keyfactor-pub · spbsoluble · May 1, 2024 · May 2, 2024 · Aug 19, 2024 · Sep 7, 2024
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -44,69 +44,69 @@ jobs:
           git diff --compact-summary --exit-code || \
             (echo; echo "Unexpected difference in directories after code generation. Run 'go generate ./...' command and commit."; exit 1)
   # Run acceptance tests in a matrix with Terraform CLI versions
-  test:
-    name: Terraform Provider Acceptance Tests
-    needs: build
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    strategy:
-      fail-fast: false
-      max-parallel: 1
-      matrix:
-        # list whatever Terraform versions here you would like to support
-        terraform:
-          - '1.0.*'
-          - '1.1.*'
-          - '1.2.*'
-          - '1.3.*'
-          - '1.4.*'
-          - '1.5.*'
-          - '1.6.*'
-          - '1.7.*'
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-        with:
-          go-version-file: 'go.mod'
-          cache: true
-      - uses: hashicorp/setup-terraform@v2
-        with:
-          terraform_version: ${{ matrix.terraform }}
-          terraform_wrapper: false
-      - run: go mod download
-      - env:
-          TF_ACC: "1"
-          KEYFACTOR_HOSTNAME: ${{secrets.KEYFACTOR_HOSTNAME}}
-          KEYFACTOR_USERNAME: ${{secrets.KEYFACTOR_USERNAME}}
-          KEYFACTOR_PASSWORD: ${{secrets.KEYFACTOR_PASSWORD}}
-          KEYFACTOR_DOMAIN: ${{secrets.KEYFACTOR_DOMAIN}}
-
-          KEYFACTOR_CERTIFICATE_ID: ${{secrets.KEYFACTOR_CERTIFICATE_ID}}
-          KEYFACTOR_CERTIFICATE_PASSWORD: ${{secrets.KEYFACTOR_CERTIFICATE_PASSWORD}}
-          KEYFACTOR_CERTIFICATE_TEMPLATE_NAME: ${{secrets.KEYFACTOR_CERTIFICATE_TEMPLATE_NAME}}
-          KEYFACTOR_CERTIFICATE_CA_DOMAIN: ${{secrets.KEYFACTOR_CERTIFICATE_CA_DOMAIN}}
-          KEYFACTOR_CERTIFICATE_CA_NAME: ${{secrets.KEYFACTOR_CERTIFICATE_CA_NAME}}
-
-          KEYFACTOR_CERTIFICATE_STORE_ID: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_ID}}
-          KEYFACTOR_CERTIFICATE_STORE_CLIENT_MACHINE: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_CLIENT_MACHINE}}
-          KEYFACTOR_CERTIFICATE_STORE_ORCHESTRATOR_AGENT_ID: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_ORCHESTRATOR_AGENT_ID}}
-          KEYFACTOR_CERTIFICATE_STORE_CONTAINER_ID1: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_CONTAINER_ID1}}
-          KEYFACTOR_CERTIFICATE_STORE_CONTAINER_ID2: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_CONTAINER_ID2}}
-          KEYFACTOR_CERTIFICATE_STORE_PASS: ${{secrets.TEST_CERTSTORE_PASS}}
-
-          KEYFACTOR_DEPLOY_CERT_STOREID1: ${{secrets.KEYFACTOR_DEPLOY_CERT_STOREID1}}
-          KEYFACTOR_DEPLOY_CERT_STOREID2: ${{secrets.KEYFACTOR_DEPLOY_CERT_STOREID2}}
-
-          KEYFACTOR_SECURITY_ROLE_NAME: ${{secrets.KEYFACTOR_SECURITY_ROLE_NAME}}
-
-          KEYFACTOR_SECURITY_IDENTITY_ACCOUNTNAME: ${{secrets.KEYFACTOR_SECURITY_IDENTITY_ACCOUNTNAME}}
-          KEYFACTOR_SECURITY_IDENTITY_ROLE1: ${{secrets.KEYFACTOR_SECURITY_IDENTITY_ROLE1}}
-          KEYFACTOR_SECURITY_IDENTITY_ROLE2: ${{secrets.KEYFACTOR_SECURITY_IDENTITY_ROLE2}}
-
-          KEYFACTOR_TEMPLATE_ROLE_BINDING_ROLE_NAME: ${{secrets.KEYFACTOR_TEMPLATE_ROLE_BINDING_ROLE_NAME}}
-          KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME1: ${{secrets.KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME1}}
-          KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME2: ${{secrets.KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME2}}
-          KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME3: ${{secrets.KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME3}}
-
-        run: go test -v -cover ./keyfactor
-        timeout-minutes: 10
+#  test:
+#    name: Terraform Provider Acceptance Tests
+#    needs: build
+#    runs-on: ubuntu-latest
+#    timeout-minutes: 15
+#    strategy:
+#      fail-fast: false
+#      max-parallel: 1
