From d29df90858c38f760c56111035d60b8c902fcf9a Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Tue, 7 Mar 2023 11:34:53 -0800 Subject: [PATCH 01/19] Initial commit for vault_auth_backendsk Signed-off-by: Brian Menges --- vault/data_source_auth_backends.go | 77 ++++++++++++++ vault/data_source_auth_backends_test.go | 135 ++++++++++++++++++++++++ vault/provider.go | 4 + 3 files changed, 216 insertions(+) create mode 100644 vault/data_source_auth_backends.go create mode 100644 vault/data_source_auth_backends_test.go diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go new file mode 100644 index 000000000..3c49daebc --- /dev/null +++ b/vault/data_source_auth_backends.go @@ -0,0 +1,77 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package vault + +import ( + "fmt" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/hashicorp/terraform-provider-vault/internal/provider" +) + +func authBackendsDataSource() *schema.Resource { + return &schema.Resource{ + Read: ReadWrapper(authBackendsDataSourceRead), + Schema: map[string]*schema.Schema{ + "paths": { + Type: schema.TypeList, + Computed: true, + Description: "The auth backend mount points.", + }, + "type": { + Type: schema.TypeString, + Required: false, + Description: "The name of the auth backend.", + }, + "accessors": { + Type: schema.TypeList, + Computed: true, + Description: "The accessors of the auth backends.", + }, + }, + } +} + +func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error { + client, e := provider.GetClient(d, meta) + if e != nil { + return e + } + + targetType := d.Get("type").(string) + + auths, err := client.Sys().ListAuth() + if err != nil { + return fmt.Errorf("error reading from Vault: %s", err) + } + + var paths, accessors []string + + for path, auth := range auths { + path = strings.TrimSuffix(path, "/") + + // If we only want matching mount types + if auth.Type == targetType { + paths = append(paths, path) + accessors = append(accessors, auth.Accessor) + return nil + // If we want all mount types + } else { + paths = append(paths, path) + accessors = append(accessors, auth.Accessor) + return nil + } + } + + // d.SetId() What ID should I set here? + d.SetId(d.Get("FieldAddress").(string)) + d.Set("paths", paths) + d.Set("type", targetType) + d.Set("accessors", accessors) + + // If we fell out here then we didn't find our Auth in the list. + return nil +} diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go new file mode 100644 index 000000000..725ec8dc2 --- /dev/null +++ b/vault/data_source_auth_backends_test.go @@ -0,0 +1,135 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package vault + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + r "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + + "github.com/hashicorp/terraform-provider-vault/testutil" +) + +func TestDataSourceAuthBackends(t *testing.T) { + path := acctest.RandomWithPrefix("foo") + r.Test(t, r.TestCase{ + Providers: testProviders, + PreCheck: func() { testutil.TestAccPreCheck(t) }, + Steps: []r.TestStep{ + { + Config: testDataSourceAuthBackendsBasic_config, + Check: testDataSourceAuthBackends_check, + }, + { + Config: testDataSourceAuthBackends_config(path), + Check: testDataSourceAuthBackends_check, + }, + }, + }) +} + +var testDataSourceAuthBackendsBasic_config = ` + +resource "vault_auth_backend" "test1" { + type = "userpass" + path = "test-up" +} + +resource "vault_auth_backend" "test2" { + type = "userpass" + path = "test-up2" +} + +resource "vault_auth_backend" "test3" { + type = "approle" + path = "test-ar" +} + +resource "vault_auth_backend" "test4" { + type = "approle" + path = "test-ar2" +} + +data "vault_auth_backends" "test" { } + +` + +/* Some work to be done here */ +func testDataSourceAuthBackends_config(path string) string { + return fmt.Sprintf(` +resource "vault_auth_backend" "test" { + path = "%s" + type = "userpass" +} + +data "vault_auth_backend" "test" { + path = vault_auth_backend.test.path +} +`, path) +} + +func testDataSourceAuthBackends_check(s *terraform.State) error { + test1ResourceState := s.Modules[0].Resources["vault_auth_backend.test1"] + test2ResourceState := s.Modules[0].Resources["vault_auth_backend.test2"] + test3ResourceState := s.Modules[0].Resources["vault_auth_backend.test3"] + test4ResourceState := s.Modules[0].Resources["vault_auth_backend.test4"] + + if test1ResourceState == nil { + return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) + } + + if test2ResourceState == nil { + return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) + } + + if test3ResourceState == nil { + return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) + } + + if test4ResourceState == nil { + return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) + } + + test1InstanceState := test1ResourceState.Primary + test2InstanceState := test2ResourceState.Primary + test3InstanceState := test3ResourceState.Primary + test4InstanceState := test4ResourceState.Primary + + if test1InstanceState == nil { + return fmt.Errorf("resource has no primary instance") + } + + if test2InstanceState == nil { + return fmt.Errorf("resource has no primary instance") + } + + if test3InstanceState == nil { + return fmt.Errorf("resource has no primary instance") + } + + if test4InstanceState == nil { + return fmt.Errorf("resource has no primary instance") + } + + resourceState := s.Modules[0].Resources["data.vault_auth_backends.test"] + if resourceState == nil { + return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) + } + + iState := resourceState.Primary + if iState == nil { + return fmt.Errorf("resource has no primary instance") + } + + /* Need