-
Notifications
You must be signed in to change notification settings - Fork 548
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pki/secrets: add missing fields to role resource #1858
pki/secrets: add missing fields to role resource #1858
Conversation
@@ -28,48 +28,49 @@ var ( | |||
// Any new fields should probably not be added to these lists. Instead handle | |||
// them separately within a provider.IsAPISupported guard | |||
var pkiSecretFields = []string{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These were just sorted. Nothing has been added/removed
consts.FieldUseCSRSans, | ||
consts.FieldAllowLocalhost, | ||
consts.FieldAllowSubdomains, | ||
consts.FieldAllowedURISansTemplate, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the new field allowed_uri_sans_template
. There were no other additions/deletions. All other fields were sorted
consts.FieldAllowedURISansTemplate: { | ||
Type: schema.TypeBool, | ||
Optional: true, | ||
Computed: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default value from the API is "false" so we are safe to set this boolean as "Computed"
consts.FieldAllowLocalhost, | ||
consts.FieldAllowSubdomains, | ||
consts.FieldAllowedURISansTemplate, | ||
consts.FieldAllowedWildcardCertificates, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the other new field allow_wildcard_certificates
Required: false, | ||
Optional: true, | ||
Description: "Flag to allow wildcard certificates", | ||
Default: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default value returned by the Vault API is "true" so we must set the default here.
@fairclothjm would y'all be amenable to cherry picking this change to We heavily rely on the Vault Terraform Provider, and are looking to use it to configure templated PKI mount roles for clients to get SPIFFE like identity certs. w/ their identity in the URI SANs field. I believe that we'd need the |
@ianferguson This is planned for the next TFVP release. Targeting within the next few weeks. |
@fairclothjm sounds great, really appreciate the quick reply |
This PR adds the following fields to the
vault_pki_secret_backend_role
resource: