Merge pull request #14 from Conjur-Enterprise/enable-custom-name

CNJR-7242 Enable the SecretNameInSecretStore parameter as optional for PAM accounts.

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [0.2.2] - 2024-11-22
+
+### Added
+- Made the SecretNameInSecretStore parameter optional for PAM accounts
+
 ## [0.2.1] - 2024-10-24
 
 ### Added

docs/resources/aws_account.md

@@ -25,17 +25,18 @@ variable "secret_key" {
 }
 
 resource "cyberark_aws_account" "awskey" {
-  name               = "user-aws"
-  username           = "user-aws"
-  platform           = "AWS_TF"
-  safe               = "TF_TEST_SAFE"
-  secret             = var.secret_key
-  sm_manage          = false
-  sm_manage_reason   = "No CPM Associated with Safe."
-  aws_kid            = "9876543210"
-  aws_account_id     = "0123456789"
-  aws_alias          = "aws_alias"
-  aws_account_region = "us-east-2"
+  name                        = "user-aws"
+  username                    = "user-aws"
+  platform                    = "AWS_TF"
+  safe                        = "TF_TEST_SAFE"
+  secret                      = var.secret_key
+  secret_name_in_secret_store = "aws_testing"
+  sm_manage                   = false
+  sm_manage_reason            = "No CPM Associated with Safe."
+  aws_kid                     = "9876543210"
+  aws_account_id              = "0123456789"
+  aws_alias                   = "aws_alias"
+  aws_account_region          = "us-east-2"
 }
 ```
 
@@ -56,6 +57,7 @@ resource "cyberark_aws_account" "awskey" {
 
 - `aws_account_region` (String) AWS Region.
 - `aws_alias` (String) AWS Account Alias.
+- `secret_name_in_secret_store` (String) Name of the credential object.
 - `sm_manage` (Boolean) Automatic Management of a credential. Optional Value.
 - `sm_manage_reason` (String) If sm_manage is false, provide reason why credential is not managed.
 

docs/resources/azure_account.md

@@ -25,21 +25,22 @@ variable "secret_key" {
 }
 
 resource "cyberark_azure_account" "mskey" {
-  name             = "user-ms"
-  address          = "1.2.3.4"
-  username         = "user-ms"
-  platform         = "MS_TF"
-  safe             = "TF_TEST_SAFE"
-  secret           = var.secret_key
-  sm_manage        = false
-  sm_manage_reason = "No CPM Associated with Safe."
-  ms_app_id        = "Application ID"
-  ms_app_obj_id    = "Application Object ID"
-  ms_key_id        = "Key ID"
-  ms_ad_id         = "AD Key ID"
-  ms_duration      = "300"
-  ms_pop           = "yes"
-  ms_key_desc      = "key descriptiong with spaces"
+  name                        = "user-ms"
+  address                     = "1.2.3.4"
+  username                    = "user-ms"
+  platform                    = "MS_TF"
+  safe                        = "TF_TEST_SAFE"
+  secret                      = var.secret_key
+  secret_name_in_secret_store = "azure_testing"
+  sm_manage                   = false
+  sm_manage_reason            = "No CPM Associated with Safe."
+  ms_app_id                   = "Application ID"
+  ms_app_obj_id               = "Application Object ID"
+  ms_key_id                   = "Key ID"
+  ms_ad_id                    = "AD Key ID"
+  ms_duration                 = "300"
+  ms_pop                      = "yes"
+  ms_key_desc                 = "key descriptiong with spaces"
 }
 ```
 
@@ -64,6 +65,7 @@ resource "cyberark_azure_account" "mskey" {
 - `ms_duration` (String) Duration.
 - `ms_key_desc` (String) Key Description.
 - `ms_pop` (String) Populate if not exist.
+- `secret_name_in_secret_store` (String) Name of the credential object.
 - `sm_manage` (Boolean) Automatic Management of a credential. Optional Value.
 - `sm_manage_reason` (String) If sm_manage is false, provide reason why credential is not managed.
 

docs/resources/db_account.md

@@ -50,14 +50,14 @@ resource "cyberark_db_account" "pgdb" {
 - `platform` (String) Management Platform associated with the Database Credential.
 - `safe` (String) Target Safe where the credential object will be onboarded.
 - `secret` (String, Sensitive) Password of the credential object.
-- `secret_name_in_secret_store` (String) Name of the credential object.
 - `username` (String) Username of the Credential object.
 
