Skip to content

Commit

Permalink
Enhance secret by adding num_uses and ttl for vault_approle_auth_back…
Browse files Browse the repository at this point in the history 
…end_role_secret_id (#2345)

* add num_uses & ttl to secre_id resource

* fixed tests

* fix up

* make fmt and add changelog

* fmt

---------

Co-authored-by: JM Faircloth <[email protected]>
  • Loading branch information
@NightOwl998 @fairclothjm
NightOwl998 and fairclothjm authored Oct 30, 2024
1 parent a659f2c commit 3f3edeb
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ FEATURES:

* Update `vault_database_secret_backend_connection` to support inline TLS config for PostgreSQL ([#2339](https://github.com/hashicorp/terraform-provider-vault/pull/2339))
* Update `vault_database_secret_backend_connection` to support skip_verification config for Cassandra ([#2346](https://github.com/hashicorp/terraform-provider-vault/pull/2346))
* Update `vault_approle_auth_backend_role_secret_id` to support `num_uses` and `ttl` fields ([#2345](https://github.com/hashicorp/terraform-provider-vault/pull/2345))

## 4.4.0 (Aug 7, 2024)

Expand Down
29 changes: 29 additions & 0 deletions vault/resource_approle_auth_backend_role_secret_id.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,22 @@ func approleAuthBackendRoleSecretIDResource(name string) *schema.Resource {
},
},

consts.FieldTTL: {
Type: schema.TypeInt,
Required: false,
Optional: true,
ForceNew: true,
Description: "The TTL duration of the SecretID.",
},

consts.FieldNumUses: {
Type: schema.TypeInt,
Required: false,
Optional: true,
ForceNew: true,
Description: "The number of uses for the secret-id.",
},

consts.FieldBackend: {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -162,6 +178,14 @@ func approleAuthBackendRoleSecretIDCreate(ctx context.Context, d *schema.Resourc
} else {
data["metadata"] = ""
}

if v, ok := d.GetOk(consts.FieldTTL); ok {
data["ttl"] = v
}

if v, ok := d.GetOk(consts.FieldNumUses); ok {
data["num_uses"] = v
}
withWrappedAccessor := d.Get(consts.FieldWithWrappedAccessor).(bool)

wrappingTTL, wrapped := d.GetOk(consts.FieldWrappingTTL)
Expand Down Expand Up @@ -293,12 +317,17 @@ func approleAuthBackendRoleSecretIDRead(ctx context.Context, d *schema.ResourceD
return diag.Errorf("error encoding metadata for SecretID %q to JSON: %s", id, err)
}

ttl := resp.Data["secret_id_ttl"]
numUses := resp.Data["secret_id_num_uses"]

fields := map[string]interface{}{
consts.FieldBackend: backend,
consts.FieldRoleName: role,
consts.FieldCIDRList: cidrs,
consts.FieldMetadata: string(metadata),
consts.FieldAccessor: accessor,
consts.FieldTTL: ttl,
consts.FieldNumUses: numUses,
}

for k, v := range fields {
Expand Down
4 changes: 4 additions & 0 deletions vault/resource_approle_auth_backend_role_secret_id_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,8 @@ func TestAccAppRoleAuthBackendRoleSecretID_full(t *testing.T) {
resource.TestCheckResourceAttrSet(secretIDResource, "accessor"),
resource.TestCheckResourceAttr(secretIDResource, "cidr_list.#", "2"),
resource.TestCheckResourceAttr(secretIDResource, consts.FieldMetadata, `{"hello":"world"}`),
resource.TestCheckResourceAttr(secretIDResource, "ttl", "700"),
resource.TestCheckResourceAttr(secretIDResource, "num_uses", "2"),
),
},
},
Expand Down Expand Up @@ -254,6 +256,8 @@ resource "vault_approle_auth_backend_role_secret_id" "secret_id" {
role_name = vault_approle_auth_backend_role.role.role_name
backend = vault_auth_backend.approle.path
cidr_list = ["10.148.0.0/20", "10.150.0.0/20"]
ttl = 700
num_uses = 2
metadata = <<EOF
{
"hello": "world"
Expand Down

0 comments on commit 3f3edeb

Please sign in to comment.