to add a test verifying that `type` filter returns only matching types + if got, want := iState.Attributes["type"], "userpass"; got != want { + return fmt.Errorf("type contains %s; want %s", got, want) + } + */ + + return nil +} diff --git a/vault/provider.go b/vault/provider.go index ffaa2f63e..3ea4c94b7 100644 --- a/vault/provider.go +++ b/vault/provider.go @@ -287,6 +287,10 @@ var ( Resource: UpdateSchemaResource(authBackendDataSource()), PathInventory: []string{"/sys/auth"}, }, + "vault_auth_backends": { + Resource: UpdateSchemaResource(authBackendsDataSource()), + PathInventory: []string{"/sys/auth"}, + }, "vault_transit_encrypt": { Resource: UpdateSchemaResource(transitEncryptDataSource()), PathInventory: []string{"/transit/encrypt/{name}"}, From cf6bfdfcf6a47381a0b66ecfc97a2085d5c7d3d3 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Wed, 8 Mar 2023 14:29:19 -0800 Subject: [PATCH 02/19] Further along in tests Signed-off-by: Brian Menges --- vault/data_source_auth_backends.go | 6 +++- vault/data_source_auth_backends_test.go | 47 ++++++++++++++++++------- 2 files changed, 40 insertions(+), 13 deletions(-) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index 3c49daebc..0e53a08f7 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -19,16 +19,20 @@ func authBackendsDataSource() *schema.Resource { "paths": { Type: schema.TypeList, Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, Description: "The auth backend mount points.", }, + "type": { Type: schema.TypeString, - Required: false, + Optional: true, Description: "The name of the auth backend.", }, + "accessors": { Type: schema.TypeList, Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, Description: "The accessors of the auth backends.", }, }, diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index 725ec8dc2..e24e06bbe 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -7,7 +7,6 @@ import ( "fmt" "testing" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" r "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" @@ -15,7 +14,8 @@ import ( ) func TestDataSourceAuthBackends(t *testing.T) { - path := acctest.RandomWithPrefix("foo") + typ := []string{"userpass", "userpass", "approle", "approle"} + path := []string{"foo", "bar", "baz", "boo"} r.Test(t, r.TestCase{ Providers: testProviders, PreCheck: func() { testutil.TestAccPreCheck(t) }, @@ -25,7 +25,7 @@ func TestDataSourceAuthBackends(t *testing.T) { Check: testDataSourceAuthBackends_check, }, { - Config: testDataSourceAuthBackends_config(path), + Config: testDataSourceAuthBackends_config(typ, path), Check: testDataSourceAuthBackends_check, }, }, @@ -59,17 +59,32 @@ data "vault_auth_backends" "test" { } ` /* Some work to be done here */ -func testDataSourceAuthBackends_config(path string) string { +func testDataSourceAuthBackends_config(typ []string, path []string) string { return fmt.Sprintf(` -resource "vault_auth_backend" "test" { +resource "vault_auth_backend" "test1" { path = "%s" - type = "userpass" + type = "%s" +} + +resource "vault_auth_backend" "test2" { + path = "%s" + type = "%s" +} + +resource "vault_auth_backend" "test3" { + path = "%s" + type = "%s" +} + +resource "vault_auth_backend" "test4" { + path = "%s" + type = "%s" } -data "vault_auth_backend" "test" { +data "vault_auth_backends" "test" { path = vault_auth_backend.test.path } -`, path) +`, typ[0], path[0], typ[1], path[1], typ[2], path[2], typ[3], path[3]) } func testDataSourceAuthBackends_check(s *terraform.State) error { @@ -125,11 +140,19 @@ func testDataSourceAuthBackends_check(s *terraform.State) error { return fmt.Errorf("resource has no primary instance") } - /* Need to add a test verifying that `type` filter returns only matching types - if got, want := iState.Attributes["type"], "userpass"; got != want { - return fmt.Errorf("type contains %s; want %s", got, want) + if got, want := len(iState.Attributes["paths"]), len(iState.Attributes["accessors"]); got != want { + return fmt.Errorf("length of paths is %d; length of accessors is %d; must match", got, want) + } + + if iState.Attributes["type"] == "" { + if got, want := len(iState.Attributes["paths"]), 4; got != want { + return fmt.Errorf("length of paths is %d; want %d", got, want) + } + } else { + if got, want := len(iState.Attributes["paths"]), 2; got != want { + return fmt.Errorf("length of paths is %d; want %d", got, want) + } } - */ return nil } From a279ae0de96c4182a0980b73edfba488e38fac4d Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Tue, 4 Apr 2023 10:31:07 -0700 Subject: [PATCH 03/19] Push hard set of id Signed-off-by: Brian Menges --- vault/data_source_auth_backends.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index 0e53a08f7..9c0104369 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -22,13 +22,11 @@ func authBackendsDataSource() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Description: "The auth backend mount points.", }, - "type": { Type: schema.TypeString, Optional: true, Description: "The name of the auth backend.", }, - "accessors": { Type: schema.TypeList, Computed: true, @@ -57,13 +55,13 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error for path, auth := range auths { path = strings.TrimSuffix(path, "/") - // If we only want matching mount types if auth.Type == targetType { + // If we only want matching mount types paths = append(paths, path) accessors = append(accessors, auth.Accessor) return nil - // If we want all mount types } else { + // If we want all mount types paths = append(paths, path) accessors = append(accessors, auth.Accessor) return nil @@ -71,7 +69,8 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error } // d.SetId() What ID should I set here? - d.SetId(d.Get("FieldAddress").