diff --git a/vault/resource_ad_secret_backend.go b/vault/resource_ad_secret_backend.go index cfe80511e..1147aa37a 100644 --- a/vault/resource_ad_secret_backend.go +++ b/vault/resource_ad_secret_backend.go @@ -82,6 +82,13 @@ func adSecretBackendResource() *schema.Resource { Optional: true, Description: `Use anonymous bind to discover the bind DN of a user.`, }, + "formatter": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Deprecated: `Formatter is deprecated and password_policy should be used with Vault >= 1.5.`, + Description: `Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".`, + }, "groupattr": { Type: schema.TypeString, Optional: true, @@ -108,6 +115,13 @@ func adSecretBackendResource() *schema.Resource { Computed: true, Description: `The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band.`, }, + "length": { + Type: schema.TypeInt, + Optional: true, + Computed: true, + Deprecated: `Length is deprecated and password_policy should be used with Vault >= 1.5.`, + Description: `The desired length of passwords that Vault generates.`, + }, "local": { Type: schema.TypeBool, Required: false, @@ -258,6 +272,9 @@ func createConfigResource(d *schema.ResourceData, meta interface{}) error { if v, ok := d.GetOkExists("discoverdn"); ok { data["discoverdn"] = v } + if v, ok := d.GetOkExists("formatter"); ok { + data["formatter"] = v + } if v, ok := d.GetOkExists("groupattr"); ok { data["groupattr"] = v } @@ -273,6 +290,9 @@ func createConfigResource(d *schema.ResourceData, meta interface{}) error { if v, ok := d.GetOkExists("last_rotation_tolerance"); ok { data["last_rotation_tolerance"] = v } + if v, ok := d.GetOkExists("length"); ok { + data["length"] = v + } if v, ok := d.GetOkExists("max_ttl"); ok { data["max_ttl"] = v } @@ -391,6 +411,11 @@ func readConfigResource(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("error setting state key 'discoverdn': %s", err) } } + if val, ok := resp.Data["formatter"]; ok { + if err := d.Set("formatter", val); err != nil { + return fmt.Errorf("error setting state key 'formatter': %s", err) + } + } if val, ok := resp.Data["groupattr"]; ok { if err := d.Set("groupattr", val); err != nil { return fmt.Errorf("error setting state key 'groupattr': %s", err) @@ -416,6 +441,11 @@ func readConfigResource(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("error setting state key 'last_rotation_tolerance': %s", err) } } + if val, ok := resp.Data["length"]; ok { + if err := d.Set("length", val); err != nil { + return fmt.Errorf("error setting state key 'length': %s", err) + } + } if val, ok := resp.Data["max_ttl"]; ok { if err := d.Set("max_ttl", val); err != nil { return fmt.Errorf("error setting state key 'max_ttl': %s", err) @@ -540,6 +570,9 @@ func updateConfigResource(d *schema.ResourceData, meta interface{}) error { if raw, ok := d.GetOk("discoverdn"); ok { data["discoverdn"] = raw } + if raw, ok := d.GetOk("formatter"); ok { + data["formatter"] = raw + } if raw, ok := d.GetOk("groupattr"); ok { data["groupattr"] = raw } @@ -555,6 +588,9 @@ func updateConfigResource(d *schema.ResourceData, meta interface{}) error { if raw, ok := d.GetOk("last_rotation_tolerance"); ok { data["last_rotation_tolerance"] = raw } + if raw, ok := d.GetOk("length"); ok { + data["length"] = raw + } if raw, ok := d.GetOk("max_ttl"); ok { data["max_ttl"] = raw } diff --git a/website/docs/guides/version_3_upgrade.html.markdown b/website/docs/guides/version_3_upgrade.html.markdown index 88e310d82..713fd6025 100644 --- a/website/docs/guides/version_3_upgrade.html.markdown +++ b/website/docs/guides/version_3_upgrade.html.markdown @@ -72,7 +72,6 @@ state changes in the meantime. - [Data Source: `vault_kubernetes_auth_backend_role`](#data-source-vault_kubernetes_auth_backend_role) -- [Resource: `vault_ad_secret_backend`](#resource-vault_ad_secret_backend) - [Resource: `vault_approle_auth_backend_role`](#resource-vault_approle_auth_backend_role) - [Resource: `vault_auth_backend`](#resource-vault_auth_backend) - [Resource: `vault_aws_auth_backend_role`](#resource-vault_aws_auth_backend_role) @@ -145,17 +144,6 @@ The following deprecated fields have been removed: _Specifying any of the fields above in your config or trying to interpolate them in your config will raise an error._ -## Resource: `vault_ad_secret_backend` - -### Deprecated fields have been removed -The following deprecated fields have been removed: - -* `formatter` - use `password_policy` instead. - -* `length` - use `password_policy` instead. - -_Specifying any of the fields above in your config or trying to interpolate them in your config will raise an error._ - ## Resource: `vault_approle_auth_backend_role` ### Deprecated fields have been removed diff --git a/website/docs/r/ad_secret_backend.html.md b/website/docs/r/ad_secret_backend.html.md index d86b1c8b2..1aa12b2d7 100644 --- a/website/docs/r/ad_secret_backend.html.md +++ b/website/docs/r/ad_secret_backend.html.md @@ -64,8 +64,7 @@ defaults to true. * `discoverdn` - (Optional) Use anonymous bind to discover the bind Distinguished Name of a user. -* `formatter` - (Optional) Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". This -setting is deprecated and should instead use `password_policy`. +* `formatter` - (Optional) **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". * `groupattr` - (Optional) LDAP attribute to follow on objects returned by in order to enumerate user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`. @@ -81,8 +80,7 @@ Defaults to `false`. * `last_rotation_tolerance` - (Optional) The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band -* `length` - (Optional) The desired length of passwords that Vault generates. This -setting is deprecated and should instead use `password_policy`. +* `length` - (Optional) **Deprecated** use `password_policy`. The desired length of passwords that Vault generates. * `local` - (Optional) Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.