Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add redis elasticache database plugin support #1596

Merged
merged 7 commits into from
Oct 3, 2022
Merged

Add redis elasticache database plugin support #1596

merged 7 commits into from
Oct 3, 2022

Conversation

maxcoulombe
Copy link
Contributor

@maxcoulombe maxcoulombe commented Sep 6, 2022
edited by benashz
Loading

Note: this feature requires Vault Server 1.12.0 or greater. The targeted GA date for Vault 1.12.0 is Oct. 12th, 2022.

Release note for CHANGELOG:

feat: Add support for the upcoming Redis-ElastiCache Database Plugin

Output from acceptance testing:

/usr/local/go/bin/go tool test2json -t /tmp/GoLand/___1TestAccDatabaseSecretBackendConnection_redisElastiCache_in_github_com_hashicorp_terraform_provider_vault_vault.test -test.v -test.paniconexit0 -test.run ^\QTestAccDatabaseSecretBackendConnection_redisElastiCache\E$
2022/09/06 17:34:50 [INFO] Using Vault token with the following policies: root
=== RUN   TestAccDatabaseSecretBackendConnection_redisElastiCache
--- PASS: TestAccDatabaseSecretBackendConnection_redisElastiCache (0.86s)
PASS

Process finished with the exit code 0

Config example:

provider "vault" {
  address = "http://127.0.0.1:8200"
  token   = "root"
}

resource "vault_database_secret_backend_connection" "redis_db" {
  backend       = "database"
  name          = "redis"
  allowed_roles = ["*"]

  redis_elasticache {
    url = "master.vault-plugin-elasticache-test.6ylpiw.use1.cache.amazonaws.com:6379"
  }
}

resource "vault_database_secret_backend_static_role" "redis_role" {
  name            = "redis"
  backend         = "database"
  username        = "vault-test"
  rotation_period = 300
  db_name         = vault_database_secret_backend_connection.redis_db.name
}

@github-actions github-actions bot added the size/M label Sep 6, 2022
vinay-gopalan
vinay-gopalan reviewed Sep 26, 2022
View reviewed changes
Copy link
Contributor

@vinay-gopalan vinay-gopalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good! I think you also need a setRedisElastiCacheConnectionData function that reads the data from the TF config. This method can then be called from getDatabaseAPIDataForEngine as done here: https://github.com/hashicorp/terraform-provider-vault/blob/main/vault/resource_database_secret_backend_connection.go#L833

@github-actions github-actions bot added size/L and removed size/M labels Sep 27, 2022
@maxcoulombe
Copy link
Contributor Author

maxcoulombe commented Sep 27, 2022
edited
Loading

Looking good! I think you also need a setRedisElastiCacheConnectionData function that reads the data from the TF config. This method can then be called from getDatabaseAPIDataForEngine as done here: https://github.com/hashicorp/terraform-provider-vault/blob/main/vault/resource_database_secret_backend_connection.go#L833

Thanks for catching that. Out of curiosity whats the functional purpose of adding that? It seems like everything was working fine including showing the diff during updates and populating the statefile so I'm wondering what use case can I use to validate it's working as intended?

@vinay-gopalan
Copy link
Contributor

vinay-gopalan commented Sep 29, 2022
edited
Loading

Looking good! I think you also need a setRedisElastiCacheConnectionData function that reads the data from the TF config. This method can then be called from getDatabaseAPIDataForEngine as done here: https://github.com/hashicorp/terraform-provider-vault/blob/main/vault/resource_database_secret_backend_connection.go#L833

Thanks for catching that. Out of curiosity whats the functional purpose of adding that? It seems like everything was working fine including showing the diff during updates and populating the statefile so I'm wondering what use case can I use to validate it's working as intended?