(string)) + d.SetId("default") + //d.SetId(*meta.().(string)) d.Set("paths", paths) d.Set("type", targetType) d.Set("accessors", accessors) From caab2d6db261f4731b9ec10397ddcd2b5d29cba4 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Wed, 5 Apr 2023 11:50:59 -0700 Subject: [PATCH 04/19] Fixup syntax mistakes and errors Signed-off-by: Brian Menges --- vault/data_source_auth_backends.go | 12 +-- vault/data_source_auth_backends_test.go | 114 +++++++++--------------- 2 files changed, 47 insertions(+), 79 deletions(-) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index 9c0104369..efcf57b82 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -53,24 +53,20 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error var paths, accessors []string for path, auth := range auths { + path = strings.TrimSuffix(path, "/") - if auth.Type == targetType { - // If we only want matching mount types + if targetType == "" { paths = append(paths, path) accessors = append(accessors, auth.Accessor) - return nil - } else { - // If we want all mount types + } else if auth.Type == targetType { paths = append(paths, path) accessors = append(accessors, auth.Accessor) - return nil } } - // d.SetId() What ID should I set here? + // Single instance data source - defaulting ID to 'default' d.SetId("default") - //d.SetId(*meta.().(string)) d.Set("paths", paths) d.Set("type", targetType) d.Set("accessors", accessors) diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index e24e06bbe..28250759a 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -14,8 +14,9 @@ import ( ) func TestDataSourceAuthBackends(t *testing.T) { - typ := []string{"userpass", "userpass", "approle", "approle"} - path := []string{"foo", "bar", "baz", "boo"} + typ := "userpass" + path := []string{"foo", "bar"} + r.Test(t, r.TestCase{ Providers: testProviders, PreCheck: func() { testutil.TestAccPreCheck(t) }, @@ -25,7 +26,7 @@ func TestDataSourceAuthBackends(t *testing.T) { Check: testDataSourceAuthBackends_check, }, { - Config: testDataSourceAuthBackends_config(typ, path), + Config: testDataSourceAuthBackends_config(path, typ), Check: testDataSourceAuthBackends_check, }, }, @@ -34,99 +35,65 @@ func TestDataSourceAuthBackends(t *testing.T) { var testDataSourceAuthBackendsBasic_config = ` -resource "vault_auth_backend" "test1" { +resource "vault_auth_backend" "test-foo" { type = "userpass" - path = "test-up" } -resource "vault_auth_backend" "test2" { - type = "userpass" - path = "test-up2" -} - -resource "vault_auth_backend" "test3" { +resource "vault_auth_backend" "test-bar" { type = "approle" - path = "test-ar" } -resource "vault_auth_backend" "test4" { - type = "approle" - path = "test-ar2" +data "vault_auth_backends" "test" { + depends_on = [ + "vault_auth_backend.test-foo", + "vault_auth_backend.test-bar", + ] } -data "vault_auth_backends" "test" { } - ` -/* Some work to be done here */ -func testDataSourceAuthBackends_config(typ []string, path []string) string { +func testDataSourceAuthBackends_config(path []string, typ string) string { return fmt.Sprintf(` -resource "vault_auth_backend" "test1" { +resource "vault_auth_backend" "test-foo" { path = "%s" - type = "%s" -} - -resource "vault_auth_backend" "test2" { - path = "%s" - type = "%s" -} - -resource "vault_auth_backend" "test3" { - path = "%s" - type = "%s" + type = "userpass" } -resource "vault_auth_backend" "test4" { +resource "vault_auth_backend" "test-bar" { path = "%s" - type = "%s" + type = "approle" } data "vault_auth_backends" "test" { - path = vault_auth_backend.test.path + depends_on = [ + "vault_auth_backend.test-foo", + "vault_auth_backend.test-bar", + ] + type = "%s" } -`, typ[0], path[0], typ[1], path[1], typ[2], path[2], typ[3], path[3]) +`, path[0], path[1], typ) } func testDataSourceAuthBackends_check(s *terraform.State) error { - test1ResourceState := s.Modules[0].Resources["vault_auth_backend.test1"] - test2ResourceState := s.Modules[0].Resources["vault_auth_backend.test2"] - test3ResourceState := s.Modules[0].Resources["vault_auth_backend.test3"] - test4ResourceState := s.Modules[0].Resources["vault_auth_backend.test4"] - - if test1ResourceState == nil { - return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) - } - - if test2ResourceState == nil { - return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) - } + testFooResourceState := s.Modules[0].Resources["vault_auth_backend.test-foo"] + testBarResourceState := s.Modules[0].Resources["vault_auth_backend.test-bar"] - if test3ResourceState == nil { + if testFooResourceState == nil { return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) } - if test4ResourceState == nil { + if testBarResourceState == nil { return fmt.Errorf("resource not found in state %v", s.Modules[0].Resources) } - test1InstanceState := test1ResourceState.Primary - test2InstanceState := test2ResourceState.Primary - test3InstanceState := test3ResourceState.Primary - test4InstanceState := test4ResourceState.Primary + testFooInstanceState := testFooResourceState.Primary + testBarInstanceState := testBarResourceState.Primary - if test1InstanceState == nil { + if testFooInstanceState == nil { return fmt.Errorf("resource has no primary instance") } - if test2InstanceState == nil { - return fmt.Errorf("resource has no primary instance") - } - - if test3InstanceState == nil { - return fmt.Errorf("resource has no primary instance") - } - - if test4InstanceState == nil { + if testBarInstanceState == nil { return fmt.Errorf("resource has no primary instance") } @@ -144,15 +111,20 @@ func testDataSourceAuthBackends_check(s *terraform.State) error { return fmt.Errorf("length of paths is %d; length of accessors is %d; must match", got, want) } - if iState.Attributes["type"] == "" { - if got, want := len(iState.Attributes["paths"]), 4; got != want { - return fmt.Errorf("length of paths is %d; want %d", got, want) + fmt.Printf("Length of paths is %d\nType is %s", len(iState.Attributes["paths"]), iState.Attributes["type"]) + + // These are not working as expected + /* + if iState.Attributes["type"] == "userpass" { + if got, want := len(iState.Attributes["paths"]), 1; got != want { + return fmt.Errorf("2 length of paths is %d; want %d", got, want) + } + } else { + if got, want := len(iState.Attributes["paths"]), 3; got != want { + return fmt.Errorf("3 length of paths is %d; want %d", got, want) + } } - } else { - if got, want := len(iState.Attributes["paths"]), 2; got != want { - return fmt.Errorf("length of paths is %d; want %d", got, want) - } - } + */ return nil } From 4344694111ae4d9b69f700fba7a21bb0c2e61cde Mon Sep 17 00:00:00 2001 From: JM Faircloth Date: Fri, 21 Apr 2023 10:54:24 -0500 Subject: [PATCH 05/19] wip: help oss datasource auth backends --- vault/data_source_auth_backends.go | 79 ++++++++++++++++++++ vault/data_source_auth_backends_test.go | 96 +++++++++++++++++++++++++ vault/provider.go | 4 ++ 3 files changed, 179 insertions(+) create mode 100644 vault/data_source_auth_backends.go create mode 100644 vault/data_source_auth_backends_test.go diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go new file mode 100644 index 000000000..ead2a9068 --- /dev/null +++ b/vault/data_source_auth_backends.go @@ -0,0 +1,79 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package vault + +import ( + "fmt" + "sort" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/hashicorp/terraform-provider-vault/internal/provider" +) + +func authBackendsDataSource() *schema.Resource { + return &schema.Resource{ + Read: ReadWrapper(authBackendsDataSourceRead), + Schema: map[string]*schema.Schema{ + "paths": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "The auth backend mount points.", + }, + "type": { + Type: schema.TypeString, + Optional: true, + Description: "The name of the auth backend.", + }, + "accessors": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "The accessors of the auth backends.", + }, + }, + } +} + +func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error { + client, e := provider.GetClient(d, meta) + if e != nil { + return e + } + + targetType := d.Get("type").(string) + fmt.Printf("\n\n%#+v\n\n", targetType) + + auths, err := client.Sys().ListAuth() + if err != nil { + return fmt.Errorf("error reading from Vault: %s", err) + } + + var paths, accessors []string + + for path, auth := range auths { + + path = strings.TrimSuffix(path, "/") + + if targetType == "" { + paths = append(paths, path) + accessors = append(accessors, auth.Accessor) + sort.Strings(paths) + } else if auth.Type == targetType { + paths = append(paths, path) + accessors = append(accessors, auth.Accessor) + } + } + + // Single instance data source - defaulting ID to 'default' + d.SetId("default") + d.Set("paths", paths) + d.Set("type", targetType) + d.Set("accessors", accessors) + + // If we fell out here then we didn't find our Auth in the list. + return nil +} diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go new file mode 100644 index 000000000..13f57d57d --- /dev/null +++ b/vault/data_source_auth_backends_test.go @@ -0,0 +1,96 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package vault + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + r "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/hashicorp/terraform-provider-vault/testutil" +) + +func TestDataSourceAuthBackends(t *testing.T) { + userpassPath := acctest.RandomWithPrefix("foo") + approlePath := acctest.RandomWithPrefix("foo") + ds := "data.vault_auth_backends.test" + + r.Test(t, r.TestCase{ + Providers: testProviders, + PreCheck: func() { testutil.TestAccPreCheck(t) }, + Steps: []r.TestStep{ + { + Config: testDataSourceAuthBackendsBasic, + // The token auth method is built-in and automatically enabled + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(ds, "paths.#", "1"), + resource.TestCheckResourceAttr(ds, "paths.0", "token"), + resource.TestCheckResourceAttr(ds, "accessors.#", "1"), + ), + }, + { + Config: testDataSourceAuthBackendsBasic_config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(ds, "paths.#", "3"), + resource.TestCheckResourceAttr(ds, "paths.0", "approle"), + resource.TestCheckResourceAttr(ds, "paths.1", "token"), + resource.TestCheckResourceAttr(ds, "paths.2", "userpass"), + resource.TestCheckResourceAttr(ds, "accessors.#", "3"), + resource.TestCheckResourceAttr(ds, "type", ""), + ), + }, + { + Config: testDataSourceAuthBackends_config([]string{userpassPath, approlePath}, "userpass"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(ds, "paths.#", "1"), + resource.TestCheckResourceAttr(ds, "paths.0", userpassPath), + resource.TestCheckResourceAttr(ds, "accessors.