-
Notifications
You must be signed in to change notification settings - Fork 546
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add iam_groups
to vault_aws_secret_backend_role
#826
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding this! It's looking ok, though the spacing/tabs seems a bit off in the tests?
Co-authored-by: Theron Voran <[email protected]>
Thanks. The spacing/tabs is hard to differentiate in my VSCode. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I noticed while trying this out that removing the iam_groups from a role doesn't work quite right. Turns out it's because of the check for iamGroups of length 0 before setting that parameter in the data. I left a couple suggestions to fix this, and I think this will need another test step in TestAccAWSSecretBackendRole_basic()
that tries removing the iam_groups.
(It looks like this is also an issue with policy_arns, so it's not surprising you ran into it.)
Co-authored-by: Theron Voran <[email protected]>
Thanks for the suggestion. I asked a member of the Vault team before and they said that if you send a parameter to a version of Vault that does not support it (in this case < 1.4), Vault would ignore it. I think we might be able to simplify this by always sending the parameter whether the list is empty or not.
Test failures seem to be in
These tests seem to be quite flaky. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I'm seeing flakiness with those tests too, though I did have all of them pass locally (along with the AWS tests) so I think we're good.
Hello all - this was released in |
Community Note
Release note for CHANGELOG:
Output from acceptance testing: