Support complex configuration in consul_certificate_authority #341
Conversation
When configuration Consul to use Vault as the certificate authority provider for Consul Connect the configuration can have more than strings so we need to use jsonencode for Terraform to accept the configuration. Also remove the copyright notices in the examples. Closes hashicorp#324
|
I haven't reviewed the code, but I'm running into the issue that this is aiming to address. Specifically, I want to use AppRole between Consul and Vault, and there's currently no way to trick Terraform into passing the |
There was a problem hiding this comment.
@remilapeyre A comment about the general approach here, and please disregard if you think that's not achievable. Do you think it's possible instead of introducing config_json we can accept the new format in config and at the read time, check if it's json or not by attempting an unmarchall? As I see both fields have the same type schema and decode to map[string]interface{}
| ForceNew: true, | ||
| Optional: true, | ||
| Elem: &schema.Schema{Type: schema.TypeString}, | ||
| Description: "The raw configuration to use for the chosen provider. For more information on configuring the Connect CA providers, see [Provider Config](https://developer.hashicorp.com/consul/docs/connect/ca).", |
There was a problem hiding this comment.
Maybe we should mention that this is expected to be a json configuration in the description?
Hi @dhiaayachi this is not possible with the version of the Terraform plugin protocol that we are using now. I'm working a new major version of the Consul provider that uses Terraform protocol v6 and that should have a much better user experience for this kind of attributes. |
When configuration Consul to use Vault as the certificate authority provider for Consul Connect the configuration can have more than strings so we need to use jsonencode for Terraform to accept the configuration.
Also remove the copyright notices in the examples.
Closes #324