-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run testacc in CI, fix broken tests. #153
Run testacc in CI, fix broken tests. #153
Conversation
4076604
to
2b06ff8
Compare
@Mongey I'm really, really excited about this PR. Apologies for it sitting for so long, this repo was transitioning from the Terraform to the Vault team and I'm just getting started with it and digging through the backlog. I'm running the acceptance tests against Vault 0.11.1 and I have Go 1.11 installed. Many are passing that weren't before, but there are a couple of failures. Any chance you'd be willing to circle back to this and fix the remaining ones against the same versions? With that, I'd be happy to approve and merge this PR. |
2b06ff8
to
5dc8116
Compare
5dc8116
to
5e81930
Compare
Vault 0.10.0 changed the default `secret/` mount from v1 KV to v2 KV. This provider does not support the v2 KV backend. This patch creates a v1 KV backend mounted @ `secretsv1/` and updates the tests to use that path.
Can't have both `allow_instance_migration` && `disallow_reauthentication`
* [Q] How should state migration happen? * [TODO] Rename keys? * [TODO] Update docs
5e81930
to
768c03b
Compare
40bde5c
to
8b1a7e4
Compare
8b1a7e4
to
768c03b
Compare
No worries, thanks for taking a look 🙌
After starting the Vault server you need to manually mount a
This isn't the ideal solution, I'd actually prefer to do the mount within the tests itself, but it's not currently possible to create mounts, with options (yet). I can create a follow up PR to do that.
🏆 |
On changing I looked it all over and it's looking great! Thank you! |
@tyrannosaurus-becks It seems as though the changes to the |
@idubinskiy hi! Yes, there were quite a lot of changes in Vault since the Terraform provider was last moving forward. Vault itself has also had some breaking changes, though we try so hard to minimize those. We were thinking that when those happen, our main goal would be to just stay in sync with the most current version and ask the community to only upgrade if they're ready to make those changes. I'm new to being the approver on this repo. Would you suggest a different approach? Definitely open to your thoughts. |
@tyrannosaurus-becks It's not that breaking changes should never be made, but they definitely shouldn't be made in patch releases. The Terraform docs suggest users set provider versions using the In other TF providers, such as the AWS provider, I've seen the maintainers be very hesitant about making breaking changes to existing resources or attributes. Often the solution is to deprecate the old attribute and create a new one, such as My suggestion in this case is to cut a new patch version of this resource which reverts the breaking changes introduced by this PR, and then follow with a minor release that includes new attributes and deprecates (but doesn't remove) the old attributes. The deprecated attributes could be removed in a future major version release (2.0) or a future minor version release, ideally after people have had enough time to fix their usage. |
I’d just like to echo my support for the strategy @idubinskiy suggests. The plural naming that @Mongey presents feels like a more canonical terraform approach to me. Incidentally, our strategy for dealing with multiple values in these fields has been to use the join function, which Vault has been accepting and doing it’s own type munging on. |
@idubinskiy thanks for that explanation! That was very helpful. My apologies for the impact the release had, I'm learning about Terraform providers here. I'll work on just what you've suggested today. @dhild thanks for your comments as well. |
@tyrannosaurus-becks Happy to help! Thanks for cutting the reverted release. |
Run testacc in CI, fix broken tests.
🚧 🏗 while I figure out what to do about the
bound_*
schema change in thevault_aws_auth_backend_role
to lists.