#", "1"), + resource.TestCheckResourceAttr(ds, "type", "userpass"), + ), + }, + }, + }) +} + +var testDataSourceAuthBackendsBasic = ` +data "vault_auth_backends" "test" {} +` + +var testDataSourceAuthBackendsBasic_config = ` +resource "vault_auth_backend" "userpass" { + type = "userpass" +} +resource "vault_auth_backend" "approle" { + type = "approle" +} +data "vault_auth_backends" "test" { + depends_on = [ + "vault_auth_backend.userpass", + "vault_auth_backend.approle", + ] +} +` + +func testDataSourceAuthBackends_config(path []string, typ string) string { + return fmt.Sprintf(` +resource "vault_auth_backend" "test-foo" { + path = "%s" + type = "userpass" +} +resource "vault_auth_backend" "test-bar" { + path = "%s" + type = "approle" +} +data "vault_auth_backends" "test" { + depends_on = [ + "vault_auth_backend.test-foo", + "vault_auth_backend.test-bar", + ] + type = "%s" +} +`, path[0], path[1], typ) +} diff --git a/vault/provider.go b/vault/provider.go index c92e61291..a2d643799 100644 --- a/vault/provider.go +++ b/vault/provider.go @@ -287,6 +287,10 @@ var ( Resource: UpdateSchemaResource(authBackendDataSource()), PathInventory: []string{"/sys/auth"}, }, + "vault_auth_backends": { + Resource: UpdateSchemaResource(authBackendsDataSource()), + PathInventory: []string{"/sys/auth"}, + }, "vault_transit_encrypt": { Resource: UpdateSchemaResource(transitEncryptDataSource()), PathInventory: []string{"/transit/encrypt/{name}"}, From 56dfa7243933d4376fe998dcec2df4e31d6241d0 Mon Sep 17 00:00:00 2001 From: JM Faircloth Date: Fri, 21 Apr 2023 10:58:14 -0500 Subject: [PATCH 06/19] remove printf --- vault/data_source_auth_backends.go | 1 - 1 file changed, 1 deletion(-) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index ead2a9068..eb9d7bf09 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -45,7 +45,6 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error } targetType := d.Get("type").(string) - fmt.Printf("\n\n%#+v\n\n", targetType) auths, err := client.Sys().ListAuth() if err != nil { From 9f18de32176e3e5cb6b5e8bf89df7bce3937b97a Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 21 Apr 2023 09:24:58 -0700 Subject: [PATCH 07/19] Cleanup, debugging --- vault/data_source_auth_backends_test.go | 40 +++++++++++++++++-------- 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index 28250759a..68f33ca00 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -107,23 +107,39 @@ func testDataSourceAuthBackends_check(s *terraform.State) error { return fmt.Errorf("resource has no primary instance") } + // Debug message lines + fmt.Println("-----------------------") + fmt.Println(resourceState.Primary.Attributes["paths"]) + fmt.Println(iState.Attributes) + fmt.Println(iState.Attributes["paths"]) + fmt.Println(iState.Attributes["id"]) + fmt.Println("-----------------------") + + // len(paths) == len(accessors) always if got, want := len(iState.Attributes["paths"]), len(iState.Attributes["accessors"]); got != want { return fmt.Errorf("length of paths is %d; length of accessors is %d; must match", got, want) } - fmt.Printf("Length of paths is %d\nType is %s", len(iState.Attributes["paths"]), iState.Attributes["type"]) - - // These are not working as expected - /* - if iState.Attributes["type"] == "userpass" { - if got, want := len(iState.Attributes["paths"]), 1; got != want { - return fmt.Errorf("2 length of paths is %d; want %d", got, want) - } - } else { - if got, want := len(iState.Attributes["paths"]), 3; got != want { - return fmt.Errorf("3 length of paths is %d; want %d", got, want) - } + if got, want := iState.Attributes["id"], "default"; got != want { + return fmt.Errorf("id contains %s; want %s", got, want) + } + + if got := len(iState.Attributes["paths"]); got < 1 { + return fmt.Errorf("There should be more than 0 paths, got %d; %s", got, iState.Attributes["paths"]) + } + + /* These are not working as expected + if iState.Attributes["type"] == "userpass" { + if got, want := len(iState.Attributes["paths"]), 1; got != want { + return fmt.Errorf("length of paths is %d; want %d", got, want) + } + } else if iState.Attributes["type"] == "" { + if got, want := len(iState.Attributes["paths"]), 3; got != want { + return fmt.Errorf("3 length of paths is %d; want %d", got, want) } + } else { + return fmt.Errorf("We should not be here") + } */ return nil From 98bbc494da93e4742fdd896d549b5ecd91a55443 Mon Sep 17 00:00:00 2001 From: JM Faircloth Date: Fri, 21 Apr 2023 11:27:37 -0500 Subject: [PATCH 08/19] add comment on sort --- vault/data_source_auth_backends.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index eb9d7bf09..7c02c59db 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -60,6 +60,8 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error if targetType == "" { paths = append(paths, path) accessors = append(accessors, auth.Accessor) + // we do this to make test assertions easier + // this is not required sort.Strings(paths) } else if auth.Type == targetType { paths = append(paths, path) From 2675daaf1cb55e687a22e4e6715f6592f7838fe0 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 21 Apr 2023 11:02:29 -0700 Subject: [PATCH 09/19] Add documentation Signed-off-by: Brian Menges --- website/docs/d/auth_backends.html.md | 39 ++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 website/docs/d/auth_backends.html.md diff --git a/website/docs/d/auth_backends.html.md b/website/docs/d/auth_backends.html.md new file mode 100644 index 000000000..bfbb2133c --- /dev/null +++ b/website/docs/d/auth_backends.html.md @@ -0,0 +1,39 @@ +--- +layout: "vault" +page_title: "Vault: vault_auth_backends data source" +sidebar_current: "docs-vault-datasource-auth-backends" +description: |- + List Auth Backends from Vault +--- + +# vault\_auth\_backends + +## Example Usage + +```hcl +data "vault_auth_backends" "example" {} +``` + +```hcl +data "vault_auth_backends" "example-filter" { + type = "kubernetes" +} + +## Argument Reference + +The following arguments are supported: + +* `namespace` - (Optional) The namespace of the target resource. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](/docs/providers/vault#namespace). + *Available only for Vault Enterprise*. + +* `type` - (Optional) The name of the auth method type. + +## Attributes Reference + +In addition to the fields above, the following attributes are exported: + +* `accessors` - The accessors for this auth methods. + +* `paths` - List of auth backend mount points. From cf1e7278824c0248c9be9331e61b38c852674452 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Thu, 11 May 2023 13:36:48 -0700 Subject: [PATCH 10/19] Update vault/data_source_auth_backends_test.go quoted references deprecated Co-authored-by: John-Michael Faircloth --- vault/data_source_auth_backends_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index 13f57d57d..8e6dda019 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -87,8 +87,8 @@ resource "vault_auth_backend" "test-bar" { } data "vault_auth_backends" "test" { depends_on = [ - "vault_auth_backend.test-foo", - "vault_auth_backend.test-bar", + vault_auth_backend.test-foo, + vault_auth_backend.test-bar, ] type = "%s" } From a009ab84a8f253c3a49b41d2f358ad13c02f285a Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Thu, 11 May 2023 13:40:51 -0700 Subject: [PATCH 11/19] Update vault/data_source_auth_backends.go Use consts Co-authored-by: John-Michael Faircloth --- vault/data_source_auth_backends.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index 7c02c59db..a1d685b11 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -23,7 +23,7 @@ func authBackendsDataSource() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Description: "The auth backend mount points.", }, - "type": { + consts.FieldType: { Type: schema.TypeString, Optional: true, Description: "The name of the auth backend.", From 33f7f1249d181ca7110fc0ff9464825d7843f83d Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Thu, 11 May 2023 15:11:03 -0700 Subject: [PATCH 12/19] Add FieldPaths to consts Signed-off-by: Brian Menges --- internal/consts/consts.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/consts/consts.go b/internal/consts/consts.go index 311ae6ede..45d89ddeb 100644 --- a/internal/consts/consts.go +++ b/internal/consts/consts.go @@ -8,6 +8,7 @@ const ( common field names */ FieldPath = "path" + FieldPaths = "paths" FieldParameters = "parameters" FieldMethod = "method" FieldNamespace = "namespace" From bbd9f4a4ff5b5424e261a74c83fd9d836fa6f458 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Thu, 11 May 2023 15:13:36 -0700 Subject: [PATCH 13/19] Update data source to use consts * Include consts * Rename accessors to auth_method_accessors per consts * Update tests to reflect changes using consts * Update documentation Signed-off-by: Brian Menges --- vault/data_source_auth_backends.go | 12 ++++++------ vault/data_source_auth_backends_test.go | 10 +++++----- website/docs/d/auth_backends.html.md | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index a1d685b11..44c478fc7 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -9,7 +9,7 @@ import ( "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - + "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" ) @@ -17,7 +17,7 @@ func authBackendsDataSource() *schema.Resource { return &schema.Resource{ Read: ReadWrapper(authBackendsDataSourceRead), Schema: map[string]*schema.Schema{ - "paths": { + consts.FieldPaths: { Type: schema.TypeList, Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, @@ -26,9 +26,10 @@ func authBackendsDataSource() *schema.Resource { consts.FieldType: { Type: schema.TypeString, Optional: true, - Description: "The name of the auth backend.", + Description: "The type of the auth backend.", }, - "accessors": { + consts.FieldAuthMethodAccessors: { + //"accessors": { Type: schema.TypeList, Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, @@ -73,8 +74,7 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error d.SetId("default") d.Set("paths", paths) d.Set("type", targetType) - d.Set("accessors", accessors) + d.Set("auth_method_accessors", accessors) - // If we fell out here then we didn't find our Auth in the list. return nil } diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index 8e6dda019..1020dff0f 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -29,7 +29,7 @@ func TestDataSourceAuthBackends(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(ds, "paths.#", "1"), resource.TestCheckResourceAttr(ds, "paths.0", "token"), - resource.TestCheckResourceAttr(ds, "accessors.#", "1"), + resource.TestCheckResourceAttr(ds, "auth_method_accessors.#", "1"), ), }, { @@ -39,7 +39,7 @@ func TestDataSourceAuthBackends(t *testing.T) { resource.TestCheckResourceAttr(ds, "paths.0", "approle"), resource.TestCheckResourceAttr(ds, "paths.1", "token"), resource.TestCheckResourceAttr(ds, "paths.2", "userpass"), - resource.TestCheckResourceAttr(ds, "accessors.#", "3"), + resource.TestCheckResourceAttr(ds, "auth_method_accessors.#", "3"), resource.TestCheckResourceAttr(ds, "type", ""), ), }, @@ -48,7 +48,7 @@ func TestDataSourceAuthBackends(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(ds, "paths.#", "1"), resource.TestCheckResourceAttr(ds, "paths.0", userpassPath), - resource.TestCheckResourceAttr(ds, "accessors.#", "1"), + resource.TestCheckResourceAttr(ds, "auth_method_accessors.