName, consts.FieldDefaultMount), resource.TestCheckResourceAttrSet(dataName, consts.FieldEnableSentinelParsing), + resource.TestCheckResourceAttrSet(dataName, consts.FieldLastUpdated), ), }, }, diff --git a/vault/resource_pki_secret_backend_config_est.go b/vault/resource_pki_secret_backend_config_est.go index 0d180fcd5..8d5c8403b 100644 --- a/vault/resource_pki_secret_backend_config_est.go +++ b/vault/resource_pki_secret_backend_config_est.go @@ -86,6 +86,11 @@ func pkiSecretBackendConfigEstResource() *schema.Resource { Type: schema.TypeString, }, }, + consts.FieldLastUpdated: { + Type: schema.TypeString, + Computed: true, // read-only property + Description: "A read-only timestamp representing the last time the configuration was updated", + }, }, } } diff --git a/vault/resource_pki_secret_backend_config_est_test.go b/vault/resource_pki_secret_backend_config_est_test.go index cafd318de..4152b9db7 100644 --- a/vault/resource_pki_secret_backend_config_est_test.go +++ b/vault/resource_pki_secret_backend_config_est_test.go @@ -44,6 +44,7 @@ func TestAccPKISecretBackendConfigEst_Empty(t *testing.T) { resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.%", "2"), resource.TestCheckNoResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.cert"), resource.TestCheckNoResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.userpass"), + resource.TestCheckResourceAttrSet(dataName, consts.FieldLastUpdated), // Validate we read back the data back as we did upon creation resource.TestCheckResourceAttr(dataName, consts.FieldBackend, backend), @@ -55,6 +56,7 @@ func TestAccPKISecretBackendConfigEst_Empty(t *testing.T) { resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.%", "2"), resource.TestCheckNoResourceAttr(dataName, consts.FieldAuthenticators+".0.cert"), resource.TestCheckNoResourceAttr(dataName, consts.FieldAuthenticators+".0.userpass"), + resource.TestCheckResourceAttrSet(dataName, consts.FieldLastUpdated), ), }, testutil.GetImportTestStep(resourceBackend, false, nil), @@ -99,6 +101,7 @@ func TestAccPKISecretBackendConfigEst_AllFields(t *testing.T) { resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.userpass.accessor", "test2"), resource.TestCheckResourceAttr(resourceBackend, consts.FieldEnableSentinelParsing, "true"), resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuditFields+".#", "20"), + resource.TestCheckResourceAttrSet(dataName, consts.FieldLastUpdated), // Validate that the data property can read back everything filled in resource.TestCheckResourceAttr(dataName, consts.FieldBackend, backend), @@ -117,6 +120,7 @@ func TestAccPKISecretBackendConfigEst_AllFields(t *testing.T) { resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.userpass.accessor", "test2"), resource.TestCheckResourceAttr(dataName, consts.FieldEnableSentinelParsing, "true"), resource.TestCheckResourceAttr(dataName, consts.FieldAuditFields+".#", "20"), + resource.TestCheckResourceAttrSet(dataName, consts.FieldLastUpdated), ), }, testutil.GetImportTestStep(resourceBackend, false, nil), diff --git a/website/docs/d/pki_secret_backend_config_est.html.md b/website/docs/d/pki_secret_backend_config_est.html.md index b595e59fc..9fa959f66 100644 --- a/website/docs/d/pki_secret_backend_config_est.html.md +++ b/website/docs/d/pki_secret_backend_config_est.html.md @@ -59,6 +59,8 @@ The following arguments are supported: * `label_to_path_policy` - A pairing of EST label to the configured EST behavior for it * `audit_fields` - Fields parsed from the CSR that appear in the audit and can be used by sentinel policies + +* `last_updated` - A read-only timestamp representing the last time the configuration was updated ### Nested Schema for `authenticators` diff --git a/website/docs/r/pki_secret_backend_config_est.html.md b/website/docs/r/pki_secret_backend_config_est.html.md index 368893dd9..e1897bc23 100644 --- a/website/docs/r/pki_secret_backend_config_est.html.md +++ b/website/docs/r/pki_secret_backend_config_est.html.md @@ -96,7 +96,7 @@ The following arguments are supported: ## Attributes Reference -No additional attributes are exported by this resource. +* `last_updated` - A read-only timestamp representing the last time the configuration was updated ## Import