From ce73448c63c610b7cdb184cb73a1b61f09a439bc Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 17 Nov 2020 21:35:48 +0000 Subject: [PATCH 01/14] Add support for ca_cert, client_cert, client_key Additional options to configure to match the cli/api for the consul backend. Important for TLS configuration. --- vault/resource_consul_secret_backend.go | 34 +++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index 14a051e72..51d68800e 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -69,6 +69,24 @@ func consulSecretBackendResource() *schema.Resource { Description: "Specifies the Consul ACL token to use. This must be a management type token.", Sensitive: true, }, + "ca_cert": { + Type: schema.TypeString, + Required: false, + Description: "CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded.", + Sensitive: false, + }, + "client_cert: { + Type: schema.TypeString, + Required: false, + Description: "Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.", + Sensitive: true, + }, + "client_key": { + Type: schema.TypeString, + Required: false, + Description: "Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.", + Sensitive: true, + }, }, } } @@ -80,6 +98,9 @@ func consulSecretBackendCreate(d *schema.ResourceData, meta interface{}) error { address := d.Get("address").(string) scheme := d.Get("scheme").(string) token := d.Get("token").(string) + ca_cert := d.Get("ca_cert").(string) + client_cert := d.Get("client_cert").(string) + client_key := d.Get("client_key").(string) configPath := consulSecretBackendConfigPath(path) @@ -112,6 +133,9 @@ func consulSecretBackendCreate(d *schema.ResourceData, meta interface{}) error { "address": address, "token": token, "scheme": scheme, + "ca_cert": ca_cert, + "client_cert": client_cert, + "client_key": client_key } if _, err := client.Logical().Write(configPath, data); err != nil { return fmt.Errorf("Error writing Consul configuration for %q: %s", path, err) @@ -120,6 +144,9 @@ func consulSecretBackendCreate(d *schema.ResourceData, meta interface{}) error { d.SetPartial("address") d.SetPartial("token") d.SetPartial("scheme") + d.SetPartial("ca_cert") + d.SetPartial("client_cert") + d.SetPartial("client_key") d.Partial(false) return nil @@ -166,6 +193,7 @@ func consulSecretBackendRead(d *schema.ResourceData, meta interface{}) error { // So... if it drifts, it drift. d.Set("address", secret.Data["address"].(string)) d.Set("scheme", secret.Data["scheme"].(string)) + d.Set("ca_cert", secret.Data["ca_cert"].(string)) return nil } @@ -198,6 +226,9 @@ func consulSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { "address": d.Get("address").(string), "token": d.Get("token").(string), "scheme": d.Get("scheme").(string), + "ca_cert": d.Get("ca_cert").(string), + "client_cert": d.Get("client_cert").(string), + "client_key": d.Get("client_key").(string) } if _, err := client.Logical().Write(configPath, data); err != nil { return fmt.Errorf("Error configuring Consul configuration for %q: %s", path, err) @@ -206,6 +237,9 @@ func consulSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { d.SetPartial("address") d.SetPartial("token") d.SetPartial("scheme") + d.SetPartial("ca_cert") + d.SetPartial("client_cert") + d.SetPartial("client_key") } d.Partial(false) return consulSecretBackendRead(d, meta) From 0eecaf62b92e0a33764967b95b07b28712dc13df Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 17 Nov 2020 21:44:53 +0000 Subject: [PATCH 02/14] Update resource_consul_secret_backend.go --- vault/resource_consul_secret_backend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index 51d68800e..e241605a1 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -86,7 +86,7 @@ func consulSecretBackendResource() *schema.Resource { Required: false, Description: "Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.", Sensitive: true, - }, + } }, } } From 2961f63789b860d03f6e44838aa6f361a781be2b Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 17 Nov 2020 21:52:53 +0000 Subject: [PATCH 03/14] Missing quote --- vault/resource_consul_secret_backend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index e241605a1..f1aeb179c 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -75,7 +75,7 @@ func consulSecretBackendResource() *schema.Resource { Description: "CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded.", Sensitive: false, }, - "client_cert: { + "client_cert": { Type: schema.TypeString, Required: false, Description: "Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.", From aa7705893398626021497b307c9d49063f56bb04 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 17 Nov 2020 21:56:47 +0000 Subject: [PATCH 04/14] Adding commas --- vault/resource_consul_secret_backend.