diff --git a/vault/resource_gcp_auth_backend_role.go b/vault/resource_gcp_auth_backend_role.go index 891dc9956..b77d4fa28 100644 --- a/vault/resource_gcp_auth_backend_role.go +++ b/vault/resource_gcp_auth_backend_role.go @@ -30,25 +30,20 @@ func gcpAuthBackendRoleResource() *schema.Resource { Required: true, ForceNew: true, }, - "project_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - }, "ttl": { Type: schema.TypeString, Optional: true, - Computed: true, + Computed: false, }, "max_ttl": { Type: schema.TypeString, Optional: true, - Computed: true, + Computed: false, }, "period": { Type: schema.TypeString, Optional: true, - Computed: true, + Computed: false, }, "policies": { Type: schema.TypeSet, @@ -56,7 +51,7 @@ func gcpAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Optional: true, - Computed: true, + Computed: false, }, "bound_service_accounts": { Type: schema.TypeSet, @@ -66,13 +61,21 @@ func gcpAuthBackendRoleResource() *schema.Resource { Optional: true, Computed: true, }, + "bound_projects": { + Type: schema.TypeSet, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Optional: true, + Computed: false, + }, "bound_zones": { Type: schema.TypeSet, Elem: &schema.Schema{ Type: schema.TypeString, }, Optional: true, - Computed: true, + Computed: false, }, "bound_regions": { Type: schema.TypeSet, @@ -80,7 +83,7 @@ func gcpAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Optional: true, - Computed: true, + Computed: false, }, "bound_instance_groups": { Type: schema.TypeSet, @@ -88,7 +91,7 @@ func gcpAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Optional: true, - Computed: true, + Computed: false, }, "bound_labels": { Type: schema.TypeSet, @@ -96,7 +99,7 @@ func gcpAuthBackendRoleResource() *schema.Resource { Type: schema.TypeString, }, Optional: true, - Computed: true, + Computed: false, }, "backend": { Type: schema.TypeString, @@ -129,10 +132,6 @@ func gcpAuthResourceWrite(d *schema.ResourceData, meta interface{}) error { data["type"] = v.(string) } - if v, ok := d.GetOk("project_id"); ok { - data["project_id"] = v.(string) - } - if v, ok := d.GetOk("ttl"); ok { data["ttl"] = v.(string) } @@ -153,6 +152,10 @@ func gcpAuthResourceWrite(d *schema.ResourceData, meta interface{}) error { data["bound_service_accounts"] = v.(*schema.Set).List() } + if v, ok := d.GetOk("bound_projects"); ok { + data["bound_projects"] = v.(*schema.Set).List() + } + if v, ok := d.GetOk("bound_zones"); ok { data["bound_zones"] = v.(*schema.Set).List() } @@ -207,6 +210,10 @@ func gcpAuthResourceUpdate(d *schema.ResourceData, meta interface{}) error { data["bound_service_accounts"] = v.(*schema.Set).List() } + if v, ok := d.GetOk("bound_projects"); ok { + data["bound_projects"] = v.(*schema.Set).List() + } + if v, ok := d.GetOk("bound_zones"); ok { data["bound_zones"] = v.(*schema.Set).List() } @@ -275,6 +282,12 @@ func gcpAuthResourceRead(d *schema.ResourceData, meta interface{}) error { schema.HashString, accounts.([]interface{}))) } + if projects, ok := resp.Data["bound_projects"]; ok { + d.Set("bound_projects", + schema.NewSet( + schema.HashString, projects.([]interface{}))) + } + if zones, ok := resp.Data["bound_zones"]; ok { d.Set("bound_zones", schema.NewSet(schema.HashString, zones.([]interface{}))) } diff --git a/vault/resource_gcp_auth_backend_role_test.go b/vault/resource_gcp_auth_backend_role_test.go index 67effbc68..fe6b2d8c5 100644 --- a/vault/resource_gcp_auth_backend_role_test.go +++ b/vault/resource_gcp_auth_backend_role_test.go @@ -106,12 +106,12 @@ func testGCPAuthBackendRoleCheck_attrs(backend, name string) resource.TestCheckF } attrs := map[string]string{ - "type": "role_type", - "project_id": "project_id", + "type": "type", "ttl": "ttl", "max_ttl": "max_ttl", "period": "period", "policies": "policies", + "bound_projects": "bound_projects", "bound_service_accounts": "bound_service_accounts", "bound_regions": "bound_regions", "bound_zones": "bound_zones", @@ -196,19 +196,19 @@ func testGCPAuthBackendRoleConfig_basic(backend, name, serviceAccount, projectId return fmt.Sprintf(` resource "vault_auth_backend" "gcp" { - path = "%s" - type = "gcp" + path = "%s" + type = "gcp" } resource "vault_gcp_auth_backend_role" "test" { - backend = "${vault_auth_backend.gcp.path}" - role = "%s" - type = "iam" - bound_service_accounts = ["%s"] - project_id = "%s" - ttl = 300 - max_ttl = 600 - policies = ["policy_a", "policy_b"] + backend = "${vault_auth_backend.gcp.path}" + role = "%s" + type = "iam" + bound_service_accounts = ["%s"] + bound_projects = ["%s"] + ttl = 300 + max_ttl = 600 + policies = ["policy_a", "policy_b"] } `, backend, name, serviceAccount, projectId) @@ -219,21 +219,21 @@ func testGCPAuthBackendRoleConfig_gce(backend, name, projectId string) string { return fmt.Sprintf(` resource "vault_auth_backend" "gcp" { - path = "%s" - type = "gcp" + path = "%s" + type = "gcp" } resource "vault_gcp_auth_backend_role" "test" { - backend = "${vault_auth_backend.gcp.path}" - role = "%s" - type = "gce" - project_id = "%s" - ttl = 300 - max_ttl = 600 - policies = ["policy_a", "policy_b"] - bound_regions = ["eu-west2"] - bound_zones = ["europe-west2-c"] - bound_labels = ["foo"] + backend = "${vault_auth_backend.gcp.path}" + role = "%s" + type = "gce" + bound_projects = ["%s"] + ttl = 300 + max_ttl = 600 + policies = ["policy_a", "policy_b"] + bound_regions = ["eu-west2"] + bound_zones = ["europe-west2-c"] + bound_labels = ["foo"] } `, backend, name, projectId)