-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_secret_backend: allow role_arns with policy_arns #710
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for working on this. I'm thinking we shouldn't remove most of the ConflictsWith
fields, but am looking forward to hearing your thoughts about it.
@@ -36,10 +36,9 @@ func awsSecretBackendRoleResource() *schema.Resource { | |||
Description: "The path of the AWS Secret Backend the role belongs to.", | |||
}, | |||
"policy_arns": { | |||
Type: schema.TypeSet, | |||
Optional: true, | |||
ConflictsWith: []string{"policy", "policy_arn", "role_arns"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi! I'd be fine with pulling role_arns
out here. However, I'm not so sure we should pull out the rest. Adding these deprecated parameters to ConflictsWith
here is a normal part of the best practices around deprecation located here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi!
That does seem reasonable as we're still not at the next major version bump.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, thanks @adongy !
Community Note
Closes #709
Release note for CHANGELOG:
Output from acceptance testing:
Tests did not update. I let the Vault binary provide validation as done here: https://github.com/hashicorp/vault/blob/master/builtin/logical/aws/path_roles.go
I did not change the code for the deprecated attributes (as they have
Removed
). Website documentation has been copied from the Vault website and reordered.The sample Terraform has been updated, as only specifying a
policy_document
withcredential_type = assumed_role
is illegal.Thanks!