Add reuse_wrapping_token functionality.

[melbit-michaelw]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Closes #976

Release note for CHANGELOG:

resource/approle_auth_backend_role_secret_id: Add support for re-using a wrapped secret id (#976)

Output from acceptance testing:

$ make testacc TESTARGS="--run TestAccAppRoleAuthBackendRoleSecretID"
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./...) -v --run TestAccAppRoleAuthBackendRoleSecretID -timeout 120m
?       github.com/hashicorp/terraform-provider-vault   [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/coverage      [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/generate      [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/codegen   (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-vault/generated [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/datasources/transform/decode    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/datasources/transform/encode    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/alphabet    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/role        (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/template    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/transformation      (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-vault/schema    [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/util      (cached) [no tests to run]
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_basic
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_basic (0.22s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_wrapped (0.20s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped_reuse
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_wrapped_reuse (0.20s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace
    util.go:112: TF_ACC_ENTERPRISE is not set, test is applicable only for Enterprise version of Vault
--- SKIP: TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace (0.00s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_full
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_full (0.20s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault     2.038s

NOTE - This functionality relies on Vault updates in hashicorp/vault#12425

I'm not sure if I'm supposed to wait for that code to be merged/rejected before raising this PR, but I figured this way I can at least get some potential feedback and address any issues in this PR so it's ready to go when/if that other code is available.

[melbit-michaelw]

The code that this relies on has been released in Vault 1.9.0, so I believe this is ready to be reviewed.

[melbit-michaelw]

Any chance of someone looking at this any time soon ?

[benashz]

Any chance of someone looking at this any time soon ?

@melbit-michaelw thanks for the PR, we will take a look at it this week.

[benashz]

@melbit-michaelw would you mind rebasing this PR off of main. There was some refactoring done on that branch that will result in some semantic merge errors.

See my comment #1166 (comment).

Thanks,

Ben

[melbit-michaelw]

Hi @benashz,

I've rebased onto main, and fixed up the package for the TestAccePreCheck function.

Updated output from acceptance tests:

$ TESTARGS="--run AppRoleAuthBackendRole" make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test -v --run AppRoleAuthBackendRole -timeout 30m ./...
?       github.com/hashicorp/terraform-provider-vault   [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/coverage      [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/generate      [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/codegen   (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-vault/generated [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/datasources/transform/decode    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/datasources/transform/encode    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/alphabet    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/role        (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/template    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/transformation      (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-vault/helper    [no test files]
?       github.com/hashicorp/terraform-provider-vault/schema    [no test files]
?       github.com/hashicorp/terraform-provider-vault/testutil  [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/util      (cached) [no tests to run]
=== RUN   TestAccAppRoleAuthBackendRoleID_basic
--- PASS: TestAccAppRoleAuthBackendRoleID_basic (7.05s)
=== RUN   TestAccAppRoleAuthBackendRoleID_customID
--- PASS: TestAccAppRoleAuthBackendRoleID_customID (5.46s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_basic
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_basic (3.18s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_wrapped (3.06s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped_reuse
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_wrapped_reuse (3.34s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace
    testutil.go:57: "TF_ACC_ENTERPRISE" must be set
--- SKIP: TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace (0.00s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_full
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_full (3.01s)
=== RUN   TestAccAppRoleAuthBackendRole_import
--- PASS: TestAccAppRoleAuthBackendRole_import (3.62s)
=== RUN   TestAccAppRoleAuthBackendRole_basic
--- PASS: TestAccAppRoleAuthBackendRole_basic (3.00s)
=== RUN   TestAccAppRoleAuthBackendRole_update
--- PASS: TestAccAppRoleAuthBackendRole_update (5.24s)
=== RUN   TestAccAppRoleAuthBackendRole_full
--- PASS: TestAccAppRoleAuthBackendRole_full (2.87s)
=== RUN   TestAccAppRoleAuthBackendRole_fullUpdate
--- PASS: TestAccAppRoleAuthBackendRole_fullUpdate (7.61s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault     47.973s

[benashz]

Looking pretty good. I have a few comments/suggestions to look at.

[melbit-michaelw]

Updated output from acceptance tests:

$ TESTARGS="--run AppRoleAuthBackendRole" make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test -v --run AppRoleAuthBackendRole -timeout 30m ./...
?       github.com/hashicorp/terraform-provider-vault   [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/coverage      [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/generate      [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/codegen   (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-vault/generated [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/datasources/transform/decode    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/datasources/transform/encode    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/alphabet    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/role        (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/template    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/generated/resources/transform/transformation      (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-vault/helper    [no test files]
?       github.com/hashicorp/terraform-provider-vault/schema    [no test files]
?       github.com/hashicorp/terraform-provider-vault/testutil  [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-vault/util      (cached) [no tests to run]
=== RUN   TestAccAppRoleAuthBackendRoleID_basic
--- PASS: TestAccAppRoleAuthBackendRoleID_basic (2.44s)
=== RUN   TestAccAppRoleAuthBackendRoleID_customID
--- PASS: TestAccAppRoleAuthBackendRoleID_customID (1.84s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_basic
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_basic (1.23s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_wrapped (1.03s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped_withWrappedAccessor
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_wrapped_withWrappedAccessor (0.98s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace
    testutil.go:57: "TF_ACC_ENTERPRISE" must be set
--- SKIP: TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace (0.00s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace_withWrappedAccessor
    testutil.go:57: "TF_ACC_ENTERPRISE" must be set
--- SKIP: TestAccAppRoleAuthBackendRoleSecretID_wrapped_namespace_withWrappedAccessor (0.00s)
=== RUN   TestAccAppRoleAuthBackendRoleSecretID_full
--- PASS: TestAccAppRoleAuthBackendRoleSecretID_full (1.00s)
=== RUN   TestAccAppRoleAuthBackendRole_import
--- PASS: TestAccAppRoleAuthBackendRole_import (1.23s)
=== RUN   TestAccAppRoleAuthBackendRole_basic
--- PASS: TestAccAppRoleAuthBackendRole_basic (0.95s)
=== RUN   TestAccAppRoleAuthBackendRole_update
--- PASS: TestAccAppRoleAuthBackendRole_update (1.65s)
=== RUN   TestAccAppRoleAuthBackendRole_full
--- PASS: TestAccAppRoleAuthBackendRole_full (0.98s)
=== RUN   TestAccAppRoleAuthBackendRole_fullUpdate
--- PASS: TestAccAppRoleAuthBackendRole_fullUpdate (2.40s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault     16.076s

[hashicorp-cla]

All committers have signed the CLA.

[benashz]

LGTM!

Thank you for your contribution to HashiCorp.

[melbit-michaelw]

@benashz

Hey, could you please confirm that this made it into the 3.4.0 release ? Just confirming, since the changelog for that release doesn't appear to mention it.

Also the documentation hasn't been updated, was I supposed to do that as part of this PR ?

[nvx]

Hey, could you please confirm that this made it into the 3.4.0 release ? Just confirming, since the changelog for that release doesn't appear to mention it.

c324dc8 looks to be included in the v3.4.0 tag at least.

[benashz]

@melbit-michaelw @nvx yes it made it in. Looks like we missed the change log entry. We will correct that on the next patch release.