 ### Optional
 
 - `db_dsn` (String) Database data source name.
 - `db_port` (String) Database connection port.
 - `dbname` (String) Database name.
+- `secret_name_in_secret_store` (String) Name of the credential object.
 - `sm_manage` (Boolean) Automatic Management of a credential. Optional Value.
 - `sm_manage_reason` (String) If sm_manage is false, provide reason why credential is not managed.
 

examples/resources/cyberark_aws_account/resource.tf

@@ -4,15 +4,16 @@ variable "secret_key" {
 }
 
 resource "cyberark_aws_account" "awskey" {
-  name               = "user-aws"
-  username           = "user-aws"
-  platform           = "AWS_TF"
-  safe               = "TF_TEST_SAFE"
-  secret             = var.secret_key
-  sm_manage          = false
-  sm_manage_reason   = "No CPM Associated with Safe."
-  aws_kid            = "9876543210"
-  aws_account_id     = "0123456789"
-  aws_alias          = "aws_alias"
-  aws_account_region = "us-east-2"
+  name                        = "user-aws"
+  username                    = "user-aws"
+  platform                    = "AWS_TF"
+  safe                        = "TF_TEST_SAFE"
+  secret                      = var.secret_key
+  secret_name_in_secret_store = "aws_testing"
+  sm_manage                   = false
+  sm_manage_reason            = "No CPM Associated with Safe."
+  aws_kid                     = "9876543210"
+  aws_account_id              = "0123456789"
+  aws_alias                   = "aws_alias"
+  aws_account_region          = "us-east-2"
 }

examples/resources/cyberark_azure_account/resource.tf

@@ -4,19 +4,20 @@ variable "secret_key" {
 }
 
 resource "cyberark_azure_account" "mskey" {
-  name             = "user-ms"
-  address          = "1.2.3.4"
-  username         = "user-ms"
-  platform         = "MS_TF"
-  safe             = "TF_TEST_SAFE"
-  secret           = var.secret_key
-  sm_manage        = false
-  sm_manage_reason = "No CPM Associated with Safe."
-  ms_app_id        = "Application ID"
-  ms_app_obj_id    = "Application Object ID"
-  ms_key_id        = "Key ID"
-  ms_ad_id         = "AD Key ID"
-  ms_duration      = "300"
-  ms_pop           = "yes"
-  ms_key_desc      = "key descriptiong with spaces"
+  name                        = "user-ms"
+  address                     = "1.2.3.4"
+  username                    = "user-ms"
+  platform                    = "MS_TF"
+  safe                        = "TF_TEST_SAFE"
+  secret                      = var.secret_key
+  secret_name_in_secret_store = "azure_testing"
+  sm_manage                   = false
+  sm_manage_reason            = "No CPM Associated with Safe."
+  ms_app_id                   = "Application ID"
+  ms_app_obj_id               = "Application Object ID"
+  ms_key_id                   = "Key ID"
+  ms_ad_id                    = "AD Key ID"
+  ms_duration                 = "300"
+  ms_pop                      = "yes"
+  ms_key_desc                 = "key descriptiong with spaces"
 }

