Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vault_database_secret_backend_connection: Add support for password_authentication on PostgreSQL #2371

Merged

Conversation

kevineor
Copy link
Contributor

@kevineor kevineor commented Nov 22, 2024

Description

Permits to use SCRAM-SHA-256 to encrypt password before being sent to PosgreSQL.
The password_authentication parameter was implemented in Vault 1.14 (See hashicorp/vault#19616)

Closes #2315

Checklist

  • Added CHANGELOG entry (only for user-facing changes)
  • Acceptance tests were run against all supported Vault Versions

Output from acceptance testing:

$ TESTARGS="--run DatabaseSecretBackendConnection -v" make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test --run DatabaseSecretBackendConnection -v -timeout 30m ./...
?   	github.com/hashicorp/terraform-provider-vault	[no test files]
?   	github.com/hashicorp/terraform-provider-vault/cmd/coverage	[no test files]
?   	github.com/hashicorp/terraform-provider-vault/cmd/generate	[no test files]
?   	github.com/hashicorp/terraform-provider-vault/helper	[no test files]
?   	github.com/hashicorp/terraform-provider-vault/internal/consts	[no test files]
?   	github.com/hashicorp/terraform-provider-vault/internal/identity/group	[no test files]
?   	github.com/hashicorp/terraform-provider-vault/internal/identity/mfa	[no test files]
?   	github.com/hashicorp/terraform-provider-vault/internal/pki	[no test files]
testing: warning: no tests to run
PASS
ok  	github.com/hashicorp/terraform-provider-vault/codegen	(cached) [no tests to run]
testing: warning: no tests to run
PASS
ok  	github.com/hashicorp/terraform-provider-vault/internal/identity/entity	(cached) [no tests to run]
?   	github.com/hashicorp/terraform-provider-vault/internal/sync	[no test files]
?   	github.com/hashicorp/terraform-provider-vault/schema	[no test files]
testing: warning: no tests to run
PASS
ok  	github.com/hashicorp/terraform-provider-vault/internal/provider	(cached) [no tests to run]
testing: warning: no tests to run
PASS
ok  	github.com/hashicorp/terraform-provider-vault/testutil	(cached) [no tests to run]
testing: warning: no tests to run
PASS
ok  	github.com/hashicorp/terraform-provider-vault/util	(cached) [no tests to run]
testing: warning: no tests to run
PASS
ok  	github.com/hashicorp/terraform-provider-vault/util/mountutil	(cached) [no tests to run]
=== RUN   TestAccDatabaseSecretBackendConnection_postgresql_import
--- PASS: TestAccDatabaseSecretBackendConnection_postgresql_import (1.30s)
=== RUN   TestAccDatabaseSecretBackendConnection_cassandra
    resource_database_secret_backend_connection_test.go:86: "CASSANDRA_HOST" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_cassandra (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_cassandraProtocol
    resource_database_secret_backend_connection_test.go:130: "CASSANDRA_HOST" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_cassandraProtocol (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_couchbase
    resource_database_secret_backend_connection_test.go:173: "COUCHBASE_HOST" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_couchbase (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_influxdb
    resource_database_secret_backend_connection_test.go:271: "INFLUXDB_HOST" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_influxdb (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_mongodbatlas
    resource_database_secret_backend_connection_test.go:314: "MONGODB_ATLAS_PUBLIC_KEY" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_mongodbatlas (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_mongodb
    resource_database_secret_backend_connection_test.go:351: "MONGODB_URL" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_mongodb (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_mssql
    mssqlhelper.go:27: Skipping, as this image is not supported on ARM architectures
--- SKIP: TestAccDatabaseSecretBackendConnection_mssql (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_mysql_cloud
    resource_database_secret_backend_connection_test.go:448: "MYSQL_CLOUD_CONNECTION_URL" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_mysql_cloud (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_mysql
    resource_database_secret_backend_connection_test.go:491: "MYSQL_CONNECTION_URL" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_mysql (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnectionUpdate_mysql
    resource_database_secret_backend_connection_test.go:585: "MYSQL_CONNECTION_URL" must be set
--- SKIP: TestAccDatabaseSecretBackendConnectionUpdate_mysql (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnectionTemplatedUpdateExcludePassword_mysql
    resource_database_secret_backend_connection_test.go:635: "MYSQL_CONNECTION_URL" must be set
--- SKIP: TestAccDatabaseSecretBackendConnectionTemplatedUpdateExcludePassword_mysql (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_mysql_tls
    resource_database_secret_backend_connection_test.go:726: "MYSQL_CA" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_mysql_tls (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_postgresql
--- PASS: TestAccDatabaseSecretBackendConnection_postgresql (2.27s)
=== RUN   TestAccDatabaseSecretBackendConnection_postgresql_tls
    resource_database_secret_backend_connection_test.go:857: Vault server version "1.18.1"
--- PASS: TestAccDatabaseSecretBackendConnection_postgresql_tls (1.15s)
=== RUN   TestAccDatabaseSecretBackendConnection_postgresql_rootlessConfig
    resource_database_secret_backend_connection_test.go:884: "TF_ACC_ENTERPRISE" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_postgresql_rootlessConfig (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_postgresql_cloud
    resource_database_secret_backend_connection_test.go:902: "POSTGRES_CLOUD_URL" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_postgresql_cloud (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_elasticsearch
    resource_database_secret_backend_connection_test.go:943: "ELASTIC_URL" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_elasticsearch (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_snowflake
    resource_database_secret_backend_connection_test.go:1022: "SNOWFLAKE_URL" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_snowflake (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_redis
    resource_database_secret_backend_connection_test.go:1058: "REDIS_HOST" must be set
--- SKIP: TestAccDatabaseSecretBackendConnection_redis (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_redisElastiCache
    resource_database_secret_backend_connection_test.go:1122: ELASTICACHE_URL not set
--- SKIP: TestAccDatabaseSecretBackendConnection_redisElastiCache (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_redshift
    resource_database_secret_backend_connection_test.go:1156: REDSHIFT_URL not set
--- SKIP: TestAccDatabaseSecretBackendConnection_redshift (0.00s)
=== RUN   TestAccDatabaseSecretBackendConnection_invalid_plugin
--- PASS: TestAccDatabaseSecretBackendConnection_invalid_plugin (0.18s)
PASS
ok  	github.com/hashicorp/terraform-provider-vault/vault	5.417s
...

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

@kevineor kevineor marked this pull request as ready for review November 22, 2024 15:35
@kevineor kevineor requested a review from a team as a code owner November 22, 2024 15:35
@vinay-gopalan vinay-gopalan self-requested a review November 22, 2024 17:18
vinay-gopalan
vinay-gopalan previously approved these changes Nov 22, 2024
Copy link
Contributor

@vinay-gopalan vinay-gopalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Can we also note the version requirement in the docs, and update the CL format? Thanks for adding this in!

website/docs/r/database_secret_backend_connection.md Outdated Show resolved Hide resolved
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
@kevineor
Copy link
Contributor Author

Yes sure,
Thanks a lot for this quick review!

Copy link
Contributor

@vinay-gopalan vinay-gopalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@vinay-gopalan vinay-gopalan merged commit 4473d75 into hashicorp:main Nov 22, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Enhancement]: Support "password_authentication" for PostgreSQL backend
2 participants