-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bring the Vault provider to gcp sql parity with Vault #2012
Conversation
@@ -752,6 +754,20 @@ func connectionStringResource(config *connectionStringConfig) *schema.Resource { | |||
} | |||
} | |||
|
|||
if config.isCloud { | |||
res.Schema["auth_type"] = &schema.Schema{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small nit, but should we maybe use constants for these fields? We can add them to the internal/consts.go where we keep most of them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we could - it didn't match with the rest of the file so i didn't commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, can we rebase this against main once #2035 is merged?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! Had one last comment on version checking in the get methods, but good to go otherwise. Thanks for working through this!
This PR adds the two fields for mysql and postgres databases that were added in vault 1.15 to allow Vault to use GCP IAM roles to access databases.
The change on vault added two fields, "auth_type", for which the currently only valid values is "gcp_iam", and "service_account_json", for supplying a specific json encoding of an access token.