Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pki/secrets: add missing fields to role resource #1858

Conversation

@@ -28,48 +28,49 @@ var (
// Any new fields should probably not be added to these lists. Instead handle
// them separately within a provider.IsAPISupported guard
var pkiSecretFields = []string{
Copy link
Contributor Author

@fairclothjm fairclothjm May 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These were just sorted. Nothing has been added/removed

consts.FieldUseCSRSans,
consts.FieldAllowLocalhost,
consts.FieldAllowSubdomains,
consts.FieldAllowedURISansTemplate,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the new field allowed_uri_sans_template. There were no other additions/deletions. All other fields were sorted

consts.FieldAllowedURISansTemplate: {
Type: schema.TypeBool,
Optional: true,
Computed: true,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default value from the API is "false" so we are safe to set this boolean as "Computed"

@github-actions github-actions bot added size/M and removed size/S labels May 15, 2023
@fairclothjm fairclothjm changed the title pki/secrets: add allowed_uri_sans_template field to role resource pki/secrets: add missing fields to role resource May 15, 2023
consts.FieldAllowLocalhost,
consts.FieldAllowSubdomains,
consts.FieldAllowedURISansTemplate,
consts.FieldAllowedWildcardCertificates,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the other new field allow_wildcard_certificates

Required: false,
Optional: true,
Description: "Flag to allow wildcard certificates",
Default: true,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default value returned by the Vault API is "true" so we must set the default here.

@fairclothjm fairclothjm requested a review from raymonstah May 15, 2023 21:07
@fairclothjm fairclothjm merged commit 1720b2d into VAULT-5960/pki-multi-issuer May 16, 2023
@fairclothjm fairclothjm deleted the secrets/pki/role/allowed_uri_sans_template branch May 16, 2023 19:48
@ianferguson
Copy link
Contributor

@fairclothjm would y'all be amenable to cherry picking this change to main for inclusion in the next Vault Terraform Provider release?

We heavily rely on the Vault Terraform Provider, and are looking to use it to configure templated PKI mount roles for clients to get SPIFFE like identity certs. w/ their identity in the URI SANs field. I believe that we'd need the allowed_uri_sans_template from these commits to do that using the provider

@fairclothjm
Copy link
Contributor Author

@ianferguson This is planned for the next TFVP release. Targeting within the next few weeks.

@ianferguson
Copy link
Contributor

@fairclothjm sounds great, really appreciate the quick reply

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants