diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b77db90..51bbf1d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ Canonical reference for changes, improvements, and bugfixes for the Boundary Terraform provider. +## Next + +### Deprecations/Changes + +* Deprecate `application_credential_source_ids` of the `target` resource + ([PR](https://github.com/hashicorp/terraform-provider-boundary/pull/260)). + ## 1.0.11 (August 26, 2022) ### New and Improved diff --git a/internal/provider/resource_target.go b/internal/provider/resource_target.go index c693c62d..190e7322 100644 --- a/internal/provider/resource_target.go +++ b/internal/provider/resource_target.go @@ -13,7 +13,8 @@ import ( const ( targetHostSourceIdsKey = "host_source_ids" - targetApplicationCredentialSourceIdsKey = "application_credential_source_ids" + targetBrokeredCredentialSourceIdsKey = "brokered_credential_source_ids" + targetInjectedAppCredentialSourceIdsKey = "injected_application_credential_source_ids" targetDefaultPortKey = "default_port" targetSessionMaxSecondsKey = "session_max_seconds" targetSessionConnectionLimitKey = "session_connection_limit" @@ -73,8 +74,22 @@ func resourceTarget() *schema.Resource { Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, - targetApplicationCredentialSourceIdsKey: { - Description: "A list of application credential source ID's.", + "application_credential_source_ids": { + Description: "A list of application credential source ID's.", + Type: schema.TypeSet, + Optional: true, + Deprecated: "Please use 'brokered_credential_source_ids' instead", + ConflictsWith: []string{targetBrokeredCredentialSourceIdsKey}, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + targetBrokeredCredentialSourceIdsKey: { + Description: "A list of brokered credential source ID's.", + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + targetInjectedAppCredentialSourceIdsKey: { + Description: "A list of injected application credential source ID's.", Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, @@ -114,7 +129,17 @@ func setFromTargetResponseMap(d *schema.ResourceData, raw map[string]interface{} if err := d.Set(targetHostSourceIdsKey, raw["host_source_ids"]); err != nil { return err } - if err := d.Set(targetApplicationCredentialSourceIdsKey, raw["application_credential_source_ids"]); err != nil { + // TODO: remove when fully deprecating 'application_credential_source_ids' + if _, ok := d.GetOk("application_credential_source_ids"); ok { + if err := d.Set("application_credential_source_ids", raw["application_credential_source_ids"]); err != nil { + return err + } + } else { + if err := d.Set(targetBrokeredCredentialSourceIdsKey, raw["brokered_credential_source_ids"]); err != nil { + return err + } + } + if err := d.Set(targetInjectedAppCredentialSourceIdsKey, raw["injected_application_credential_source_ids"]); err != nil { return err } if err := d.Set(targetSessionMaxSecondsKey, raw["session_max_seconds"]); err != nil { @@ -215,12 +240,28 @@ func resourceTargetCreate(ctx context.Context, d *schema.ResourceData, meta inte } } - var credentialSourceIds []string - if credentialSourceIdsVal, ok := d.GetOk(targetApplicationCredentialSourceIdsKey); ok { + var brokeredCreds []string + if credentialSourceIdsVal, ok := d.GetOk(targetBrokeredCredentialSourceIdsKey); ok { + list := credentialSourceIdsVal.(*schema.Set).List() + brokeredCreds = make([]string, 0, len(list)) + for _, i := range list { + brokeredCreds = append(brokeredCreds, i.(string)) + } + } else if credentialSourceIdsVal, ok := d.GetOk("application_credential_source_ids"); ok { + // TODO: remove when fully deprecating 'application_credential_source_ids' + list := credentialSourceIdsVal.(*schema.Set).List() + brokeredCreds = make([]string, 0, len(list)) + for _, i := range list { + brokeredCreds = append(brokeredCreds, i.(string)) + } + } + + var injectedCreds []string + if credentialSourceIdsVal, ok := d.GetOk(targetInjectedAppCredentialSourceIdsKey); ok { list := credentialSourceIdsVal.