Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[k8s auth backend confiugration] Introduce disable_iss_validation and disable_local_ca_jwt params #870

Merged
merged 4 commits into from
Oct 8, 2020
Merged

[k8s auth backend confiugration] Introduce disable_iss_validation and disable_local_ca_jwt params #870

merged 4 commits into from
Oct 8, 2020

Conversation

riuvshyn
Copy link
Contributor

@riuvshyn riuvshyn commented Sep 24, 2020
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

This PR adds new disable_iss_validation and disable_local_ca_jwt options in Vault k8s auth backend introduced in: hashicorp/vault-plugin-auth-kubernetes#91
hashicorp/vault-plugin-auth-kubernetes#97

Release note for CHANGELOG:

Add `disable_iss_validation` config param to k8s auth backend
Add `disable_local_ca_jwt` config param to k8s auth backend

Output from acceptance testing:

$ TESTARGS="--run TestAccKubernetes" make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v --run TestAccKubernetes -timeout 120m
?       github.com/terraform-providers/terraform-provider-vault [no test files]
?       github.com/terraform-providers/terraform-provider-vault/cmd/coverage    [no test files]
?       github.com/terraform-providers/terraform-provider-vault/cmd/generate    [no test files]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/codegen (cached) [no tests to run]
?       github.com/terraform-providers/terraform-provider-vault/generated       [no test files]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/generated/datasources/transform/decode  (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/generated/datasources/transform/encode  (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/generated/resources/transform/alphabet  (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/generated/resources/transform/role      (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/generated/resources/transform/template  (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/generated/resources/transform/transformation    (cached) [no tests to run]
?       github.com/terraform-providers/terraform-provider-vault/schema  [no test files]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/util    (cached) [no tests to run]
=== RUN   TestAccKubernetesAuthBackendConfigDataSource_basic
--- PASS: TestAccKubernetesAuthBackendConfigDataSource_basic (0.27s)
=== RUN   TestAccKubernetesAuthBackendConfigDataSource_full
--- PASS: TestAccKubernetesAuthBackendConfigDataSource_full (0.24s)
=== RUN   TestAccKubernetesAuthBackendRoleDataSource_basic
--- PASS: TestAccKubernetesAuthBackendRoleDataSource_basic (0.24s)
=== RUN   TestAccKubernetesAuthBackendRoleDataSource_full
--- PASS: TestAccKubernetesAuthBackendRoleDataSource_full (0.24s)
=== RUN   TestAccKubernetesAuthBackendConfig_import
--- PASS: TestAccKubernetesAuthBackendConfig_import (0.26s)
=== RUN   TestAccKubernetesAuthBackendConfig_basic
--- PASS: TestAccKubernetesAuthBackendConfig_basic (0.13s)
=== RUN   TestAccKubernetesAuthBackendConfig_update
--- PASS: TestAccKubernetesAuthBackendConfig_update (0.22s)
=== RUN   TestAccKubernetesAuthBackendConfig_full
--- PASS: TestAccKubernetesAuthBackendConfig_full (0.13s)
=== RUN   TestAccKubernetesAuthBackendConfig_fullUpdate
--- PASS: TestAccKubernetesAuthBackendConfig_fullUpdate (0.22s)
=== RUN   TestAccKubernetesAuthBackendRole_import
--- PASS: TestAccKubernetesAuthBackendRole_import (0.15s)
=== RUN   TestAccKubernetesAuthBackendRole_basic
--- PASS: TestAccKubernetesAuthBackendRole_basic (0.13s)
=== RUN   TestAccKubernetesAuthBackendRole_update
--- PASS: TestAccKubernetesAuthBackendRole_update (0.23s)
=== RUN   TestAccKubernetesAuthBackendRole_full
--- PASS: TestAccKubernetesAuthBackendRole_full (0.13s)
=== RUN   TestAccKubernetesAuthBackendRole_fullUpdate
--- PASS: TestAccKubernetesAuthBackendRole_fullUpdate (0.41s)
=== RUN   TestAccKubernetesAuthBackendRole_fullDeprecated
--- PASS: TestAccKubernetesAuthBackendRole_fullDeprecated (0.23s)
PASS
ok      github.com/terraform-providers/terraform-provider-vault/vault   (cached)

@riuvshyn
Copy link
Contributor Author

cc @catsby I can also cover hashicorp/vault-plugin-auth-kubernetes#97 in this pr.

@riuvshyn
Copy link
Contributor Author

@tvoran @catsby I've also included disable_local_ca_jwt param in this pr.

@riuvshyn riuvshyn changed the title [k8s auth backend confiugration] Introduce disable_iss_validation param [k8s auth backend confiugration] Introduce disable_iss_validation and disable_local_ca_jwt params Sep 29, 2020
@tvoran tvoran self-requested a review September 29, 2020 18:17
catsby
catsby reviewed Sep 30, 2020
View reviewed changes
Copy link
Contributor

@catsby catsby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! I noticed some failing tests but it was due to having an outdated version of Vault locally, so we need to document the required versions, then we can merge

go.mod Outdated Show resolved Hide resolved
website/docs/r/kubernetes_auth_backend_config.md Outdated Show resolved Hide resolved
@riuvshyn
Copy link
Contributor Author

riuvshyn commented Oct 6, 2020

@catsby I've addressed comments.

catsby
catsby approved these changes Oct 8, 2020
View reviewed changes
Copy link
Contributor

@catsby catsby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thank you!

@catsby catsby merged commit 47b8ae0 into hashicorp:master Oct 8, 2020
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
@riuvshyn
[k8s auth backend confiugration] Introduce disable_iss_validation and…
e960c48 
… disable_local_ca_jwt params (hashicorp#870)

* [k8s auth backend confiugration] Introduce disable_iss_validation param

* Add support for disable_local_ca_jwt param

* Update go.mod

* Update kubernetes_auth_backend_config.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catsby catsby catsby approved these changes

@tvoran tvoran Awaiting requested review from tvoran

Assignees
No one assigned
Labels
documentation size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@riuvshyn @catsby