feat: add Mount Migration support to all secrets/auth backends

internal/consts/consts.go

@@ -85,9 +85,9 @@ const (
 	/*
 		Vault version constants
 	*/
-	VaultVersion11 = "1.11.0"
-	VaultVersion10 = "1.10.0"
-	VaultVersion9  = "1.9.0"
+	VaultVersion111 = "1.11.0"
+	VaultVersion110 = "1.10.0"
+	VaultVersion19  = "1.9.0"
 
 	/*
 		misc. path related constants

internal/provider/meta.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-secure-stdlib/awsutil"
+	"github.com/hashicorp/go-version"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
@@ -30,6 +31,7 @@ type ProviderMeta struct {
 	resourceData *schema.ResourceData
 	clientCache  map[string]*api.Client
 	m            sync.RWMutex
+	vaultVersion *version.Version
 }
 
 // GetClient returns the providers default Vault client.
@@ -76,6 +78,22 @@ func (p *ProviderMeta) GetNSClient(ns string) (*api.Client, error) {
 	return c, nil
 }
 
+// IsAPISupported receives a minimum version
+// of type *version.Version.
+//
+// It returns a boolean describing whether the
+// ProviderMeta vaultVersion is above the
+// minimum version.
+func (p *ProviderMeta) IsAPISupported(minVersion *version.Version) bool {
+	return p.vaultVersion.GreaterThanOrEqual(minVersion)
+}
+
+// GetVaultVersion returns the providerMeta
+// vaultVersion attribute.
+func (p *ProviderMeta) GetVaultVersion() *version.Version {
+	return p.vaultVersion
+}
+
 func (p *ProviderMeta) validate() error {
 	if p.client == nil {
 		return fmt.Errorf("root api.Client not set, init with NewProviderMeta()")
@@ -222,6 +240,12 @@ func NewProviderMeta(d *schema.ResourceData) (interface{}, error) {
 		}
 	}
 
+	// Set the Vault version to *ProviderMeta object
+	vaultVersion, err := getVaultVersion(client)
+	if err != nil {
+		return nil, err
+	}
+
 	// Set the namespace to the requested namespace, if provided
 	namespace := d.Get(consts.FieldNamespace).(string)
 	if namespace != "" {
@@ -231,6 +255,7 @@ func NewProviderMeta(d *schema.ResourceData) (interface{}, error) {
 	return &ProviderMeta{
 		resourceData: d,
 		client:       client,
+		vaultVersion: vaultVersion,
 	}, nil
 }
 
@@ -281,6 +306,42 @@ func GetClient(i interface{}, meta interface{}) (*api.Client, error) {
 	return p.GetClient(), nil
 }
 
+// IsAPISupported receives an interface
+// and a minimum *version.Version.
+//
+// It returns a boolean after computing
+// whether the API is supported by the
+// providerMeta, which is obtained from
+// the provided interface.
+func IsAPISupported(meta interface{}, minVersion *version.Version) bool {
+	var p *ProviderMeta
+	switch v := meta.(type) {
+	case *ProviderMeta:
+		p = v
+	default:
+		panic(fmt.Sprintf("meta argument must be a %T, not %T", p, meta))
+	}
+
+	return p.IsAPISupported(minVersion)
+}
+
+func getVaultVersion(client *api.Client) (*version.Version, error) {
+	resp, err := client.Sys().SealStatus()
+	if err != nil {
+		return nil, err
+	}
+
+	if resp == nil {
+		return nil, fmt.Errorf("expected response data, got nil response")
+	}
+
+	if resp.Version == "" {
+		return nil, fmt.Errorf("key %q not found in response", consts.FieldVersion)
+	}
+
+	return version.Must(version.NewSemver(resp.Version)), nil
+}
+
 func setChildToken(d *schema.ResourceData, c *api.Client) error {
 	tokenName := d.Get("token_name").(string)
 	if tokenName == "" {

internal/provider/meta_test.go

@@ -8,6 +8,7 @@ import (
 	"sync"
 	"testing"
 
+	"github.com/hashicorp/go-version"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 	"github.com/hashicorp/vault/api"
@@ -358,3 +359,84 @@ func TestGetClient(t *testing.T) {
 		})
 	}
 }
+
+func TestIsAPISupported(t *testing.T) {
+	rootClient, err := api.NewClient(api.DefaultConfig())
+	if err != nil {
+		t.Fatalf("error initializing root client, err=%s", err)
+	}
+
+	VaultVersion10, err := version.NewVersion("1.10.0")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	VaultVersion11, err := version.NewVersion("1.11.0")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testCases := []struct {
+		name       string
+		minVersion string
+		expected   bool
+		meta       interface{}
+	}{
+		{
+			name:       "server-greater-than",
+			minVersion: "1.8.0",
+			expected:   true,
+			meta: &ProviderMeta{
+				client:       rootClient,
+				vaultVersion: VaultVersion11,
+			},
+		},
+		{
+			name:       "server-less-than",
+			minVersion: "1.12.0",
+			expected:   false,
+			meta: &ProviderMeta{
+				client:       rootClient,
+				vaultVersion: VaultVersion11,
+			},
+		},
+		{
+			name:       "server-equal",
+			minVersion: "1.10.0",
+			expected:   true,
+			meta: &ProviderMeta{
+				client:       rootClient,
+				vaultVersion: VaultVersion10,
+			},
+		},
+	}
+
+	for _, tt := range testCases {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.meta != nil {
+				m := tt.meta.(*ProviderMeta)
+				m.resourceData = schema.TestResourceDataRaw(t,
+					map[string]*schema.Schema{
+						consts.FieldNamespace: {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+					},
+					map[string]interface{}{},
+				)
+				tt.meta = m
+			}
+
+			mv, err := version.NewVersion(tt.minVersion)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			isTFVersionGreater := tt.meta.(*ProviderMeta).IsAPISupported(mv)
+
+			if isTFVersionGreater != tt.expected {
+				t.Errorf("IsAPISupported() got = %v, want %v", isTFVersionGreater, tt.expected)
+			}
+		})
+	}
+}