Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new resource vault_pki_secret_backend_acme_eab to manage ACME EAB tokens #2367

Merged
merged 5 commits into from
Nov 29, 2024
Merged

Add new resource vault_pki_secret_backend_acme_eab to manage ACME EAB tokens #2367

merged 5 commits into from
Nov 29, 2024

Conversation

stevendpclark
Copy link
Contributor

@stevendpclark stevendpclark commented Nov 19, 2024
edited
Loading

Description

Add a new resource called vault_pki_secret_backend_acme_eab that allows TFVP to create and delete EAB tokens (External Account Bindings). These tokens allow someone to restrict who can create a new ACME account within a particular ACME directory within Vault.

Relates #1947

Checklist

  • Added CHANGELOG entry (only for user-facing changes)
  • Acceptance tests where run against all supported Vault Versions

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccXXX'

...

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

@stevendpclark stevendpclark self-assigned this Nov 19, 2024
@stevendpclark stevendpclark requested a review from a team as a code owner November 19, 2024 18:38
@stevendpclark stevendpclark mentioned this pull request Nov 25, 2024
Closed
victorr
victorr previously approved these changes Nov 29, 2024
View reviewed changes
Copy link

@victorr victorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very neatly done.

I think the documentation needs one fix, but I'll mark the PR as approved now since the fix doesn't require a re-review.

website/docs/r/pki_secret_backend_acme_eab.html.md Outdated
page_title: "Vault: vault_pki_secret_backend_acme_eab resource"
sidebar_current: "docs-vault-resource-pki-secret-backend-acme-eab"
description: |-
Sets the EST configuration on a PKI Secret Backend for Vault.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may have overlooked updating this description.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

website/docs/r/pki_secret_backend_acme_eab.html.md Outdated

* `role` - (Optional) Create an EAB token that is specific to a role's ACME directory.

**NOTE**: EAB tokens are specific to an ACME directory. Within Vault ACME there are different
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not very familiar with the ACME terminology, but maybe the sentence can be simplified to

Within Vault there are different ACME directories.

And maybe end the sentence with semicolons?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tweaked it a bit.

@stevendpclark stevendpclark requested a review from a team as a code owner November 29, 2024 14:27
victorr
victorr approved these changes Nov 29, 2024
View reviewed changes
Copy link

@victorr victorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@stevendpclark stevendpclark merged commit 412407d into main Nov 29, 2024
11 checks passed
@stevendpclark stevendpclark deleted the stevendpclark/vault-32587-add-support-for-acme-eab-tokens branch November 29, 2024 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorr victorr victorr approved these changes

@AnPucel AnPucel Awaiting requested review from AnPucel AnPucel is a code owner automatically assigned from hashicorp/vault

Assignees

@stevendpclark stevendpclark

Labels
pki pki-enhancements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stevendpclark @victorr