internal/provider/resource_aws_account.go

@@ -33,20 +33,21 @@ type awsAccountResource struct {
 
 // awsCredModel describes the resource data model.
 type awsCredModel struct {
-	Name         types.String `tfsdk:"name"`
-	Username     types.String `tfsdk:"username"`
-	Platform     types.String `tfsdk:"platform"`
-	Safe         types.String `tfsdk:"safe"`
-	SecretType   types.String `tfsdk:"secret_type"`
-	Secret       types.String `tfsdk:"secret"`
-	ID           types.String `tfsdk:"id"`
-	LastUpdated  types.String `tfsdk:"last_updated"`
-	Manage       types.Bool   `tfsdk:"sm_manage"`
-	ManageReason types.String `tfsdk:"sm_manage_reason"`
-	AWSKID       types.String `tfsdk:"aws_kid"`
-	AWSAccount   types.String `tfsdk:"aws_account_id"`
-	Alias        types.String `tfsdk:"aws_alias"`
-	Region       types.String `tfsdk:"aws_account_region"`
+	Name                    types.String `tfsdk:"name"`
+	Username                types.String `tfsdk:"username"`
+	Platform                types.String `tfsdk:"platform"`
+	Safe                    types.String `tfsdk:"safe"`
+	SecretType              types.String `tfsdk:"secret_type"`
+	Secret                  types.String `tfsdk:"secret"`
+	ID                      types.String `tfsdk:"id"`
+	LastUpdated             types.String `tfsdk:"last_updated"`
+	Manage                  types.Bool   `tfsdk:"sm_manage"`
+	ManageReason            types.String `tfsdk:"sm_manage_reason"`
+	AWSKID                  types.String `tfsdk:"aws_kid"`
+	AWSAccount              types.String `tfsdk:"aws_account_id"`
+	Alias                   types.String `tfsdk:"aws_alias"`
+	Region                  types.String `tfsdk:"aws_account_region"`
+	SecretNameInSecretStore types.String `tfsdk:"secret_name_in_secret_store"`
 }
 
 // Metadata returns the resource type name.
@@ -97,6 +98,10 @@ For more information click [here](https://docs.cyberark.com/privilege-cloud-shar
 				Required:    true,
 				Sensitive:   true,
 			},
+			"secret_name_in_secret_store": schema.StringAttribute{
+				Description: "Name of the credential object.",
+				Optional:    true,
+			},
 			"sm_manage": schema.BoolAttribute{
 				Description: "Automatic Management of a credential. Optional Value.",
 				Optional:    true,
@@ -167,6 +172,7 @@ func (r *awsAccountResource) Create(ctx context.Context, req resource.CreateRequ
 	props.AWSAccount = data.AWSAccount.ValueStringPointer()
 	props.Alias = data.Alias.ValueStringPointer()
 	props.Region = data.Region.ValueStringPointer()
+	props.SecretNameInSecretStore = data.SecretNameInSecretStore.ValueStringPointer()
 
 	newAccount := cybrapi.Credential{
 		Name:       &name,

internal/provider/resource_aws_account_test.go

@@ -52,7 +52,7 @@ func TestAccAwsAccountResource(t *testing.T) {
 					resource.TestCheckResourceAttr("cyberark_aws_account.test", "aws_kid", os.Getenv("TF_AWS_KEY_ID")),
 					resource.TestCheckResourceAttr("cyberark_aws_account.test", "aws_account_id", os.Getenv("TF_AWS_ACCOUNT_ID")),
 					resource.TestCheckResourceAttr("cyberark_aws_account.test", "aws_alias", os.Getenv("TF_AWS_ALIAS")),
-					resource.TestCheckResourceAttr("cyberark_aws_account.test", "aws_account_region", os.Getenv("TF_AWS_ACCOUNT_REGION")),
+					resource.TestCheckResourceAttr("cyberark_aws_account.test", "secret_name_in_secret_store", "aws_testing"),
 					resource.TestCheckResourceAttrSet("cyberark_aws_account.test", "id"),
 					resource.TestCheckResourceAttrSet("cyberark_aws_account.test", "last_updated"),
 				),
@@ -84,8 +84,8 @@ func testAccAWSAccountCreateData() string {
 		aws_kid            = %[4]q
 		aws_account_id     = %[5]q
 		aws_alias          = %[6]q
-		aws_account_region = %[7]q
+		secret_name_in_secret_store = "aws_testing"
 }
 	`, os.Getenv("TF_AWS_NAME"), os.Getenv("TF_AWS_USERNAME"), os.Getenv("TF_AWS_SECRET"),
-		os.Getenv("TF_AWS_KEY_ID"), os.Getenv("TF_AWS_ACCOUNT_ID"), os.Getenv("TF_AWS_ALIAS"), os.Getenv("TF_AWS_ACCOUNT_REGION"))
+		os.Getenv("TF_AWS_KEY_ID"), os.Getenv("TF_AWS_ACCOUNT_ID"), os.Getenv("TF_AWS_ALIAS"))
 }

