Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add region passing for non commercial regions #841

Merged
merged 4 commits into from
Aug 17, 2020
Merged

Add region passing for non commercial regions #841

merged 4 commits into from
Aug 17, 2020

Conversation

Valarissa
Copy link
Contributor

This allows us to use non-inferrable regions with terraform and the vault provider.
Community Note

Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Relates OR Closes #679

Release note for CHANGELOG:

Add support for passing region information stored in vault backend to AWS Config

Output from acceptance testing:
(Note: You need numerous environment variables to be set for these acceptance tests to run.

TF_ACC=1
VAULT_TOKEN=????

The following env vars must be set based on information provided by your AWS instance. In order to truly test these changes, you'll need to get Access Keys from the us-gov-west-1 cloud, as those credentials were the ones that didn't work which prompted this change (You can also use cn-northwest-1 to test this if you'd like).

AWS_ACCESS_KEY_ID=????
AWS_SECRET_ACCESS_KEY=????
AWS_DEFAULT_REGION=(cn-northwest-1|us-gov-west-1|us-east-1)

$ go test -run="TestAccDataSourceAWSAccessCredentials" -v ./vault

=== RUN   TestAccDataSourceAWSAccessCredentials_basic
--- PASS: TestAccDataSourceAWSAccessCredentials_basic (54.20s)
=== RUN   TestAccDataSourceAWSAccessCredentials_sts
--- PASS: TestAccDataSourceAWSAccessCredentials_sts (1.49s)
=== RUN   TestAccDataSourceAWSAccessCredentials_sts/sts_without_role_arn
    --- PASS: TestAccDataSourceAWSAccessCredentials_sts/sts_without_role_arn (0.77s)
=== RUN   TestAccDataSourceAWSAccessCredentials_sts/sts_with_role_arn
    --- PASS: TestAccDataSourceAWSAccessCredentials_sts/sts_with_role_arn (0.72s)
PASS

Process finished with exit code 0
...

Lauren Voswinkel added 3 commits July 24, 2020 16:22
Add support for passing region information to vault backend
054ccf7 
This allows us to use non-inferrable regions
Remove unnecessary data passing when obtaining region
313ae00
Remove root privilege check, add region as part of data source
c223431 
This allows the tf config to specify the region. It creates redundancy,
however, it should allow people to use a different region without special
permissions of any sort. If no region is given, it should default to
us-east-1.
@ghost ghost added the size/S label Aug 6, 2020
jasonodonnell
jasonodonnell reviewed Aug 7, 2020
View reviewed changes
vault/data_source_aws_access_credentials_test.go
return fmt.Sprintf(`
resource "vault_aws_secret_backend" "aws" {
path = "%s"
description = "Obtain AWS credentials."
access_key = "%s"
secret_key = "%s"
region = "%s"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a formatting error here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could have sworn that I added something to goland to run gofmt on files on save...

@kalafut kalafut changed the title Add region passing for non commercial regions - LET'S TRY THAT AGAIN Add region passing for non commercial regions Aug 7, 2020
Rely on go zero values for modifying aws.Config
c38e6a6 
This allows us to set the region ONLY if it was specified in the data section of
the user's Terraform config.
jasonodonnell
jasonodonnell approved these changes Aug 10, 2020
View reviewed changes
Copy link
Contributor

@jasonodonnell jasonodonnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes look right to me. If I'm understanding it correctly, when region isn't set, this will act similar to what's currently deployed. You can resolve bugs related with that by setting region.

@calvn calvn self-requested a review August 13, 2020 15:13
@Valarissa Valarissa merged commit a71a304 into master Aug 17, 2020
@jvanan24 jvanan24 mentioned this pull request Sep 16, 2020
Closed
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
Add region passing for non commercial regions (hashicorp#841)
a1160fe 
* Add support for passing region information to vault backend

This allows us to use non-inferrable regions

* Remove unnecessary data passing when obtaining region

* Remove root privilege check, add region as part of data source

This allows the tf config to specify the region. It creates redundancy,
however, it should allow people to use a different region without special
permissions of any sort. If no region is given, it should default to
us-east-1.

* Rely on go zero values for modifying aws.Config

This allows us to set the region ONLY if it was specified in the data section of
the user's Terraform config.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonodonnell jasonodonnell jasonodonnell approved these changes

@catsby catsby Awaiting requested review from catsby

@tomhjp tomhjp Awaiting requested review from tomhjp

@calvn calvn Awaiting requested review from calvn

Assignees
No one assigned
Labels
size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dynamic Secrets within China (cn-northwest-1)
2 participants
@Valarissa @jasonodonnell