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index f1aeb179c..af5eae926 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -86,7 +86,7 @@ func consulSecretBackendResource() *schema.Resource { Required: false, Description: "Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.", Sensitive: true, - } + }, }, } } @@ -135,7 +135,7 @@ func consulSecretBackendCreate(d *schema.ResourceData, meta interface{}) error { "scheme": scheme, "ca_cert": ca_cert, "client_cert": client_cert, - "client_key": client_key + "client_key": client_key, } if _, err := client.Logical().Write(configPath, data); err != nil { return fmt.Errorf("Error writing Consul configuration for %q: %s", path, err) @@ -228,7 +228,7 @@ func consulSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { "scheme": d.Get("scheme").(string), "ca_cert": d.Get("ca_cert").(string), "client_cert": d.Get("client_cert").(string), - "client_key": d.Get("client_key").(string) + "client_key": d.Get("client_key").(string), } if _, err := client.Logical().Write(configPath, data); err != nil { return fmt.Errorf("Error configuring Consul configuration for %q: %s", path, err) From 4e5e7f244ad07bcb2ad28ae5c7dbc87e0d49ccb3 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 17 Nov 2020 21:59:45 +0000 Subject: [PATCH 05/14] Set optional and default value --- vault/resource_consul_secret_backend.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index af5eae926..1660e0099 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -71,19 +71,22 @@ func consulSecretBackendResource() *schema.Resource { }, "ca_cert": { Type: schema.TypeString, - Required: false, + Optional: true, + Default: "", Description: "CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded.", Sensitive: false, }, "client_cert": { Type: schema.TypeString, - Required: false, + Optional: true, + Default: "", Description: "Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.", Sensitive: true, }, "client_key": { Type: schema.TypeString, - Required: false, + Optional: true, + Default: "", Description: "Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.", Sensitive: true, }, From 99c7cb3ad709d395fd12f817c3484862840b82a2 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 17 Nov 2020 22:13:07 +0000 Subject: [PATCH 06/14] Update docs --- website/docs/r/consul_secret_backend.html.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/website/docs/r/consul_secret_backend.html.md b/website/docs/r/consul_secret_backend.html.md index 6c6044174..2769bc544 100644 --- a/website/docs/r/consul_secret_backend.html.md +++ b/website/docs/r/consul_secret_backend.html.md @@ -47,6 +47,12 @@ on `token`. Changing the value, however, _will_ overwrite the previously stored * `scheme` - (Optional) Specifies the URL scheme to use. Defaults to `http`. +* `ca_cert` - (Optional) CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded. + +* `client_cert` - (Optional) Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key. + +* `client_key` - (Optional) Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert. + * `default_lease_ttl_seconds` - (Optional) The default TTL for credentials issued by this backend. * `max_lease_ttl_seconds` - (Optional) The maximum TTL that can be requested From 20d09c39278b65661eead7909eda870a96317622 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 17 Nov 2020 22:47:56 +0000 Subject: [PATCH 07/14] Change detection --- vault/resource_consul_secret_backend.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index 1660e0099..2b6648952 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -223,7 +223,8 @@ func consulSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { d.SetPartial("default_lease_ttl_seconds") d.SetPartial("max_lease_ttl_seconds") } - if d.HasChange("address") || d.HasChange("token") || d.HasChange("scheme") { + if d.HasChange("address") || d.HasChange("token") || d.HasChange("scheme") || + d.HasChange("ca_cert") || d.HasChange("client_cert") || d.HasChange("client_key") { log.Printf("[DEBUG] Updating Consul configuration at %q", configPath) data := map[string]interface{}{ "address": d.Get("address").(string), From 74cd79a58bf9ce7b380a79ad675adc8554a68a1c Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 17 Nov 2020 23:04:15 +0000 Subject: [PATCH 08/14] optional param --- vault/resource_consul_secret_backend.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index 2b6648952..fedd7f06b 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -196,7 +196,13 @@ func consulSecretBackendRead(d *schema.ResourceData, meta interface{}) error { // So... if it drifts, it drift. d.Set("address", secret.Data["address"].(string)) d.Set("scheme", secret.Data["scheme"].(string)) - d.Set("ca_cert", secret.Data["ca_cert"].(string)) + + val, ok := secret.Data["ca_cert"] + if ok && val != nil { + d.Set("ca_cert", val.