Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding uri_sans to pki_secret_backend_cert #759

Merged
merged 5 commits into from
Aug 24, 2020
Merged

Adding uri_sans to pki_secret_backend_cert #759

merged 5 commits into from
Aug 24, 2020

Conversation

theorlandog
Copy link
Contributor

Fixes #758

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Relates OR Closes #758

Release note for CHANGELOG:

Add support for uri_sans parameter for resource vault_pki_secret_backend_cert

@theorlandog theorlandog changed the title adding uri_sans to pki_secret_backend_cert Add uri_sans to pki_secret_backend_cert May 15, 2020
@theorlandog theorlandog changed the title Add uri_sans to pki_secret_backend_cert Adding uri_sans to pki_secret_backend_cert May 15, 2020
@bendrucker
Copy link
Contributor

@theorlandog This PR has changed all the file permissions to 755. The previous value of 644 was correct. If you revert that (chmod 644 vault/*.go should work) you'll get the diff you expect here.

@theorlandog
Copy link
Contributor Author

@bendrucker Sorry about that. Windows being weird. Just updated for you.

@bendrucker
Copy link
Contributor

No worries, I was just here checking in on another PR and figured I'd mention it so you don't waste a review cycle with an actual maintainer. Which I'm not FWIW, wish I could help you get this merged. Looks like the line endings got converted to \r\n which still presents an extra diff.

Tweaking your git settings should help with that, specifically autocrlf:

https://help.github.com/en/github/using-git/configuring-git-to-handle-line-endings

@ghost ghost added size/L and removed size/XXL labels May 18, 2020
@ghost ghost added size/XS and removed size/L labels May 18, 2020
@theorlandog
Copy link
Contributor Author

@bendrucker ahh good looks. Definitely gotta spend the time to learn my git tricks some day. Thanks for helping me out.

Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great so far! Just a couple questions.

Type: schema.TypeList,
Optional: true,
Description: "List of alternative URIs.",
ForceNew: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this really ForceNew if this field changes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @tyrannosaurus-becks,
To be quite honest, I lifted most of this code for a similar PR raised against CAs. https://github.com/terraform-providers/terraform-provider-vault/pull/373/files#diff-318e4d5fc8ea223f57928c837b6ea671R60. In that PR, it was set to ForceNew as well. I would think force new matches this matches the intent, as you probably need the uri set in the cert if your are taking the time to set it in the tf.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any option to update certificates in the API docs so I think ForceNew: true is correct here.

@@ -167,6 +176,12 @@ func pkiSecretBackendCertCreate(d *schema.ResourceData, meta interface{}) error
ipSans = append(ipSans, iIpSan.(string))
}

iURISans := d.Get("uri_sans").([]interface{})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we simplify this code if we did something more like:

if raw, ok := d.GetOk("uri_sans"); ok {
    data["uri_sans"] = raw
}

Or is there a downside to that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @tyrannosaurus-becks,
Same idea as the last comment. I jacked most of this code from another PR. https://github.com/terraform-providers/terraform-provider-vault/pull/373/files#diff-318e4d5fc8ea223f57928c837b6ea671R193. It smells like your block would be equivalent, but maybe it makes sense to keep the two related blocks to use the same form? Not sure your opinion there.

@tyrannosaurus-becks tyrannosaurus-becks self-assigned this May 21, 2020
@catsby catsby added this to the v2.12.0 milestone Jun 12, 2020
@catsby catsby modified the milestones: v2.12.0, vNext, Future Aug 21, 2020
Copy link
Contributor

@tomhjp tomhjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the contribution!

Type: schema.TypeList,
Optional: true,
Description: "List of alternative URIs.",
ForceNew: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any option to update certificates in the API docs so I think ForceNew: true is correct here.

@tomhjp tomhjp merged commit d6cf95c into hashicorp:master Aug 24, 2020
@catsby
Copy link
Contributor

catsby commented Aug 28, 2020

Hello all - this was released in v2.13.0 , thanks for the contribution and your patience!

dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for uri_sans in vault_pki_secret_backend_cert
7 participants