#", "1"), resource.TestCheckResourceAttr(ds, "type", "userpass"), ), }, @@ -69,8 +69,8 @@ resource "vault_auth_backend" "approle" { } data "vault_auth_backends" "test" { depends_on = [ - "vault_auth_backend.userpass", - "vault_auth_backend.approle", + vault_auth_backend.userpass, + vault_auth_backend.approle, ] } ` diff --git a/website/docs/d/auth_backends.html.md b/website/docs/d/auth_backends.html.md index bfbb2133c..55092043f 100644 --- a/website/docs/d/auth_backends.html.md +++ b/website/docs/d/auth_backends.html.md @@ -28,12 +28,12 @@ The following arguments are supported: The `namespace` is always relative to the provider's configured [namespace](/docs/providers/vault#namespace). *Available only for Vault Enterprise*. -* `type` - (Optional) The name of the auth method type. +* `type` - (Optional) The name of the auth method type. Allows filtering of backends returned by type. ## Attributes Reference In addition to the fields above, the following attributes are exported: -* `accessors` - The accessors for this auth methods. +* `auth_method_accessors` - The accessor IDs for the auth methods. * `paths` - List of auth backend mount points. From c6c844605693a3d39af0d1d6fd66eb6816c55af7 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 12 May 2023 11:21:08 -0700 Subject: [PATCH 14/19] Update vault/data_source_auth_backends.go Co-authored-by: John-Michael Faircloth --- vault/data_source_auth_backends.go | 1 - 1 file changed, 1 deletion(-) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index 44c478fc7..c83590b94 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -29,7 +29,6 @@ func authBackendsDataSource() *schema.Resource { Description: "The type of the auth backend.", }, consts.FieldAuthMethodAccessors: { - //"accessors": { Type: schema.TypeList, Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, From 957d3f6e95136a5a81445ca83628efc096b07330 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 12 May 2023 11:29:04 -0700 Subject: [PATCH 15/19] Use new acccessors const over auth_method_accessors Signed-off-by: Brian Menges --- internal/consts/consts.go | 1 + vault/data_source_auth_backends.go | 4 ++-- vault/data_source_auth_backends_test.go | 6 +++--- website/docs/d/auth_backends.html.md | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/internal/consts/consts.go b/internal/consts/consts.go index 45d89ddeb..2fe12efcf 100644 --- a/internal/consts/consts.go +++ b/internal/consts/consts.go @@ -158,6 +158,7 @@ const ( FieldType = "type" FieldMethodID = "method_id" FieldMFAMethodIDs = "mfa_method_ids" + FieldAccessors = "accessors" FieldAuthMethodAccessors = "auth_method_accessors" FieldAuthMethodTypes = "auth_method_types" FieldIdentityGroupIDs = "identity_group_ids" diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index c83590b94..66b43df10 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -28,7 +28,7 @@ func authBackendsDataSource() *schema.Resource { Optional: true, Description: "The type of the auth backend.", }, - consts.FieldAuthMethodAccessors: { + consts.FieldAccessors: { Type: schema.TypeList, Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, @@ -73,7 +73,7 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error d.SetId("default") d.Set("paths", paths) d.Set("type", targetType) - d.Set("auth_method_accessors", accessors) + d.Set("accessors", accessors) return nil } diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index 1020dff0f..790d0e762 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -29,7 +29,7 @@ func TestDataSourceAuthBackends(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(ds, "paths.#", "1"), resource.TestCheckResourceAttr(ds, "paths.0", "token"), - resource.TestCheckResourceAttr(ds, "auth_method_accessors.#", "1"), + resource.TestCheckResourceAttr(ds, "accessors.#", "1"), ), }, { @@ -39,7 +39,7 @@ func TestDataSourceAuthBackends(t *testing.T) { resource.TestCheckResourceAttr(ds, "paths.0", "approle"), resource.TestCheckResourceAttr(ds, "paths.1", "token"), resource.TestCheckResourceAttr(ds, "paths.2", "userpass"), - resource.TestCheckResourceAttr(ds, "auth_method_accessors.#", "3"), + resource.TestCheckResourceAttr(ds, "accessors.#", "3"), resource.TestCheckResourceAttr(ds, "type", ""), ), }, @@ -48,7 +48,7 @@ func TestDataSourceAuthBackends(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(ds, "paths.#", "1"), resource.TestCheckResourceAttr(ds, "paths.0", userpassPath), - resource.TestCheckResourceAttr(ds, "auth_method_accessors.#", "1"), + resource.TestCheckResourceAttr(ds, "accessors.#", "1"), resource.TestCheckResourceAttr(ds, "type", "userpass"), ), }, diff --git a/website/docs/d/auth_backends.html.md b/website/docs/d/auth_backends.html.md index 55092043f..239888a61 100644 --- a/website/docs/d/auth_backends.html.md +++ b/website/docs/d/auth_backends.html.md @@ -34,6 +34,6 @@ The following arguments are supported: In addition to the fields above, the following attributes are exported: -* `auth_method_accessors` - The accessor IDs for the auth methods. +* `accessors` - The accessor IDs for the auth methods. * `paths` - List of auth backend mount points. From 0fb01c9f5a21f320558b03bca96bfdf716a51ddd Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 12 May 2023 11:36:35 -0700 Subject: [PATCH 16/19] Remove duplicate import for terraform-plugin-sdk/v2/helper/resource Signed-off-by: Brian Menges --- vault/data_source_auth_backends_test.