(string)) + } else { + d.Set("ca_cert", "") + } return nil } From 16cb517b02f8dc15efcee007b852202d9348977d Mon Sep 17 00:00:00 2001 From: mr-miles Date: Wed, 13 Jan 2021 23:26:02 +0000 Subject: [PATCH 09/14] Don't compare ca_cert as vault does not return it Co-authored-by: Theron Voran --- vault/resource_consul_secret_backend.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/vault/resource_consul_secret_backend.go b/vault/resource_consul_secret_backend.go index fedd7f06b..8892a5817 100644 --- a/vault/resource_consul_secret_backend.go +++ b/vault/resource_consul_secret_backend.go @@ -196,13 +196,6 @@ func consulSecretBackendRead(d *schema.ResourceData, meta interface{}) error { // So... if it drifts, it drift. d.Set("address", secret.Data["address"].(string)) d.Set("scheme", secret.Data["scheme"].(string)) - - val, ok := secret.Data["ca_cert"] - if ok && val != nil { - d.Set("ca_cert", val.(string)) - } else { - d.Set("ca_cert", "") - } return nil } From 8465cf0246701a102d53927ef4d72fef2b07a983 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Sat, 16 Jan 2021 17:31:34 +0000 Subject: [PATCH 10/14] Adding state tests for additional fields --- vault/resource_consul_secret_backend_test.go | 64 ++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/vault/resource_consul_secret_backend_test.go b/vault/resource_consul_secret_backend_test.go index e822067d9..d146a9d40 100644 --- a/vault/resource_consul_secret_backend_test.go +++ b/vault/resource_consul_secret_backend_test.go @@ -29,6 +29,9 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "127.0.0.1:8500"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "http"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", ""), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", ""), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", ""), ), }, { @@ -41,8 +44,41 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "consul.domain.tld:8501"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "https"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", ""), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", ""), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", ""), ), }, + { + Config: testConsulSecretBackend_updateConfig_addCerts(path, token), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "path", path), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "description", "test description"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "default_lease_ttl_seconds", "0"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "max_lease_ttl_seconds", "0"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "consul.domain.tld:8501"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "https"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", "FAKE-CERT-MATERIAL"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", "FAKE-CLIENT-CERT-MATERIAL"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", "FAKE-CLIENT-CERT-KEY-MATERIAL"), + ), + }, + { + Config: testConsulSecretBackend_updateConfig_updateCerts(path, token), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "path", path), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "description", "test description"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "default_lease_ttl_seconds", "0"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "max_lease_ttl_seconds", "0"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "consul.domain.tld:8501"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "https"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", "FAKE-CERT-MATERIAL"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", "UPDATED-FAKE-CLIENT-CERT-MATERIAL"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", "UPDATED-FAKE-CLIENT-CERT-KEY-MATERIAL"), + ), + } }, }) } @@ -92,3 +128,31 @@ resource "vault_consul_secret_backend" "test" { scheme = "https" }`, path, token) } + +func testConsulSecretBackend_updateConfig_addCerts(path, token string) string { + return fmt.Sprintf(` +resource "vault_consul_secret_backend" "test" { + path = "%s" + description = "test description" + address = "consul.domain.tld:8501" + token = "%s" + scheme = "https" + ca_cert = "FAKE-CERT-MATERIAL" + client_cert = "FAKE-CLIENT-CERT-MATERIAL" + client_key = "FAKE-CLIENT-CERT-KEY-MATERIAL" +}`, path, token) +} + +func testConsulSecretBackend_updateConfig_updateCerts(path, token string) string { + return fmt.Sprintf(` +resource "vault_consul_secret_backend" "test" { + path = "%s" + description = "test description" + address = "consul.domain.tld:8501" + token = "%s" + scheme = "https" + ca_cert = "FAKE-CERT-MATERIAL" + client_cert = "UPDATED-FAKE-CLIENT-CERT-MATERIAL" + client_key = "UPDATED-FAKE-CLIENT-CERT-KEY-MATERIAL" +}`, path, token) +} From 9f156be9b6f303d7c829aeea759821afbea577b7 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Sat, 16 Jan 2021 17:34:16 +0000 Subject: [PATCH 11/14] Add