Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve AWS secret backend client configuration #539

Merged
merged 2 commits into from
Sep 30, 2019
Merged

Improve AWS secret backend client configuration #539

merged 2 commits into from
Sep 30, 2019

Conversation

joelthompson
Copy link
Contributor

Now that Vault supports reading the config/root endpoint, we can read
out the AWS access key and region that have been configured to allow
Terraform to detect for and fix drift.

Note that there's a little bit of a nasty hack in here to prevent unexpected but probably innocuous config diffs in the region selected as explained in the comments. This can be removed if it's not a big deal, but I went with keeping maximum backwards compatibility.

Fixes #538

I ran the relevant acceptance tests based off a local build of the most recent Vault master:

$ AWS_ACCESS_KEY_ID=foo AWS_SECRET_ACCESS_KEY=bar make testacc TESTARGS="-count 1 -run TestAccAWSSecretBackend"
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -count 1 -run TestAccAWSSecretBackend -timeout 120m
?       github.com/terraform-providers/terraform-provider-vault [no test files]
?       github.com/terraform-providers/terraform-provider-vault/cmd/coverage    [no test files]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-vault/util    0.045s [no tests to run]
=== RUN   TestAccAWSSecretBackendRole_basic
--- PASS: TestAccAWSSecretBackendRole_basic (0.26s)
=== RUN   TestAccAWSSecretBackendRole_import
--- PASS: TestAccAWSSecretBackendRole_import (0.25s)
=== RUN   TestAccAWSSecretBackendRole_nested
--- PASS: TestAccAWSSecretBackendRole_nested (0.40s)
=== RUN   TestAccAWSSecretBackend_basic
--- PASS: TestAccAWSSecretBackend_basic (0.33s)
=== RUN   TestAccAWSSecretBackend_import
--- PASS: TestAccAWSSecretBackend_import (0.19s)
PASS
ok      github.com/terraform-providers/terraform-provider-vault/vault   1.437s

@joelthompson
Improve AWS secret backend client configuration
4a86cff 
Now that Vault supports reading the config/root endpoint, we can read
out the AWS access key and region that have been configured to allow
Terraform to detect for and fix drift.
@ghost ghost added the size/XS label Sep 14, 2019
tyrannosaurus-becks
tyrannosaurus-becks approved these changes Sep 17, 2019
View reviewed changes
Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this!

Quick question that I want to include in the changelog, do you happen to know off-hand which version of Vault (and forward) this is compatible with? (If you don't, I can look it up.)

@joelthompson
Copy link
Contributor Author

1.3 -- it hasn't been released yet, it was only merged to master last Friday.

tyrannosaurus-becks
tyrannosaurus-becks reviewed Sep 17, 2019
View reviewed changes
Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moving this back from "approved" to "comment" for now because, upon chatting more about this, it would be awesome if this could be backwards-compatible. Typically we don't worry too much about that, but in this case we'd like to add this feature, and also give users of the repo a little more time to upgrade Vault after it's merged and released.

@ghost ghost added documentation size/S and removed size/XS labels Sep 18, 2019
@joelthompson
Copy link
Contributor Author

Done -- mostly didn't want to add additional code if it wasn't needed/desired.

I've run acceptance tests against the official Vault binary for the latest release (1.2.3), a local build of Vault one commit before the support went into Vault, and a local build of Vault for the latest master, so should be good to go!

@tyrannosaurus-becks tyrannosaurus-becks merged commit 4e39ad1 into hashicorp:master Sep 30, 2019
@joelthompson joelthompson deleted the improve_aws_secrets_config branch October 1, 2019 13:08
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
@tyrannosaurus-becks
Merge pull request hashicorp#539 from joelthompson/improve_aws_secret…
a0f3d2d 
…s_config

Improve AWS secret backend client configuration
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tyrannosaurus-becks tyrannosaurus-becks tyrannosaurus-becks approved these changes

@kalafut kalafut kalafut left review comments

Assignees
No one assigned
Labels
documentation size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve aws secrets config using new config/read endpoint
3 participants
@joelthompson @kalafut @tyrannosaurus-becks