From 9e6d309eb8b699c44bb79e6769aa862bcf0fac1e Mon Sep 17 00:00:00 2001 From: Christophe-Alexandre Ferriol <3501817+surian@users.noreply.github.com> Date: Fri, 2 Dec 2022 22:02:00 +0100 Subject: [PATCH] fix KVv2 data source when specifying a version (#1677) * fix KVv2 data source when specifying a version * add unit test using version parameter --- vault/data_source_kv_secret_v2.go | 18 +++++++---- vault/data_source_kv_secret_v2_test.go | 43 ++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/vault/data_source_kv_secret_v2.go b/vault/data_source_kv_secret_v2.go index b7dcec9ab..afe0c63f1 100644 --- a/vault/data_source_kv_secret_v2.go +++ b/vault/data_source_kv_secret_v2.go @@ -3,11 +3,12 @@ package vault import ( "context" "encoding/json" - "fmt" "log" + "strconv" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/vault/api" "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" @@ -102,14 +103,19 @@ func kvSecretV2DataSourceRead(_ context.Context, d *schema.ResourceData, meta in return diag.FromErr(err) } + var secret *api.Secret + var err error if v, ok := d.GetOk(consts.FieldVersion); ok { - // add version to path as a query param - path = fmt.Sprintf("%s?version=%d", path, v.(int)) + data := map[string][]string{ + "version": {strconv.Itoa(v.(int))}, + } + secret, err = client.Logical().ReadWithData(path, data) + log.Printf("[DEBUG] Reading secret at %q (version %d) from Vault", path, v) + } else { + secret, err = client.Logical().Read(path) + log.Printf("[DEBUG] Reading secret at %q (latest version) from Vault", path) } - log.Printf("[DEBUG] Reading secret at %q from Vault", path) - - secret, err := client.Logical().Read(path) if err != nil { return diag.Errorf("error reading secret %q from Vault: %s", path, err) } diff --git a/vault/data_source_kv_secret_v2_test.go b/vault/data_source_kv_secret_v2_test.go index 9bf695c40..4c6f8aef7 100644 --- a/vault/data_source_kv_secret_v2_test.go +++ b/vault/data_source_kv_secret_v2_test.go @@ -37,6 +37,21 @@ func TestDataSourceKVV2Secret(t *testing.T) { testutil.CheckJSONData(resourceName, consts.FieldDataJSON, expectedSubkeys), ), }, + { + Config: testDataSourceKVV2SecretWithVersionConfig(mount, name), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, consts.FieldMount, mount), + resource.TestCheckResourceAttr(resourceName, consts.FieldName, name), + resource.TestCheckResourceAttr(resourceName, consts.FieldPath, fmt.Sprintf("%s/data/%s", mount, name)), + resource.TestCheckResourceAttr(resourceName, "destroyed", "false"), + resource.TestCheckResourceAttr(resourceName, "data.%", "4"), + resource.TestCheckResourceAttr(resourceName, "data.zip", "zap"), + resource.TestCheckResourceAttr(resourceName, "data.foo", "bar"), + resource.TestCheckResourceAttr(resourceName, "data.test", "false"), + resource.TestCheckResourceAttr(resourceName, "data.baz", "{\"riff\":\"raff\"}"), + testutil.CheckJSONData(resourceName, consts.FieldDataJSON, expectedSubkeys), + ), + }, }, }) } @@ -67,3 +82,31 @@ data "vault_kv_secret_v2" "test" { name = vault_kv_secret_v2.test.name }`, kvV2MountConfig(mount), name) } + +func testDataSourceKVV2SecretWithVersionConfig(mount, name string) string { + return fmt.Sprintf(` +%s + +resource "vault_kv_secret_v2" "test" { + mount = vault_mount.kvv2.path + name = "%s" + cas = 1 + delete_all_versions = true + data_json = jsonencode( + { + zip = "zap", + foo = "bar", + test = false + baz = { + riff = "raff" + } + } + ) +} + +data "vault_kv_secret_v2" "test" { + mount = vault_mount.kvv2.path + name = vault_kv_secret_v2.test.name + version = 1 +}`, kvV2MountConfig(mount), name) +}