Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Resources for Transit Secrets Backend #477

Merged
merged 7 commits into from
Aug 7, 2019

Conversation

jtcressy
Copy link
Contributor

Hi all,

I wanted a structured way to create transit backends and encryption keys via Terraform, so I went ahead and implemented it for us all.

This PR implements two new resources:

  • vault_transit_secret_backend
  • vault_transit_secret_backend_key

The transit secret backend is fairly trivial and primitive, since it's simply wrapping vault_mount by setting type = "transit". However I wanted to control the keys within the mount so it seemed natural for there to be resource for the backend.

There is more that could be done on top of this, as I have an idea to implement some new data sources around transit:

  • Data sources for encrypting/decrypting/signing/verifying some input value for use elsewhere in terraform (similar to how data.template_file is used)
  • Data sources for exporting existing keys, both public and private if applicable.

Checklist:

  • Tests cases created & pass
  • Documentation created/updated

Acceptance test output:

=== RUN   TestTransitSecretBackendKey_basic
--- PASS: TestTransitSecretBackendKey_basic (0.56s)
=== RUN   TestTransitSecretBackendKey_rsa4096
--- PASS: TestTransitSecretBackendKey_rsa4096 (2.19s)
=== RUN   TestTransitSecretBackendKey_import
--- PASS: TestTransitSecretBackendKey_import (0.33s)
=== RUN   TestTransitSecretBackend_basic
--- PASS: TestTransitSecretBackend_basic (0.39s)
=== RUN   TestTransitSecretBackend_import
--- PASS: TestTransitSecretBackend_import (0.32s)
PASS
ok  	github.com/terraform-providers/terraform-provider-vault/vault	3.986s

Process finished with exit code 0

@jtcressy
Copy link
Contributor Author

Howdy, @tyrannosaurus-becks! I'm back with more commits. Let me know if there's any problems with this PR so I can fix them.

@tyrannosaurus-becks tyrannosaurus-becks self-assigned this Aug 2, 2019
Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code, tests, and docs for this look very good. I'm thinking we should strip out the resource marked as having an unknown endpoint, but I'm flexible on that, so I'm looking forward to hearing your thoughts.

vault/provider.go Outdated Show resolved Hide resolved
@ghost ghost added size/XL and removed size/XXL labels Aug 7, 2019
Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Also, I saw this test failure appeared unrelated, so I did a test build after merging master and the test succeeded.

@tyrannosaurus-becks tyrannosaurus-becks merged commit 83e9310 into hashicorp:master Aug 7, 2019
@jtcressy jtcressy deleted the transit_backend branch August 8, 2019 17:03
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
Add Resources for Transit Secrets Backend
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants