diff --git a/internal/consts/consts.go b/internal/consts/consts.go index 1e22792c21..6120d725c4 100644 --- a/internal/consts/consts.go +++ b/internal/consts/consts.go @@ -350,6 +350,7 @@ const ( FieldCredentialType = "credential_type" FieldFilename = "filename" FieldDefault = "default" + FieldAIAPath = "aia_path" /* common environment variables */ diff --git a/vault/resource_pki_secret_backend_config_cluster.go b/vault/resource_pki_secret_backend_config_cluster.go index ddfa12aa40..dfe62f2d91 100644 --- a/vault/resource_pki_secret_backend_config_cluster.go +++ b/vault/resource_pki_secret_backend_config_cluster.go @@ -11,10 +11,16 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" "github.com/hashicorp/terraform-provider-vault/util" ) +var pkiClusterFields = []string{ + consts.FieldPath, + consts.FieldAIAPath, +} + func pkiSecretBackendConfigClusterResource() *schema.Resource { return &schema.Resource{ Create: pkiSecretBackendConfigClusterCreateUpdate, @@ -38,18 +44,18 @@ func pkiSecretBackendConfigClusterResource() *schema.Resource { }, Schema: map[string]*schema.Schema{ - "backend": { + consts.FieldBackend: { Type: schema.TypeString, Required: true, Description: "The path of the PKI secret backend the resource belongs to.", }, - "path": { + consts.FieldPath: { Type: schema.TypeString, Required: true, Description: "Specifies the path to this performance replication cluster's API mount path.", Elem: &schema.Schema{Type: schema.TypeString}, }, - "aia_path": { + consts.FieldAIAPath: { Type: schema.TypeString, Required: true, Description: "Specifies the path to this performance replication cluster's AIA distribution point.", @@ -74,17 +80,20 @@ func pkiSecretBackendConfigClusterCreateUpdate(d *schema.ResourceData, meta inte action = "Update" } - data := map[string]interface{}{ - "path": d.Get("path"), - "aia_path": d.Get("aia_path"), + data := map[string]interface{}{} + + for _, k := range pkiClusterFields { + if v, ok := d.GetOk(k); ok { + data[k] = v + } } - log.Printf("[DEBUG] %s URL config on PKI secret backend %q", action, backend) + log.Printf("[DEBUG] %s cluster config on PKI secret backend %q", action, backend) _, err := client.Logical().Write(path, data) if err != nil { - return fmt.Errorf("error writing PKI URL config to %q: %w", backend, err) + return fmt.Errorf("error writing PKI cluster config to %q: %w", backend, err) } - log.Printf("[DEBUG] %sd URL config on PKI secret backend %q", action, backend) + log.Printf("[DEBUG] %sd cluster config on PKI secret backend %q", action, backend) if d.IsNewResource() { d.SetId(fmt.Sprintf("%s/config/cluster", backend)) @@ -105,26 +114,20 @@ func pkiSecretBackendConfigClusterRead(d *schema.ResourceData, meta interface{}) return fmt.Errorf("no path set, id=%q", d.Id()) } - log.Printf("[DEBUG] Reading URL config from PKI secret path %q", path) + log.Printf("[DEBUG] Reading cluster config from PKI secret path %q", path) config, err := client.Logical().Read(path) if err != nil { - return fmt.Errorf("error reading URL config on PKI secret backend %q: %s", path, err) + return fmt.Errorf("error reading cluster config on PKI secret backend %q: %s", path, err) } if config == nil { - log.Printf("[WARN] Removing URL config path %q as its ID is invalid", path) + log.Printf("[WARN] Removing cluster config path %q as its ID is invalid", path) d.SetId("") return nil } - fields := []string{ - "path", - "aia_path", - } - for _, k := range fields { - if err := d.Set(k, config.Data[k]); err != nil { - return err - } + for _, k := range pkiClusterFields { + d.Set(k, config.Data[k]) } return nil diff --git a/website/docs/r/pki_secret_backend_config_cluster.html.md b/website/docs/r/pki_secret_backend_config_cluster.html.md index 2761b73cbc..141d605efa 100644 --- a/website/docs/r/pki_secret_backend_config_cluster.html.md +++ b/website/docs/r/pki_secret_backend_config_cluster.html.md @@ -23,8 +23,8 @@ resource "vault_mount" "root" { resource "vault_pki_secret_backend_config_cluster" "example" { backend = vault_mount.root.path - path = "http://127.0.0.1:8200/v1/pki" - aia_path = "http://127.0.0.1:8200/v1/pki" + path = "http://127.0.0.1:8200/v1/pki-root" + aia_path = "http://127.0.0.1:8200/v1/pki-root" } ``` @@ -49,7 +49,7 @@ No additional attributes are exported by this resource. ## Import -The PKI config URLs can be imported using the resource's `id`. +The PKI config cluster can be imported using the resource's `id`. In the case of the example above the `id` would be `pki-root/config/cluster`, where the `pki-root` component is the resource's `backend`, e.g.