internal/provider/resource_azure_account.go

@@ -33,24 +33,25 @@ type azureAccountResource struct {
 
 // azureCredModel describes the resource data model.
 type azureCredModel struct {
-	Name         types.String `tfsdk:"name"`
-	Address      types.String `tfsdk:"address"`
-	Username     types.String `tfsdk:"username"`
-	Platform     types.String `tfsdk:"platform"`
-	Safe         types.String `tfsdk:"safe"`
-	SecretType   types.String `tfsdk:"secret_type"`
-	Secret       types.String `tfsdk:"secret"`
-	ID           types.String `tfsdk:"id"`
-	LastUpdated  types.String `tfsdk:"last_updated"`
-	Manage       types.Bool   `tfsdk:"sm_manage"`
-	ManageReason types.String `tfsdk:"sm_manage_reason"`
-	MAppID       types.String `tfsdk:"ms_app_id"`
-	MAppObjectID types.String `tfsdk:"ms_app_obj_id"`
-	MKID         types.String `tfsdk:"ms_key_id"`
-	MADID        types.String `tfsdk:"ms_ad_id"`
-	MDur         types.String `tfsdk:"ms_duration"`
-	MPop         types.String `tfsdk:"ms_pop"`
-	MKeyDesc     types.String `tfsdk:"ms_key_desc"`
+	Name                    types.String `tfsdk:"name"`
+	Address                 types.String `tfsdk:"address"`
+	Username                types.String `tfsdk:"username"`
+	Platform                types.String `tfsdk:"platform"`
+	Safe                    types.String `tfsdk:"safe"`
+	SecretType              types.String `tfsdk:"secret_type"`
+	Secret                  types.String `tfsdk:"secret"`
+	ID                      types.String `tfsdk:"id"`
+	LastUpdated             types.String `tfsdk:"last_updated"`
+	Manage                  types.Bool   `tfsdk:"sm_manage"`
+	ManageReason            types.String `tfsdk:"sm_manage_reason"`
+	MAppID                  types.String `tfsdk:"ms_app_id"`
+	MAppObjectID            types.String `tfsdk:"ms_app_obj_id"`
+	MKID                    types.String `tfsdk:"ms_key_id"`
+	MADID                   types.String `tfsdk:"ms_ad_id"`
+	MDur                    types.String `tfsdk:"ms_duration"`
+	MPop                    types.String `tfsdk:"ms_pop"`
+	MKeyDesc                types.String `tfsdk:"ms_key_desc"`
+	SecretNameInSecretStore types.String `tfsdk:"secret_name_in_secret_store"`
 }
 
 // Metadata returns the resource type name.
@@ -108,6 +109,10 @@ For more information click [here](https://docs.cyberark.com/privilege-cloud-shar
 				Description: "Automatic Management of a credential. Optional Value.",
 				Optional:    true,
 			},
+			"secret_name_in_secret_store": schema.StringAttribute{
+				Description: "Name of the credential object.",
+				Optional:    true,
+			},
 			"sm_manage_reason": schema.StringAttribute{
 				Description: "If sm_manage is false, provide reason why credential is not managed.",
 				Optional:    true,
@@ -191,6 +196,7 @@ func (r *azureAccountResource) Create(ctx context.Context, req resource.CreateRe
 	props.MDur = data.MDur.ValueStringPointer()
 	props.MPop = data.MPop.ValueStringPointer()
 	props.MKeyDesc = data.MKeyDesc.ValueStringPointer()
+	props.SecretNameInSecretStore = data.SecretNameInSecretStore.ValueStringPointer()
 
