-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support v2 KV mount #156
Support v2 KV mount #156
Conversation
@Mongey are you going to update the code in this PR? |
5b3eaff
to
0abafbe
Compare
0abafbe
to
4f9607c
Compare
@Mongey excited about this one. Is it still a WIP or ready for review? |
4f9607c
to
a9215ef
Compare
302b1f5
to
0b6bb14
Compare
2134251
to
20d3d9d
Compare
20d3d9d
to
a169968
Compare
a169968
to
c5d1793
Compare
9cc1ecc
to
87d7222
Compare
932fd6c
to
e967bec
Compare
e967bec
to
d5506eb
Compare
@tyrannosaurus-becks This should be ready for some 📝 now. Ended up being a bit more work than expected, but should support all v2 crud operations + data source, while preserving v1 compatibility. |
@Mongey thank you! I will get to reviewing this next week. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Mongey thanks for writing this, it looks great! Just a couple minor questions.
vault/data_source_generic_secret.go
Outdated
Type: schema.TypeInt, | ||
Required: false, | ||
Optional: true, | ||
Default: -1, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm curious about why the default of -1 here? Just curious. I recently learned that there's a paradigm in the Terraform providers of starting at version 0 which is the default if unset here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is actually to retrieve the latest version of the secret from Vault, rather than the Terraform state version. I've extracted it to a constant to (hopefully) better represent what it does.
vault/kv_helpers.go
Outdated
return fmt.Sprintf("%s %s %s", strings.Repeat("=", equalSigns/2), header, strings.Repeat("=", equalSigns/2)) | ||
} | ||
|
||
func kvParseVersionsFlags(versions []string) []string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't appear to be used either.
vault/kv_helpers.go
Outdated
} | ||
} | ||
|
||
func getHeaderForMap(header string, data map[string]interface{}) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't appear to be used.
vault/resource_generic_secret.go
Outdated
originalPath := path // if the path belongs to a v2 endpoint, it will be modified | ||
mountPath, v2, err := isKVv2(path, client) | ||
if err != nil { | ||
return fmt.Errorf("Error determining if it's a v2 path: %s", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be possible to lower case this error?
vault/resource_generic_secret.go
Outdated
@@ -120,8 +134,17 @@ func genericSecretResourceDelete(d *schema.ResourceData, meta interface{}) error | |||
|
|||
path := d.Id() | |||
|
|||
mountPath, v2, err := isKVv2(path, client) | |||
if err != nil { | |||
return fmt.Errorf("Error determining if it's a v2 path: %s", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lowercase?
3aacc44
to
fedfdad
Compare
This is used to represent retrieving the latest version of a secret from Vault.
fedfdad
to
704666b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Mongey this looks fantastic. Also I note you fixed some of the tests that are currently failing on master. Thank you!
if err != nil { | ||
// If we get a 404 we are using an older version of vault, default to | ||
// version 1 | ||
if resp != nil && resp.StatusCode == 404 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to check for 403
as well, for older vault versions.
Support v2 KV mount
Should address #140
Borrows a lot of code from the cli,
kv get
inhashicorp/vault/command
, since it's not public api.