Good question! I believe in the context of your test, the SDK was mainly only checking if the respective fields are populated with the particular values within the resource diff and state, and hence the test passes. However, since we never actually read those values from the resource diff and write them to Vault, an Import TestStep would show that the test would fail. Import tests read the resource from Vault and verify the values are the what we expect them to be, thereby providing a more complete loop on the test. Here's an example of an import test for a DB engine: https://github.com/hashicorp/terraform-provider-vault/blob/main/vault/resource_database_secret_backend_connection_test.go#L247-L252

@maxcoulombe
Copy link
Contributor Author

Looking good! I think you also need a setRedisElastiCacheConnectionData function that reads the data from the TF config. This method can then be called from getDatabaseAPIDataForEngine as done here: https://github.com/hashicorp/terraform-provider-vault/blob/main/vault/resource_database_secret_backend_connection.go#L833

Thanks for catching that. Out of curiosity whats the functional purpose of adding that? It seems like everything was working fine including showing the diff during updates and populating the statefile so I'm wondering what use case can I use to validate it's working as intended?

Good question! I believe in the context of your test, the SDK was mainly only checking if the respective fields are populated with the particular values within the resource diff and state, and hence the test passes. However, since we never actually read those values from the resource diff and write them to Vault, an Import TestStep would show that the test would fail. Import tests read the resource from Vault and verify the values are the what we expect them to be, thereby providing a more complete loop on the test. Here's an example of an import test for a DB engine: https://github.com/hashicorp/terraform-provider-vault/blob/main/vault/resource_database_secret_backend_connection_test.go#L247-L252

Thanks for the link to the example. Everything seems fine now and the test pass.

max@max-Precision-7560:~/projects/terraform-provider-vault/vault$ TF_ACC=1 ELASTICACHE_URL=master.vault-plugin-elasticache-test.6ylpiw.use1.cache.amazonaws.com:6379 go test -v -run TestAccDatabaseSecretBackendConnection_redisElastiCache
2022/09/30 11:22:55 [INFO] Using Vault token with the following policies: root
=== RUN   TestAccDatabaseSecretBackendConnection_redisElastiCache
--- PASS: TestAccDatabaseSecretBackendConnection_redisElastiCache (0.96s)
PASS
ok  	github.com/hashicorp/terraform-provider-vault/vault	0.978s

Imports also work as expected if I try it manually.

@benashz benashz changed the title + added redis elasticache database plugin support Add redis elasticache database plugin support Sep 30, 2022
benashz
benashz reviewed Sep 30, 2022
View reviewed changes
Copy link
Contributor

@benashz benashz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, just have a few issues/nits/suggestions

website/docs/r/database_secret_backend_connection.md Show resolved Hide resolved
vault/gcp.go Outdated Show resolved Hide resolved
codegen/generate.go Show resolved Hide resolved
vault/resource_database_secret_backend_connection.go Outdated Show resolved Hide resolved
vault/resource_database_secret_backend_connection_test.go Outdated Show resolved Hide resolved
website/docs/r/database_secret_backend_connection.md Outdated Show resolved Hide resolved
vinay-gopalan
vinay-gopalan approved these changes Sep 30, 2022
View reviewed changes
Copy link
Contributor

@vinay-gopalan vinay-gopalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after updating the import to ignore redis password and adding the docs!

benashz
benashz approved these changes Oct 3, 2022
View reviewed changes
Copy link
Contributor

@benashz benashz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@benashz benashz added this to the 3.9.0 milestone Oct 3, 2022
@maxcoulombe maxcoulombe merged commit 4f4e840 into main Oct 3, 2022
@maxcoulombe maxcoulombe deleted the vault-8171-redisElastiCacheSupport branch October 17, 2022 15:42
@maxcoulombe maxcoulombe mentioned this pull request Oct 17, 2022
Closed
@blufor blufor mentioned this pull request Oct 30, 2022
Closed
marcboudreau pushed a commit to marcboudreau/terraform-provider-vault that referenced this pull request Nov 6, 2022
@maxcoulombe
Add redis elasticache database plugin support (hashicorp#1596)
d6bcfc2 
* + added redis elasticache database plugin support
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vinay-gopalan vinay-gopalan vinay-gopalan approved these changes

@benashz benashz benashz approved these changes

@Zlaticanin Zlaticanin Awaiting requested review from Zlaticanin

Assignees
No one assigned
Labels
documentation size/L
Projects
None yet
Milestone
3.9.0
Development

Successfully merging this pull request may close these issues.
3 participants
@maxcoulombe @vinay-gopalan @benashz