Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error handling for identity_oidc_key vault calls #1142

Merged
merged 1 commit into from
Aug 12, 2021
Merged

Error handling for identity_oidc_key vault calls #1142

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 6 additions & 2 deletions vault/resource_identity_oidc_key.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,9 @@ func identityOidcKeyCreate(d *schema.ResourceData, meta interface{}) error {
data := make(map[string]interface{})

identityOidcKeyUpdateFields(d, data)
identityOidcKeyApiWrite(name, data, client)
if err := identityOidcKeyApiWrite(name, data, client); err != nil {
return err
}

d.SetId(name)

Expand All @@ -113,7 +115,9 @@ func identityOidcKeyUpdate(d *schema.ResourceData, meta interface{}) error {
data := map[string]interface{}{}

identityOidcKeyUpdateFields(d, data)
identityOidcKeyApiWrite(name, data, client)
if err := identityOidcKeyApiWrite(name, data, client); err != nil {
return err
}

return identityOidcKeyRead(d, meta)
}
Expand Down
13 changes: 11 additions & 2 deletions vault/resource_identity_oidc_key_allowed_client_id_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ func TestAccIdentityOidcKeyAllowedClientId(t *testing.T) {
{
Config: testAccIdentityOidcKeyAllowedClientIdConfig(name),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "rotation_period", "86400"),
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "verification_ttl", "86400"),
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "algorithm", "RS256"),
testAccIdentityOidcKeyAllowedClientIdCheckAttrs("vault_identity_oidc_key_allowed_client_id.role_one", 3),
testAccIdentityOidcKeyAllowedClientIdCheckAttrs("vault_identity_oidc_key_allowed_client_id.role_two", 3),
testAccIdentityOidcKeyAllowedClientIdCheckAttrs("vault_identity_oidc_key_allowed_client_id.role_three", 3),
Expand All @@ -30,12 +33,18 @@ func TestAccIdentityOidcKeyAllowedClientId(t *testing.T) {
{
Config: testAccIdentityOidcKeyAllowedClientIdRemove(name),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "rotation_period", "86401"),
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "verification_ttl", "86401"),
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "algorithm", "RS256"),
testAccIdentityOidcKeyAllowedClientIdCheckAttrs("vault_identity_oidc_key_allowed_client_id.role_one", 1),
),
},
{
Config: testAccIdentityOidcKeyAllowedClientIdRecreate(name),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "rotation_period", "86400"),
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "verification_ttl", "86400"),
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "algorithm", "RS256"),
testAccIdentityOidcKeyAllowedClientIdCheckAttrs("vault_identity_oidc_key_allowed_client_id.role", 1),
),
},
Expand Down Expand Up @@ -152,8 +161,8 @@ resource "vault_identity_oidc_key" "key" {
name = "%s"
algorithm = "RS256"

rotation_period = 3600
verification_ttl = 3600
rotation_period = 86401
verification_ttl = 86401
}

resource "vault_identity_oidc_role" "role_one" {
Expand Down
21 changes: 21 additions & 0 deletions vault/resource_identity_oidc_key_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package vault
import (
"encoding/json"
"fmt"
"regexp"
"strconv"
"strings"
"testing"
Expand All @@ -21,6 +22,11 @@ func TestAccIdentityOidcKey(t *testing.T) {
Providers: testProviders,
CheckDestroy: testAccCheckIdentityOidcKeyDestroy,
Steps: []resource.TestStep{
{
// Test a create failure
Config: testAccIdentityOidcKeyConfig_bad(key),
ExpectError: regexp.MustCompile(`unknown signing algorithm "RS123"`),
},
{
Config: testAccIdentityOidcKeyConfig(key),
Check: resource.ComposeTestCheckFunc(
Expand Down Expand Up @@ -75,6 +81,11 @@ func TestAccIdentityOidcKeyUpdate(t *testing.T) {
resource.TestCheckResourceAttr("vault_identity_oidc_key.key", "allowed_client_ids.#", "0"),
),
},
{
// Test an update failure
Config: testAccIdentityOidcKeyConfig_bad(key),
ExpectError: regexp.MustCompile(`unknown signing algorithm "RS123"`),
},
},
})
}
Expand Down Expand Up @@ -204,6 +215,16 @@ resource "vault_identity_oidc_key" "key" {
}`, entityName)
}

func testAccIdentityOidcKeyConfig_bad(entityName string) string {
return fmt.Sprintf(`
resource "vault_identity_oidc_key" "key" {
name = "%s"
algorithm = "RS123"

allowed_client_ids = []
}`, entityName)
}

func testAccIdentityOidcKeyConfigUpdate(entityName string) string {
return fmt.Sprintf(`
resource "vault_identity_oidc_key" "key" {
Expand Down