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index 790d0e762..1f11e95a2 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -9,8 +9,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - r "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-provider-vault/testutil" ) @@ -19,10 +17,10 @@ func TestDataSourceAuthBackends(t *testing.T) { approlePath := acctest.RandomWithPrefix("foo") ds := "data.vault_auth_backends.test" - r.Test(t, r.TestCase{ + resource.Test(t, resource.TestCase{ Providers: testProviders, PreCheck: func() { testutil.TestAccPreCheck(t) }, - Steps: []r.TestStep{ + Steps: []resource.TestStep{ { Config: testDataSourceAuthBackendsBasic, // The token auth method is built-in and automatically enabled From 21778bfc324633b8f610bd2d93e5617922b1bbd9 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 12 May 2023 11:47:40 -0700 Subject: [PATCH 17/19] Update tests to use consts Signed-off-by: Brian Menges --- vault/data_source_auth_backends_test.go | 27 +++++++++++++------------ 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index 1f11e95a2..98cb7296d 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/testutil" ) @@ -25,29 +26,29 @@ func TestDataSourceAuthBackends(t *testing.T) { Config: testDataSourceAuthBackendsBasic, // The token auth method is built-in and automatically enabled Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr(ds, "paths.#", "1"), - resource.TestCheckResourceAttr(ds, "paths.0", "token"), - resource.TestCheckResourceAttr(ds, "accessors.#", "1"), + resource.TestCheckResourceAttr(ds, consts.FieldPaths+".#", "1"), + resource.TestCheckResourceAttr(ds, consts.FieldPaths+".0", "token"), + resource.TestCheckResourceAttr(ds, consts.FieldAccessors+".#", "1"), ), }, { Config: testDataSourceAuthBackendsBasic_config, Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr(ds, "paths.#", "3"), - resource.TestCheckResourceAttr(ds, "paths.0", "approle"), - resource.TestCheckResourceAttr(ds, "paths.1", "token"), - resource.TestCheckResourceAttr(ds, "paths.2", "userpass"), - resource.TestCheckResourceAttr(ds, "accessors.#", "3"), - resource.TestCheckResourceAttr(ds, "type", ""), + resource.TestCheckResourceAttr(ds, consts.FieldPaths+".#", "3"), + resource.TestCheckResourceAttr(ds, consts.FieldPaths+".0", "approle"), + resource.TestCheckResourceAttr(ds, consts.FieldPaths+".1", "token"), + resource.TestCheckResourceAttr(ds, consts.FieldPaths+".2", "userpass"), + resource.TestCheckResourceAttr(ds, consts.FieldAccessors+".#", "3"), + resource.TestCheckResourceAttr(ds, consts.FieldType, ""), ), }, { Config: testDataSourceAuthBackends_config([]string{userpassPath, approlePath}, "userpass"), Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr(ds, "paths.#", "1"), - resource.TestCheckResourceAttr(ds, "paths.0", userpassPath), - resource.TestCheckResourceAttr(ds, "accessors.#", "1"), - resource.TestCheckResourceAttr(ds, "type", "userpass"), + resource.TestCheckResourceAttr(ds, consts.FieldPaths+".#", "1"), + resource.TestCheckResourceAttr(ds, consts.FieldPaths+".0", userpassPath), + resource.TestCheckResourceAttr(ds, consts.FieldAccessors+".#", "1"), + resource.TestCheckResourceAttr(ds, consts.FieldType, "userpass"), ), }, }, From e9913c605441103935ea5cecc37babb516b307cf Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 12 May 2023 12:53:47 -0700 Subject: [PATCH 18/19] Remove sort, use more consts Signed-off-by: Brian Menges --- vault/data_source_auth_backends.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/vault/data_source_auth_backends.go b/vault/data_source_auth_backends.go index 66b43df10..031da131f 100644 --- a/vault/data_source_auth_backends.go +++ b/vault/data_source_auth_backends.go @@ -5,7 +5,6 @@ package vault import ( "fmt" - "sort" "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -60,9 +59,6 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error if targetType == "" { paths = append(paths, path) accessors = append(accessors, auth.Accessor) - // we do this to make test assertions easier - // this is not required - sort.Strings(paths) } else if auth.Type == targetType { paths = append(paths, path) accessors = append(accessors, auth.Accessor) @@ -71,9 +67,9 @@ func authBackendsDataSourceRead(d *schema.ResourceData, meta interface{}) error // Single instance data source - defaulting ID to 'default' d.SetId("default") - d.Set("paths", paths) - d.Set("type", targetType) - d.Set("accessors", accessors) + d.Set(consts.FieldPaths, paths) + d.Set(consts.FieldType, targetType) + d.Set(consts.FieldAccessors, accessors) return nil } From a1f2601747158e08aae09e7a925b8d1a92ed3b85 Mon Sep 17 00:00:00 2001 From: Brian Menges Date: Fri, 12 May 2023 12:54:22 -0700 Subject: [PATCH 19/19] Update tests with removal of unnecessary sort in data source Signed-off-by: Brian Menges --- vault/data_source_auth_backends_test.go | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/vault/data_source_auth_backends_test.go b/vault/data_source_auth_backends_test.go index 98cb7296d..64fac0b45 100644 --- a/vault/data_source_auth_backends_test.go +++ b/vault/data_source_auth_backends_test.go @@ -35,11 +35,12 @@ func TestDataSourceAuthBackends(t *testing.T) { Config: testDataSourceAuthBackendsBasic_config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(ds, consts.FieldPaths+".#", "3"), - resource.TestCheckResourceAttr(ds, consts.FieldPaths+".0", "approle"), - resource.TestCheckResourceAttr(ds, consts.FieldPaths+".1", "token"), - resource.TestCheckResourceAttr(ds, consts.FieldPaths+".2", "userpass"), resource.TestCheckResourceAttr(ds, consts.FieldAccessors+".#", "3"), resource.TestCheckResourceAttr(ds, consts.FieldType, ""), + // Using sorted outputs for testing consistency; API returns unsorted + resource.TestCheckOutput(consts.FieldPath+"0", "approle"), + resource.TestCheckOutput(consts.FieldPath+"1", "token"), + resource.TestCheckOutput(consts.FieldPath+"2", "userpass"), ), }, { @@ -72,6 +73,15 @@ data "vault_auth_backends" "test" { vault_auth_backend.approle, ] } +output "path0" { + value = sort(data.vault_auth_backends.test.paths).0 +} +output "path1" { + value = sort(data.vault_auth_backends.test.paths).1 +} +output "path2" { + value = sort(data.vault_auth_backends.test.paths).2 +} ` func testDataSourceAuthBackends_config(path []string, typ string) string {