Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add allowed_email_sans field to write and update functions of vault_cert_auth_backend_role #1140

Merged
merged 1 commit into from
Sep 8, 2023
Merged

Add allowed_email_sans field to write and update functions of vault_cert_auth_backend_role #1140

merged 1 commit into from
Sep 8, 2023

Conversation

jseuren-exonet
Copy link
Contributor

#282 introduced many missing optional parameters in vault_cert_auth_backend_role, but missed validating and reading the allowed_email_sans field in the certAuthResourceUpdate and certAuthResourceWrite functions. Terraform currently correctly reads and plans for updating allowed_email_sans, but never actually does it.

For example, locally I have defined a set of emails that are added to the allowed_common_names parameter and allowed_email_sans. Only allowed_common_names is created/updated. allowed_email_sans is not.

locals {
  allowed_emails = ['a@b.example', 'b@b.example']
}
resource "vault_cert_auth_backend_role" "employee-cert-auth" { 
  # other stuff defined here
  allowed_common_names = locals.allowed_emails
  allowed_email_sans   = locals.allowed_emails
}

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Release note for CHANGELOG:

Add allowed_email_sans field to write and update functions of vault_cert_auth_backend_role so that allowed_email_sans is actually created and updated.

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccXXX'
I did not run this.

@jseuren-exonet
Add missing allowed_email_sans field to write and update functions of…
4bc9d65 
… vault_cert_auth_backend_role

hashicorp#282 introduced many missing optional parameters in vault_cert_auth_backend_role, but missed validating and reading the `allowed_email_sans` field in the `certAuthResourceUpdate` and `certAuthResourceWrite` functions. Terraform currently correctly reads and plans for updating `allowed_email_sans`, but never actually does it.

For example, locally I have defined a set of emails that are added to the `allowed_common_names` parameter and `allowed_email_sans`. Only `allowed_common_names` is created/updated. `allowed_email_sans` is not.

```
locals {
  allowed_emails = ['a@b.example', 'b@b.example']
}
resource "vault_cert_auth_backend_role" "employee-cert-auth" { 
  # other stuff defined here
  allowed_common_names = locals.allowed_emails
  allowed_email_sans   = locals.allowed_emails
}
```
@hashicorp-cla
Copy link

hashicorp-cla commented Aug 9, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

fairclothjm
fairclothjm approved these changes Sep 8, 2023
View reviewed changes
Copy link
Contributor

@fairclothjm fairclothjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@fairclothjm fairclothjm merged commit bfeb7f5 into hashicorp:main Sep 8, 2023
@fairclothjm fairclothjm added this to the 3.21.0 milestone Sep 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fairclothjm fairclothjm fairclothjm approved these changes

Assignees
No one assigned
Labels
size/XS
Projects
None yet
Milestone
3.21.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jseuren-exonet @hashicorp-cla @fairclothjm