Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add missing optional parameters to vault_cert_auth_backend_role #282

Conversation

ainoya
Copy link
Contributor

@ainoya ainoya commented Jan 22, 2019

I Added some parameters to cert_auth_backend_role.

  • allowed_common_names
  • allowed_dns_sans
  • allowed_email_sans
  • allowed_uri_sans
  • allowed_organization_units
  • bound_cidrs

ref: https://www.vaultproject.io/api/auth/cert/index.html#parameters

Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ainoya fantastic! Thank you!

@tyrannosaurus-becks tyrannosaurus-becks merged commit 77749f9 into hashicorp:master Jan 31, 2019
@tyrannosaurus-becks tyrannosaurus-becks self-assigned this Jan 31, 2019
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
…ert-auth-method

Add missing optional parameters to vault_cert_auth_backend_role
jseuren-exonet added a commit to jseuren-exonet/terraform-provider-vault that referenced this pull request Aug 9, 2021
… vault_cert_auth_backend_role

hashicorp#282 introduced many missing optional parameters in vault_cert_auth_backend_role, but missed validating and reading the `allowed_email_sans` field in the `certAuthResourceUpdate` and `certAuthResourceWrite` functions. Terraform currently correctly reads and plans for updating `allowed_email_sans`, but never actually does it.

For example, locally I have defined a set of emails that are added to the `allowed_common_names` parameter and `allowed_email_sans`. Only `allowed_common_names` is created/updated. `allowed_email_sans` is not.

```
locals {
  allowed_emails = ['[email protected]', '[email protected]']
}
resource "vault_cert_auth_backend_role" "employee-cert-auth" { 
  # other stuff defined here
  allowed_common_names = locals.allowed_emails
  allowed_email_sans   = locals.allowed_emails
}
```
fairclothjm pushed a commit that referenced this pull request Sep 8, 2023
…ert_auth_backend_role (#1140)

Add missing allowed_email_sans field to write and update functions of vault_cert_auth_backend_role

#282 introduced many missing optional parameters in vault_cert_auth_backend_role, but missed validating and reading the `allowed_email_sans` field in the `certAuthResourceUpdate` and `certAuthResourceWrite` functions. Terraform currently correctly reads and plans for updating `allowed_email_sans`, but never actually does it.

For example, locally I have defined a set of emails that are added to the `allowed_common_names` parameter and `allowed_email_sans`. Only `allowed_common_names` is created/updated. `allowed_email_sans` is not.

```
locals {
  allowed_emails = ['[email protected]', '[email protected]']
}
resource "vault_cert_auth_backend_role" "employee-cert-auth" { 
  # other stuff defined here
  allowed_common_names = locals.allowed_emails
  allowed_email_sans   = locals.allowed_emails
}
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants