Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix path check on secret role read #79

Merged
merged 5 commits into from
Apr 6, 2018

Conversation

lmickh
Copy link

@lmickh lmickh commented Mar 2, 2018

This is to address #78

The code currently forces a backend/roles/name format when it should be able to take a nested path as the backend such as backend/path/roles/name. This PR changes the check to ensure it is at least as large as it should be and that roles is the second to last of the slice.

@martinssipenko
Copy link
Contributor

This one would be very good to get released.

@martinssipenko
Copy link
Contributor

martinssipenko commented Mar 8, 2018

@lmickh looking at your change, it appears to me that it's only a partial fix.

If you look further down the code lines 105 and 106, you can see that pathPieces[2] is used for name, but in case of nested path the name would be the last part of pathPieces, not the one with index 2. I think it should be something like this:

d.Set("backend", strings.Join(pathPieces[:len(pathPieces)-2], "/"))
d.Set("name", pathPieces[len(pathPieces)-1])

Used this snippet to test it out https://play.golang.org/p/9tuwCuC5BSM

@paultyng
Copy link
Contributor

paultyng commented Mar 8, 2018

It would be good to add some testing around that alternative path if possible as well in this PR.

@lmickh
Copy link
Author

lmickh commented Mar 8, 2018

@martinssipenko nice catch. Not sure how I even missed that.

Thanks for the feedback. I'm still in the process of sorting out testing. Haven't done any testing in go before much less one of these providers.

@lmickh
Copy link
Author

lmickh commented Mar 8, 2018

Made the change. Let me know if anything else needs to be done or if that isn't what you had in mind.

@@ -16,7 +16,7 @@ const testAccAWSSecretBackendRolePolicyArn_basic = "arn:aws:iam::123456789123:po
const testAccAWSSecretBackendRolePolicyArn_updated = "arn:aws:iam::123456789123:policy/bar"

func TestAccAWSSecretBackendRole_basic(t *testing.T) {
backend := acctest.RandomWithPrefix("tf-test-aws")
backend := acctest.RandomWithPrefix("tf-test-aws/nested")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this works I think you should just copy/paste it to TestAccAWSSecretBackendRole_nested or something so that we are also still testing the original path as well.

paultyng
paultyng previously approved these changes Mar 9, 2018
Copy link
Contributor

@paultyng paultyng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, but I'll let @paddycarver take a quick pass before merging.

@martinssipenko
Copy link
Contributor

martinssipenko commented Mar 10, 2018

Guys, I've noticed that tests for this resource provider are broken, and it looks that no-one has actually tried to run them :)

I've created a Pull Request to @lmickh to fix tests, and hopefully when he merges it the fixed tests will land into this PR. lmickh#1

Before fixing tests:

$make testacc TESTARGS='-run=TestAccAWSSecretBackendRole_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAWSSecretBackendRole_basic -timeout 120m
?       github.com/terraform-providers/terraform-provider-vault [no test files]
=== RUN   TestAccAWSSecretBackendRole_basic
--- FAIL: TestAccAWSSecretBackendRole_basic (0.50s)
    testing.go:434: Step 0 error: Check failed: Check 1/6 error: Not found: vault_aws_secret_backend_role.test_policy_inline
FAIL
FAIL    github.com/terraform-providers/terraform-provider-vault/vault   0.522s
make: *** [testacc] Error 1

$ make testacc TESTARGS='-run=TestAccAWSSecretBackendRole_import'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAWSSecretBackendRole_import -timeout 120m
?       github.com/terraform-providers/terraform-provider-vault [no test files]
=== RUN   TestAccAWSSecretBackendRole_import
--- FAIL: TestAccAWSSecretBackendRole_import (0.49s)
    testing.go:434: Step 0 error: Check failed: Check 1/6 error: Not found: vault_aws_secret_backend_role.test_policy_inline
FAIL
FAIL    github.com/terraform-providers/terraform-provider-vault/vault   0.510s
make: *** [testacc] Error 1

$ make testacc TESTARGS='-run=TestAccAWSSecretBackendRole_nested'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAWSSecretBackendRole_nested -timeout 120m
?       github.com/terraform-providers/terraform-provider-vault [no test files]
=== RUN   TestAccAWSSecretBackendRole_nested
--- FAIL: TestAccAWSSecretBackendRole_nested (0.50s)
    testing.go:434: Step 0 error: Check failed: Check 1/6 error: Not found: vault_aws_secret_backend_role.test_policy_inline
FAIL
FAIL    github.com/terraform-providers/terraform-provider-vault/vault   0.523s
make: *** [testacc] Error 1

After fixing tests:

$ make testacc TESTARGS='-run=TestAccAWSSecretBackendRole_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAWSSecretBackendRole_basic -timeout 120m
?       github.com/terraform-providers/terraform-provider-vault [no test files]
=== RUN   TestAccAWSSecretBackendRole_basic
--- PASS: TestAccAWSSecretBackendRole_basic (1.64s)
PASS
ok      github.com/terraform-providers/terraform-provider-vault/vault   1.663s

$ make testacc TESTARGS='-run=TestAccAWSSecretBackendRole_import'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAWSSecretBackendRole_import -timeout 120m
?       github.com/terraform-providers/terraform-provider-vault [no test files]
=== RUN   TestAccAWSSecretBackendRole_import
--- PASS: TestAccAWSSecretBackendRole_import (1.06s)
PASS
ok      github.com/terraform-providers/terraform-provider-vault/vault   1.088s

$ make testacc TESTARGS='-run=TestAccAWSSecretBackendRole_nested'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAWSSecretBackendRole_nested -timeout 120m
?       github.com/terraform-providers/terraform-provider-vault [no test files]
=== RUN   TestAccAWSSecretBackendRole_nested
--- PASS: TestAccAWSSecretBackendRole_nested (1.60s)
PASS
ok      github.com/terraform-providers/terraform-provider-vault/vault   1.624s

@martinssipenko
Copy link
Contributor

@lmickh can you update your branch so it's not out of date with the base?

@lmickh
Copy link
Author

lmickh commented Mar 28, 2018

@martinssipenko I rebased it on master. Let me know if you need anything else.

@martinssipenko
Copy link
Contributor

This is great, hoping this gets a release soon.

Copy link
Contributor

@paddycarver paddycarver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me! Thanks for fixing it, and sorry for the oversight.

@paddycarver paddycarver merged commit 3b4c066 into hashicorp:master Apr 6, 2018
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants