Restore formatter, and length for AD secrets engine.

vault/resource_ad_secret_backend.go

@@ -82,6 +82,13 @@ func adSecretBackendResource() *schema.Resource {
 			Optional:    true,
 			Description: `Use anonymous bind to discover the bind DN of a user.`,
 		},
+		"formatter": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Computed:    true,
+			Deprecated:  `Formatter is deprecated and password_policy should be used with Vault >= 1.5.`,
+			Description: `Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".`,
+		},
 		"groupattr": {
 			Type:        schema.TypeString,
 			Optional:    true,
@@ -108,6 +115,13 @@ func adSecretBackendResource() *schema.Resource {
 			Computed:    true,
 			Description: `The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band.`,
 		},
+		"length": {
+			Type:        schema.TypeInt,
+			Optional:    true,
+			Computed:    true,
+			Deprecated:  `Length is deprecated and password_policy should be used with Vault >= 1.5.`,
+			Description: `The desired length of passwords that Vault generates.`,
+		},
 		"local": {
 			Type:        schema.TypeBool,
 			Required:    false,
@@ -258,6 +272,9 @@ func createConfigResource(d *schema.ResourceData, meta interface{}) error {
 	if v, ok := d.GetOkExists("discoverdn"); ok {
 		data["discoverdn"] = v
 	}
+	if v, ok := d.GetOkExists("formatter"); ok {
+		data["formatter"] = v
+	}
 	if v, ok := d.GetOkExists("groupattr"); ok {
 		data["groupattr"] = v
 	}
@@ -273,6 +290,9 @@ func createConfigResource(d *schema.ResourceData, meta interface{}) error {
 	if v, ok := d.GetOkExists("last_rotation_tolerance"); ok {
 		data["last_rotation_tolerance"] = v
 	}
+	if v, ok := d.GetOkExists("length"); ok {
+		data["length"] = v
+	}
 	if v, ok := d.GetOkExists("max_ttl"); ok {
 		data["max_ttl"] = v
 	}
@@ -391,6 +411,11 @@ func readConfigResource(d *schema.ResourceData, meta interface{}) error {
 			return fmt.Errorf("error setting state key 'discoverdn': %s", err)
 		}
 	}
+	if val, ok := resp.Data["formatter"]; ok {
+		if err := d.Set("formatter", val); err != nil {
+			return fmt.Errorf("error setting state key 'formatter': %s", err)
+		}
+	}
 	if val, ok := resp.Data["groupattr"]; ok {
 		if err := d.Set("groupattr", val); err != nil {
 			return fmt.Errorf("error setting state key 'groupattr': %s", err)
@@ -416,6 +441,11 @@ func readConfigResource(d *schema.ResourceData, meta interface{}) error {
 			return fmt.Errorf("error setting state key 'last_rotation_tolerance': %s", err)
 		}
 	}
+	if val, ok := resp.Data["length"]; ok {
+		if err := d.Set("length", val); err != nil {
+			return fmt.Errorf("error setting state key 'length': %s", err)
+		}
+	}
 	if val, ok := resp.Data["max_ttl"]; ok {
 		if err := d.Set("max_ttl", val); err != nil {
 			return fmt.Errorf("error setting state key 'max_ttl': %s", err)
@@ -540,6 +570,9 @@ func updateConfigResource(d *schema.ResourceData, meta interface{}) error {
 	if raw, ok := d.GetOk("discoverdn"); ok {
 		data["discoverdn"] = raw
 	}
+	if raw, ok := d.GetOk("formatter"); ok {
+		data["formatter"] = raw
+	}
 	if raw, ok := d.GetOk("groupattr"); ok {
 		data["groupattr"] = raw
 	}
@@ -555,6 +588,9 @@ func updateConfigResource(d *schema.ResourceData, meta interface{}) error {
 	if raw, ok := d.GetOk("last_rotation_tolerance"); ok {
 		data["last_rotation_tolerance"] = raw
 	}
+	if raw, ok := d.GetOk("length"); ok {
+		data["length"] = raw
+	}
 	if raw, ok := d.GetOk("max_ttl"); ok {
 		data["max_ttl"] = raw
 	}

website/docs/guides/version_3_upgrade.html.markdown

@@ -72,7 +72,6 @@ state changes in the meantime.
 
 - [Data Source: `vault_kubernetes_auth_backend_role`](#data-source-vault_kubernetes_auth_backend_role)
 
-- [Resource: `vault_ad_secret_backend`](#resource-vault_ad_secret_backend)
 - [Resource: `vault_approle_auth_backend_role`](#resource-vault_approle_auth_backend_role)
 - [Resource: `vault_auth_backend`](#resource-vault_auth_backend)
 - [Resource: `vault_aws_auth_backend_role`](#resource-vault_aws_auth_backend_role)
@@ -145,17 +144,6 @@ The following deprecated fields have been removed:
 
 _Specifying any of the fields above in your config or trying to interpolate them in your config will raise an error._
 
-## Resource: `vault_ad_secret_backend`
-
-### Deprecated fields have been removed
-The following deprecated fields have been removed:
-
-* `formatter` - use `password_policy` instead.
-
-* `length` - use `password_policy` instead.
-
-_Specifying any of the fields above in your config or trying to interpolate them in your config will raise an error._
-
 ## Resource: `vault_approle_auth_backend_role`
 
 ### Deprecated fields have been removed

website/docs/r/ad_secret_backend.html.md

@@ -64,8 +64,7 @@ defaults to true.
 
 * `discoverdn` - (Optional) Use anonymous bind to discover the bind Distinguished Name of a user.
 
-* `formatter` - (Optional) Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". This
-setting is deprecated and should instead use `password_policy`.
+* `formatter` - (Optional)  **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
 
 * `groupattr` - (Optional) LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
 user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
@@ -81,8 +80,7 @@ Defaults to `false`.
 * `last_rotation_tolerance` - (Optional) The number of seconds after a Vault rotation where, if Active Directory
 shows a later rotation, it should be considered out-of-band
 
-* `length` - (Optional) The desired length of passwords that Vault generates. This
-setting is deprecated and should instead use `password_policy`.
+* `length` - (Optional) **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
 
 * `local` - (Optional) Mark the secrets engine as local-only. Local engines are not replicated or removed by
 replication.Tolerance duration to use when checking the last rotation time.