-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Github Auth Backend resources #255
Implement Github Auth Backend resources #255
Conversation
I've left the commit history for inspection, but I can squash them if needed. |
"github.com/hashicorp/vault/api" | ||
) | ||
|
||
func TestAccGithubAuthBackend_basic(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I attempt to run this test, I get the following failures. I'm sure at least some of them would be resolved by simply merging in the terraform vault provider's master branch.
./resource_aws_secret_backend_role.go:48:5: cannot use util.JsonDiffSuppress (type func(string, string, string, *"github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/schema".ResourceData) bool) as type "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/schema".SchemaDiffSuppressFunc in field value
./structures.go:109:10: undefined: util.ShortDur
./structures.go:111:10: undefined: util.ShortDur
./structures.go:114:11: undefined: util.ShortDur
./resource_aws_secret_backend_role_test.go:33:36: cannot use util.TestCheckResourceAttrJSON("vault_aws_secret_backend_role.test_policy_inline", "policy", testAccAWSSecretBackendRolePolicyInline_basic) (type "github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc) as type "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc in argument to "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".ComposeTestCheckFunc
./resource_aws_secret_backend_role_test.go:44:36: cannot use util.TestCheckResourceAttrJSON("vault_aws_secret_backend_role.test_policy_inline", "policy", testAccAWSSecretBackendRolePolicyInline_updated) (type "github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc) as type "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc in argument to "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".ComposeTestCheckFunc
./resource_aws_secret_backend_role_test.go:68:36: cannot use util.TestCheckResourceAttrJSON("vault_aws_secret_backend_role.test_policy_inline", "policy", testAccAWSSecretBackendRolePolicyInline_basic) (type "github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc) as type "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc in argument to "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".ComposeTestCheckFunc
./resource_aws_secret_backend_role_test.go:102:36: cannot use util.TestCheckResourceAttrJSON("vault_aws_secret_backend_role.test_policy_inline", "policy", testAccAWSSecretBackendRolePolicyInline_basic) (type "github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc) as type "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc in argument to "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".ComposeTestCheckFunc
./resource_aws_secret_backend_role_test.go:113:36: cannot use util.TestCheckResourceAttrJSON("vault_aws_secret_backend_role.test_policy_inline", "policy", testAccAWSSecretBackendRolePolicyInline_updated) (type "github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc) as type "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".TestCheckFunc in argument to "github.com/cvbarros/terraform-provider-vault/vendor/github.com/hashicorp/terraform/helper/resource".ComposeTestCheckFunc
Description: "Maximum duration after which authentication will be expired, in seconds.", | ||
ValidateFunc: validateDuration, | ||
}, | ||
"tune": authMountTuneSchema(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice!
ac57083
to
dca070e
Compare
Hi @tyrannosaurus-becks , I've rebased my local from
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cvbarros fantastic! Thank you! This is excellent.
it look like the documentation for the import for this is wrong. it says
when it should maybe say
but I cannot get the import to work either. |
ah.. looks like maybe it should read
opening #379 |
Implement Github Auth Backend resources
Resolves #254
In addition to the feature request implementation, this PR also introduces some common idioms/helpers (heavily present in terraform-provider-aws codebase) to flatten/expand structures from the config to the upstream API. Based the implementation on the recently-released
vault_gcp_auth_backend
, where:There's no distinction between the Auth Mount and it's configuration. They are handled as a single resource in
resource_github_auth_backend.go
.Introduces a shared schema for tuning auth methods, as the configuration block
tune
. This can be reused/refactored to fix Tune Auth Method to permit audit_non_hmac_request_keys #234 and open up path to standardize other auth backends (as it is done in Vault's implementation)Handles
TTL
by having a human-friendly duration interface and takes care of Vault's API translation. This is an attempt to resolve some inconsistencies and "permanent diffs" when applying configurations that havemax_ttl
, ortll
set, for example.Raises the bar of acceptance tests, by adding destroy checks and existence checks for resources. In theory, the optimal tests would validate resource attributes by fetching them from the API. But as long as the create/read, update/read cycle is respected, these are minimum problems.
Tried to apply guidelines as described here, specially related to
structures.go
andvalidators.go
.