 	newAccount := cybrapi.Credential{
 		Name:       &name,

internal/provider/resource_azure_account_test.go

@@ -53,6 +53,7 @@ func TestAccAzureAccountResource(t *testing.T) {
 					resource.TestCheckResourceAttr("cyberark_azure_account.test", "ms_app_id", os.Getenv("TF_AZURE_APP_ID")),
 					resource.TestCheckResourceAttr("cyberark_azure_account.test", "ms_app_obj_id", os.Getenv("TF_AZURE_OBJ_ID")),
 					resource.TestCheckResourceAttr("cyberark_azure_account.test", "ms_key_id", os.Getenv("TF_AZURE_KEY_ID")),
+					resource.TestCheckResourceAttr("cyberark_azure_account.test", "secret_name_in_secret_store", "azure_testing"),
 					resource.TestCheckResourceAttrSet("cyberark_azure_account.test", "id"),
 					resource.TestCheckResourceAttrSet("cyberark_azure_account.test", "last_updated"),
 				),
@@ -85,6 +86,7 @@ func testAccAzureAccountCreateData() string {
 		ms_app_id        = %[4]q
 		ms_app_obj_id    = %[5]q
 		ms_key_id        = %[6]q
+		secret_name_in_secret_store = "azure_testing"
 		    
 }
 	`, os.Getenv("TF_AZURE_NAME"), os.Getenv("TF_AZURE_USERNAME"), os.Getenv("TF_AZURE_SECRET"),

internal/provider/resource_db_account.go

@@ -104,7 +104,7 @@ For more information click [here](https://docs.cyberark.com/privilege-cloud-shar
 			},
 			"secret_name_in_secret_store": schema.StringAttribute{
 				Description: "Name of the credential object.",
-				Required:    true,
+				Optional:    true,
 			},
 			"sm_manage": schema.BoolAttribute{
 				Description: "Automatic Management of a credential. Optional Value.",

internal/provider/resource_pvwa_aws_account.go

@@ -79,6 +79,10 @@ For more information click [here](https://docs.cyberark.com/pam-self-hosted/late
 				Required:    true,
 				Sensitive:   true,
 			},
+			"secret_name_in_secret_store": schema.StringAttribute{
+				Description: "Name of the credential object.",
+				Optional:    true,
+			},
 			"sm_manage": schema.BoolAttribute{
 				Description: "Automatic Management of a credential. Optional Value.",
 				Optional:    true,
@@ -149,6 +153,7 @@ func (r *pvwaAWSAccountResource) Create(ctx context.Context, req resource.Create
 	props.AWSAccount = data.AWSAccount.ValueStringPointer()
 	props.Alias = data.Alias.ValueStringPointer()
 	props.Region = data.Region.ValueStringPointer()
+	props.SecretNameInSecretStore = data.SecretNameInSecretStore.ValueStringPointer()
 
 	newAccount := cybrapi.Credential{
 		Name:       &name,

internal/provider/resource_pvwa_azure_account.go

@@ -82,6 +82,10 @@ For more information click [here](https://docs.cyberark.com/pam-self-hosted/late
 				Required:    true,
 				Sensitive:   true,
 			},
+			"secret_name_in_secret_store": schema.StringAttribute{
+				Description: "Name of the credential object.",
+				Optional:    true,
+			},
 			"sm_manage": schema.BoolAttribute{
 				Description: "Automatic Management of a credential. Optional Value.",
 				Optional:    true,
@@ -169,6 +173,7 @@ func (r *pvwaAzureAccountResource) Create(ctx context.Context, req resource.Crea
 	props.MDur = data.MDur.ValueStringPointer()
 	props.MPop = data.MPop.ValueStringPointer()
 	props.MKeyDesc = data.MKeyDesc.ValueStringPointer()
+	props.SecretNameInSecretStore = data.SecretNameInSecretStore.ValueStringPointer()
 
 	newAccount := cybrapi.Credential{
 		Name:       &name,

internal/provider/resource_pvwa_db_account.go

@@ -84,7 +84,7 @@ For more information click [here](https://docs.cyberark.com/pam-self-hosted/late
 			},
 			"secret_name_in_secret_store": schema.StringAttribute{
 				Description: "Name of the credential object.",
-				Required:    true,
+				Optional:    true,
 			},
 			"sm_manage": schema.BoolAttribute{
 				Description: "Automatic Management of a credential. Optional Value.",

test/aws_single_run/main.tf

@@ -78,7 +78,7 @@ resource "cyberark_aws_account" "awsaccountcreation" {
   aws_kid           = var.aws_key_id
   aws_account_id     = var.aws_account_id
   aws_alias         = var.aws_alias
-  aws_account_region = var.aws_region
+  secret_name_in_secret_store = "aws_testing"
   depends_on = [time_sleep.wait_5_seconds]
 }