fix KVv2 data source when specifying a version (hashicorp#1677)

* fix KVv2 data source when specifying a version * add unit test using version parameter
tmatilai · Dec 2, 2022 · 9e6d309 · 9e6d309
1 parent fbd55d9
commit 9e6d309
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 6 deletions.
diff --git a/vault/data_source_kv_secret_v2.go b/vault/data_source_kv_secret_v2.go
@@ -3,11 +3,12 @@ package vault
 import (
 	"context"
 	"encoding/json"
-	"fmt"
 	"log"
+	"strconv"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/vault/api"
 
 	"github.com/hashicorp/terraform-provider-vault/internal/consts"
 	"github.com/hashicorp/terraform-provider-vault/internal/provider"
@@ -102,14 +103,19 @@ func kvSecretV2DataSourceRead(_ context.Context, d *schema.ResourceData, meta in
 		return diag.FromErr(err)
 	}
 
+	var secret *api.Secret
+	var err error
 	if v, ok := d.GetOk(consts.FieldVersion); ok {
-		// add version to path as a query param
-		path = fmt.Sprintf("%s?version=%d", path, v.(int))
+		data := map[string][]string{
+			"version": {strconv.Itoa(v.(int))},
+		}
+		secret, err = client.Logical().ReadWithData(path, data)
+		log.Printf("[DEBUG] Reading secret at %q (version %d) from Vault", path, v)
+	} else {
+		secret, err = client.Logical().Read(path)
+		log.Printf("[DEBUG] Reading secret at %q (latest version) from Vault", path)
 	}
 
-	log.Printf("[DEBUG] Reading secret at %q from Vault", path)
-
-	secret, err := client.Logical().Read(path)
 	if err != nil {
 		return diag.Errorf("error reading secret %q from Vault: %s", path, err)
 	}

diff --git a/vault/data_source_kv_secret_v2_test.go b/vault/data_source_kv_secret_v2_test.go
@@ -37,6 +37,21 @@ func TestDataSourceKVV2Secret(t *testing.T) {
 					testutil.CheckJSONData(resourceName, consts.FieldDataJSON, expectedSubkeys),
 				),
 			},
+			{
+				Config: testDataSourceKVV2SecretWithVersionConfig(mount, name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, consts.FieldMount, mount),
+					resource.TestCheckResourceAttr(resourceName, consts.FieldName, name),
+					resource.TestCheckResourceAttr(resourceName, consts.FieldPath, fmt.Sprintf("%s/data/%s", mount, name)),
+					resource.TestCheckResourceAttr(resourceName, "destroyed", "false"),
+					resource.TestCheckResourceAttr(resourceName, "data.%", "4"),
+					resource.TestCheckResourceAttr(resourceName, "data.zip", "zap"),
+					resource.TestCheckResourceAttr(resourceName, "data.foo", "bar"),
+					resource.TestCheckResourceAttr(resourceName, "data.test", "false"),
+					resource.TestCheckResourceAttr(resourceName, "data.baz", "{\"riff\":\"raff\"}"),
+					testutil.CheckJSONData(resourceName, consts.FieldDataJSON, expectedSubkeys),
+				),
+			},
 		},
 	})
 }
@@ -67,3 +82,31 @@ data "vault_kv_secret_v2" "test" {
   name  = vault_kv_secret_v2.test.name
 }`, kvV2MountConfig(mount), name)
 }
+
+func testDataSourceKVV2SecretWithVersionConfig(mount, name string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "vault_kv_secret_v2" "test" {
+  mount                      = vault_mount.kvv2.path
+  name                       = "%s"
+  cas                        = 1
+  delete_all_versions        = true
+  data_json                  = jsonencode(
+  {
+      zip  = "zap",
+      foo  = "bar",
+      test = false
+      baz = {
+          riff = "raff"
+        }
+  }
+  )
+}
+
+data "vault_kv_secret_v2" "test" {
+  mount = vault_mount.kvv2.path
+  name  = vault_kv_secret_v2.test.name
+  version = 1
+}`, kvV2MountConfig(mount), name)
+}