fix: propagate the provider's namespace throughout (#1107)

* ensure that all Vault resources are provisioned under the namespace of the provider.
hashicorp · Jul 22, 2021 · f652207 · f652207
1 parent e278a16
commit f652207
Show file tree

Hide file tree

Showing 643 changed files with 79,794 additions and 44,662 deletions.
diff --git a/go.mod b/go.mod
@@ -3,20 +3,23 @@ module github.com/hashicorp/terraform-provider-vault
 go 1.16
 
 require (
-	github.com/Azure/azure-sdk-for-go v29.0.0+incompatible
-	github.com/Azure/go-autorest v11.7.1+incompatible
-	github.com/aws/aws-sdk-go v1.30.27
+	github.com/Azure/azure-sdk-for-go v51.1.0+incompatible
+	github.com/Azure/go-autorest/autorest v0.11.17
+	github.com/Azure/go-autorest/autorest/azure/auth v0.5.7
+	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
+	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
+	github.com/aws/aws-sdk-go v1.37.19
 	github.com/go-sql-driver/mysql v1.5.0
 	github.com/gosimple/slug v1.4.1
-	github.com/hashicorp/errwrap v1.0.0
-	github.com/hashicorp/go-cleanhttp v0.5.1
-	github.com/hashicorp/go-hclog v0.14.1
-	github.com/hashicorp/go-multierror v1.1.0
+	github.com/hashicorp/errwrap v1.1.0
+	github.com/hashicorp/go-cleanhttp v0.5.2
+	github.com/hashicorp/go-hclog v0.16.1
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-retryablehttp v0.6.8 // indirect
 	github.com/hashicorp/terraform-plugin-sdk v1.9.0
 	github.com/hashicorp/vault v1.2.0
-	github.com/hashicorp/vault/api v1.0.5-0.20200519221902-385fac77e20f
-	github.com/hashicorp/vault/sdk v0.1.14-0.20210526173046-412db2245e81
+	github.com/hashicorp/vault/api v1.1.2-0.20210719211531-6b31c12b0af2
+	github.com/hashicorp/vault/sdk v0.2.1
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
 )
diff --git a/go.sum b/go.sum
diff --git a/vault/provider.go b/vault/provider.go
@@ -735,6 +735,9 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to configure Vault API: %s", err)
 	}
+
+	client.SetCloneHeaders(true)
+
 	// Set headers if provided
 	headers := d.Get("headers").([]interface{})
 	parsedHeaders := client.Headers().Clone()

diff --git a/vault/resource_approle_auth_backend_role_secret_id_test.go b/vault/resource_approle_auth_backend_role_secret_id_test.go
@@ -7,7 +7,9 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+	"github.com/hashicorp/terraform-provider-vault/util"
 	"github.com/hashicorp/vault/api"
+	"github.com/hashicorp/vault/sdk/helper/consts"
 )
 
 const secretIDResource = "vault_approle_auth_backend_role_secret_id.secret_id"
@@ -38,7 +40,7 @@ func TestAccAppRoleAuthBackendRoleSecretID_wrapped(t *testing.T) {
 	role := acctest.RandomWithPrefix("test-role")
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:     func() { testAccPreCheck(t) },
+		PreCheck:     func() { util.TestAccPreCheck(t) },
 		Providers:    testProviders,
 		CheckDestroy: testAccCheckAppRoleAuthBackendRoleSecretIDDestroy,
 		Steps: []resource.TestStep{
@@ -55,6 +57,39 @@ func TestAccAppRoleAuthBackendRoleSecretID_wrapped(t *testing.T) {
 	})
 }
 
+func TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace(t *testing.T) {
+	backend := acctest.RandomWithPrefix("approle")
+	role := acctest.RandomWithPrefix("test-role")
+
+	namespacePath := acctest.RandomWithPrefix("test-namespace")
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { util.TestEntPreCheck(t) },
+		Providers: testProviders,
+		CheckDestroy: func(s *terraform.State) error {
+			if err := testAccCheckAppRoleAuthBackendRoleSecretIDDestroy(s); err != nil {
+				return err
+			}
+			return testNamespaceDestroy(namespacePath)(s)
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testNamespaceConfig(namespacePath),
+				Check:  testNamespaceCheckAttrs(),
+			},
+			{
+				Config: testAccAppRoleAuthBackendRoleSecretIDConfig_wrapped_namespace(namespacePath, backend, role),
+				Check: resource.ComposeTestCheckFunc(
+					testAssertClientNamespace(namespacePath),
+					resource.TestCheckResourceAttr(secretIDResource, "backend", backend),
+					resource.TestCheckResourceAttr(secretIDResource, "role_name", role),
+					resource.TestCheckResourceAttrSet(secretIDResource, "wrapping_accessor"),
+					resource.TestCheckResourceAttrSet(secretIDResource, "wrapping_token"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAppRoleAuthBackendRoleSecretID_full(t *testing.T) {
 	backend := acctest.RandomWithPrefix("approle")
 	role := acctest.RandomWithPrefix("test-role")
@@ -163,3 +198,24 @@ resource "vault_approle_auth_backend_role_secret_id" "secret_id" {
   wrapping_ttl = "60s"
 }`, backend, role)
 }
+
+func testAccAppRoleAuthBackendRoleSecretIDConfig_wrapped_namespace(namespacePath, backend, role string) string {
+	return fmt.Sprintf(`
+provider "vault" {
+	namespace = %q
+}
+
+%s
+`, namespacePath, testAccAppRoleAuthBackendRoleSecretIDConfig_wrapped(backend, role))
+}
+
+func testAssertClientNamespace(expectedNS string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := testProvider.Meta().(*api.Client)
+		actualNS := client.Headers().Get(consts.NamespaceHeaderName)
+		if actualNS != expectedNS {
+			return fmt.Errorf("expected namespace %v, actual %v", expectedNS, actualNS)
+		}
+		return nil
+	}
+}
diff --git a/vendor/contrib.go.opencensus.io/exporter/ocagent/.travis.yml b/vendor/contrib.go.opencensus.io/exporter/ocagent/.travis.yml
diff --git a/vendor/contrib.go.opencensus.io/exporter/ocagent/CONTRIBUTING.md b/vendor/contrib.go.opencensus.io/exporter/ocagent/CONTRIBUTING.md
diff --git a/vendor/contrib.go.opencensus.io/exporter/ocagent/README.md b/vendor/contrib.go.opencensus.io/exporter/ocagent/README.md
diff --git a/vendor/contrib.go.opencensus.io/exporter/ocagent/common.go b/vendor/contrib.go.opencensus.io/exporter/ocagent/common.go
diff --git a/vendor/contrib.go.opencensus.io/exporter/ocagent/connection.go b/vendor/contrib.go.opencensus.io/exporter/ocagent/connection.go
diff --git a/vendor/contrib.go.opencensus.io/exporter/ocagent/go.mod b/vendor/contrib.go.opencensus.io/exporter/ocagent/go.mod