comma --- vault/resource_consul_secret_backend_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/resource_consul_secret_backend_test.go b/vault/resource_consul_secret_backend_test.go index d146a9d40..9d7288757 100644 --- a/vault/resource_consul_secret_backend_test.go +++ b/vault/resource_consul_secret_backend_test.go @@ -78,7 +78,7 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", "UPDATED-FAKE-CLIENT-CERT-MATERIAL"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", "UPDATED-FAKE-CLIENT-CERT-KEY-MATERIAL"), ), - } + }, }, }) } From 98fa7e838af6567856901e9c671cb719620228ba Mon Sep 17 00:00:00 2001 From: mr-miles Date: Sat, 16 Jan 2021 17:41:09 +0000 Subject: [PATCH 12/14] remove blank attributes --- vault/resource_consul_secret_backend_test.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/vault/resource_consul_secret_backend_test.go b/vault/resource_consul_secret_backend_test.go index 9d7288757..30be78d21 100644 --- a/vault/resource_consul_secret_backend_test.go +++ b/vault/resource_consul_secret_backend_test.go @@ -29,9 +29,6 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "127.0.0.1:8500"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "http"), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", ""), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", ""), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", ""), ), }, { @@ -44,9 +41,6 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "consul.domain.tld:8501"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "https"), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", ""), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", ""), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", ""), ), }, { From e14de98d387682c6fc74147355b27bb636b43922 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Mon, 18 Jan 2021 10:06:41 +0000 Subject: [PATCH 13/14] Reinstate blank properties --- vault/resource_consul_secret_backend_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vault/resource_consul_secret_backend_test.go b/vault/resource_consul_secret_backend_test.go index 30be78d21..9d7288757 100644 --- a/vault/resource_consul_secret_backend_test.go +++ b/vault/resource_consul_secret_backend_test.go @@ -29,6 +29,9 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "127.0.0.1:8500"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "http"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", ""), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", ""), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", ""), ), }, { @@ -41,6 +44,9 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "consul.domain.tld:8501"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "https"), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", ""), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", ""), + resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", ""), ), }, { From 234378de3846dc20b41efe732be58f5f8e997db3 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Mon, 18 Jan 2021 10:54:17 +0000 Subject: [PATCH 14/14] Back in business - check attribute does note exist --- vault/resource_consul_secret_backend_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/vault/resource_consul_secret_backend_test.go b/vault/resource_consul_secret_backend_test.go index 9d7288757..6e5b41ee9 100644 --- a/vault/resource_consul_secret_backend_test.go +++ b/vault/resource_consul_secret_backend_test.go @@ -29,9 +29,9 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "127.0.0.1:8500"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "http"), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", ""), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", ""), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", ""), + resource.TestCheckNoResourceAttr("vault_consul_secret_backend.test", "ca_cert"), + resource.TestCheckNoResourceAttr("vault_consul_secret_backend.test", "client_cert"), + resource.TestCheckNoResourceAttr("vault_consul_secret_backend.test", "client_key"), ), }, { @@ -44,9 +44,9 @@ func TestConsulSecretBackend(t *testing.T) { resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "address", "consul.domain.tld:8501"), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "token", token), resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "scheme", "https"), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "ca_cert", ""), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_cert", ""), - resource.TestCheckResourceAttr("vault_consul_secret_backend.test", "client_key", ""), + resource.TestCheckNoResourceAttr("vault_consul_secret_backend.test", "ca_cert"), + resource.TestCheckNoResourceAttr("vault_consul_secret_backend.test", "client_cert"), + resource.TestCheckNoResourceAttr("vault_consul_secret_backend.test", "client_key"), ), }, {