(*schema.Set).List() - credentialSourceIds = make([]string, 0, len(list)) + injectedCreds = make([]string, 0, len(list)) for _, i := range list { - credentialSourceIds = append(credentialSourceIds, i.(string)) + injectedCreds = append(injectedCreds, i.(string)) } } @@ -251,8 +292,15 @@ func resourceTargetCreate(ctx context.Context, d *schema.ResourceData, meta inte version = tur.Item.Version } - if credentialSourceIds != nil { - tur, err := tc.SetCredentialSources(ctx, tcr.Item.Id, version, targets.WithApplicationCredentialSourceIds(credentialSourceIds)) + var credOpts []targets.Option + if brokeredCreds != nil { + credOpts = append(credOpts, targets.WithBrokeredCredentialSourceIds(brokeredCreds)) + } + if injectedCreds != nil { + credOpts = append(credOpts, targets.WithInjectedApplicationCredentialSourceIds(injectedCreds)) + } + if len(credOpts) > 0 { + tur, err := tc.SetCredentialSources(ctx, tcr.Item.Id, version, credOpts...) if err != nil { return diag.Errorf("error setting credential sources on target: %v", err) } @@ -430,9 +478,10 @@ func resourceTargetUpdate(ctx context.Context, d *schema.ResourceData, meta inte // The above calls may not actually happen, so we use d.Id() and automatic // versioning here - if d.HasChange(targetApplicationCredentialSourceIdsKey) { + // TODO: remove when fully deprecating 'application_credential_source_ids' + if d.HasChange("application_credential_source_ids") { var credentialSourceIds []string - if credentialSourceIdsVal, ok := d.GetOk(targetApplicationCredentialSourceIdsKey); ok { + if credentialSourceIdsVal, ok := d.GetOk("application_credential_source_ids"); ok { credSourceIds := credentialSourceIdsVal.(*schema.Set).List() for _, credSourceId := range credSourceIds { credentialSourceIds = append(credentialSourceIds, credSourceId.(string)) @@ -451,7 +500,59 @@ func resourceTargetUpdate(ctx context.Context, d *schema.ResourceData, meta inte if err != nil { return diag.Errorf("error updating credential sources in target: %v", err) } - if err := d.Set(targetApplicationCredentialSourceIdsKey, credentialSourceIds); err != nil { + if err := d.Set("application_credential_source_ids", credentialSourceIds); err != nil { + return diag.FromErr(err) + } + } + + if d.HasChange(targetBrokeredCredentialSourceIdsKey) { + var credentialSourceIds []string + if credentialSourceIdsVal, ok := d.GetOk(targetBrokeredCredentialSourceIdsKey); ok { + credSourceIds := credentialSourceIdsVal.(*schema.Set).List() + for _, credSourceId := range credSourceIds { + credentialSourceIds = append(credentialSourceIds, credSourceId.(string)) + } + } + + opts := []targets.Option{ + targets.WithAutomaticVersioning(true), + targets.DefaultBrokeredCredentialSourceIds(), + } + if len(credentialSourceIds) > 0 { + opts = append(opts, targets.WithBrokeredCredentialSourceIds(credentialSourceIds)) + } + + _, err := tc.SetCredentialSources(ctx, d.Id(), 0, opts...) + if err != nil { + return diag.Errorf("error updating brokered credential sources in target: %v", err) + } + if err := d.Set(targetBrokeredCredentialSourceIdsKey, credentialSourceIds); err != nil { + return diag.FromErr(err) + } + } + + if d.HasChange(targetInjectedAppCredentialSourceIdsKey) { + var credentialSourceIds []string + if credentialSourceIdsVal, ok := d.GetOk(targetInjectedAppCredentialSourceIdsKey); ok { + credSourceIds := credentialSourceIdsVal.(*schema.Set).List() + for _, credSourceId := range credSourceIds { + credentialSourceIds = append(credentialSourceIds, credSourceId.(string)) + } + } + + opts := []targets.Option{ + targets.WithAutomaticVersioning(true), + targets.DefaultInjectedApplicationCredentialSourceIds(), + } + if len(credentialSourceIds) > 0 { + opts = append(opts, targets.WithInjectedApplicationCredentialSourceIds(credentialSourceIds)) + } + + _, err := tc.SetCredentialSources(ctx, d.Id(), 0, opts...) + if err != nil { + return diag.Errorf("error updating injected application credential sources in target: %v", err) + } + if err := d.Set(targetInjectedAppCredentialSourceIdsKey, credentialSourceIds); err != nil { return diag.FromErr(err) } } diff --git a/internal/provider/resource_target_test.go b/internal/provider/resource_target_test.go index 159d76eb..184fb816 100644 --- a/internal/provider/resource_target_test.go +++ b/internal/provider/resource_target_test.go @@ -89,7 +89,7 @@ resource "boundary_target" "foo" { host_source_ids = [ boundary_host_set.foo.id ] - application_credential_source_ids = [ + brokered_credential_source_ids = [ boundary_credential_library_vault.foo.id ] default_port = 22 @@ -108,7 +108,7 @@ resource "boundary_target" "foo" { host_source_ids = [ boundary_host_set.bar.id ] - application_credential_source_ids = [ + brokered_credential_source_ids = [ boundary_credential_library_vault.bar.id ] default_port = 80 @@ -166,7 +166,7 @@ func TestAccTarget(t *testing.T) { resource.TestCheckResourceAttr("boundary_target.foo", targetSessionConnectionLimitKey, "6"), resource.TestCheckResourceAttr("boundary_target.foo", targetWorkerFilterKey, `type == "foo"`), testAccCheckTargetResourceHostSource(provider, "boundary_target.foo", []string{"boundary_host_set.foo"}), - testAccCheckTargetResourceAppCredSources(provider, "boundary_target.foo", []string{"boundary_credential_library_vault.foo"}), + testAccCheckTargetResourceBrokeredCredSources(provider, "boundary_target.foo", []string{"boundary_credential_library_vault.foo"}), ), }, importStep("boundary_target.foo"), @@ -181,7 +181,7 @@ func TestAccTarget(t *testing.T) { resource.TestCheckResourceAttr("boundary_target.foo", targetSessionConnectionLimitKey, "7"), resource.TestCheckResourceAttr("boundary_target.foo", targetWorkerFilterKey, `type == "bar"`), testAccCheckTargetResourceHostSource(provider, "boundary_target.foo", []string{"boundary_host_set.bar"}), - testAccCheckTargetResourceAppCredSources(provider, "boundary_target.foo", []string{"boundary_credential_library_vault.bar"}), + testAccCheckTargetResourceBrokeredCredSources(provider, "boundary_target.foo", []string{"boundary_credential_library_vault.bar"}), ), }, importStep("boundary_target.foo"), @@ -196,7 +196,7 @@ func TestAccTarget(t *testing.T) { resource.TestCheckResourceAttr("boundary_target.foo", targetSessionConnectionLimitKey, "7"), resource.TestCheckResourceAttr("boundary_target.foo", targetWorkerFilterKey, `type == "bar"`), testAccCheckTargetResourceHostSource(provider, "boundary_target.foo", nil), - testAccCheckTargetResourceAppCredSources(provider, "boundary_target.foo", nil), + testAccCheckTargetResourceBrokeredCredSources(provider, "boundary_target.foo", nil), ), }, importStep("boundary_target.foo"), @@ -261,7 +261,7 @@ func testAccCheckTargetResourceHostSource(testProvider *schema.Provider, name st } } -func testAccCheckTargetResourceAppCredSources(testProvider *schema.Provider, name string, credSources []string) resource.TestCheckFunc { +func testAccCheckTargetResourceBrokeredCredSources(testProvider *schema.Provider, name string, credSources []string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[name] if !ok { @@ -298,11 +298,11 @@ func testAccCheckTargetResourceAppCredSources(testProvider *schema.Provider, nam return fmt.Errorf("got an error when reading target %q: %w", id, err) } - if len(t.Item.ApplicationCredentialSourceIds) != len(credSourceIDs) { - return fmt.Errorf("tf state and boundary have different number of application credential sources") + if len(t.Item.BrokeredCredentialSourceIds) != len(credSourceIDs) { + return fmt.Errorf("tf state and boundary have different number of brokered credential sources") } - for _, stateCredSourceId := range t.Item.ApplicationCredentialSourceIds { + for _, stateCredSourceId := range t.Item.BrokeredCredentialSourceIds { ok := false for _, gotCredSourceID := range credSourceIDs { if gotCredSourceID == stateCredSourceId { @@ -310,7 +310,7 @@ func testAccCheckTargetResourceAppCredSources(testProvider *schema.Provider, nam } } if !ok { - return fmt.Errorf("application credential source id in state not set in boundary: %s", stateCredSourceId) + return fmt.Errorf("brokered credential source id in state not set in boundary: %s", stateCredSourceId) } }