+#      matrix:
+#        # list whatever Terraform versions here you would like to support
+#        terraform:
+#          - '1.0.*'
+#          - '1.1.*'
+#          - '1.2.*'
+#          - '1.3.*'
+#          - '1.4.*'
+#          - '1.5.*'
+#          - '1.6.*'
+#          - '1.7.*'
+#    steps:
+#      - uses: actions/checkout@v3
+#      - uses: actions/setup-go@v3
+#        with:
+#          go-version-file: 'go.mod'
+#          cache: true
+#      - uses: hashicorp/setup-terraform@v2
+#        with:
+#          terraform_version: ${{ matrix.terraform }}
+#          terraform_wrapper: false
+#      - run: go mod download
+#      - env:
+#          TF_ACC: "1"
+#          KEYFACTOR_HOSTNAME: ${{secrets.KEYFACTOR_HOSTNAME}}
+#          KEYFACTOR_USERNAME: ${{secrets.KEYFACTOR_USERNAME}}
+#          KEYFACTOR_PASSWORD: ${{secrets.KEYFACTOR_PASSWORD}}
+#          KEYFACTOR_DOMAIN: ${{secrets.KEYFACTOR_DOMAIN}}
+#
+#          KEYFACTOR_CERTIFICATE_ID: ${{secrets.KEYFACTOR_CERTIFICATE_ID}}
+#          KEYFACTOR_CERTIFICATE_PASSWORD: ${{secrets.KEYFACTOR_CERTIFICATE_PASSWORD}}
+#          KEYFACTOR_CERTIFICATE_TEMPLATE_NAME: ${{secrets.KEYFACTOR_CERTIFICATE_TEMPLATE_NAME}}
+#          KEYFACTOR_CERTIFICATE_CA_DOMAIN: ${{secrets.KEYFACTOR_CERTIFICATE_CA_DOMAIN}}
+#          KEYFACTOR_CERTIFICATE_CA_NAME: ${{secrets.KEYFACTOR_CERTIFICATE_CA_NAME}}
+#
+#          KEYFACTOR_CERTIFICATE_STORE_ID: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_ID}}
+#          KEYFACTOR_CERTIFICATE_STORE_CLIENT_MACHINE: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_CLIENT_MACHINE}}
+#          KEYFACTOR_CERTIFICATE_STORE_ORCHESTRATOR_AGENT_ID: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_ORCHESTRATOR_AGENT_ID}}
+#          KEYFACTOR_CERTIFICATE_STORE_CONTAINER_ID1: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_CONTAINER_ID1}}
+#          KEYFACTOR_CERTIFICATE_STORE_CONTAINER_ID2: ${{secrets.KEYFACTOR_CERTIFICATE_STORE_CONTAINER_ID2}}
+#          KEYFACTOR_CERTIFICATE_STORE_PASS: ${{secrets.TEST_CERTSTORE_PASS}}
+#
+#          KEYFACTOR_DEPLOY_CERT_STOREID1: ${{secrets.KEYFACTOR_DEPLOY_CERT_STOREID1}}
+#          KEYFACTOR_DEPLOY_CERT_STOREID2: ${{secrets.KEYFACTOR_DEPLOY_CERT_STOREID2}}
+#
+#          KEYFACTOR_SECURITY_ROLE_NAME: ${{secrets.KEYFACTOR_SECURITY_ROLE_NAME}}
+#
+#          KEYFACTOR_SECURITY_IDENTITY_ACCOUNTNAME: ${{secrets.KEYFACTOR_SECURITY_IDENTITY_ACCOUNTNAME}}
+#          KEYFACTOR_SECURITY_IDENTITY_ROLE1: ${{secrets.KEYFACTOR_SECURITY_IDENTITY_ROLE1}}
+#          KEYFACTOR_SECURITY_IDENTITY_ROLE2: ${{secrets.KEYFACTOR_SECURITY_IDENTITY_ROLE2}}
+#
+#          KEYFACTOR_TEMPLATE_ROLE_BINDING_ROLE_NAME: ${{secrets.KEYFACTOR_TEMPLATE_ROLE_BINDING_ROLE_NAME}}
+#          KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME1: ${{secrets.KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME1}}
+#          KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME2: ${{secrets.KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME2}}
+#          KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME3: ${{secrets.KEYFACTOR_TEMPLATE_ROLE_BINDING_TEMPLATE_NAME3}}
+#
+#        run: go test -v -cover ./keyfactor
+#        timeout-minutes: 10
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,14 +1,11 @@
 # Visit https://goreleaser.com for documentation on how to customize this
 # behavior.
+version: 2
 before:
   hooks:
-    # this is just an example and not a requirement for provider building/publishing
     - go mod tidy
 builds:
   - env:
-      # goreleaser does not work with CGO, it could also complicate
-      # usage by users in CI/CD systems like Terraform Cloud where
-      # they are unable to install libraries.
       - CGO_ENABLED=0
     mod_timestamp: '{{ .CommitTimestamp }}'
     flags:
@@ -39,13 +36,11 @@ checksum:
   name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
   algorithm: sha256
 signs:
-  - artifacts: checksum
+  - artifacts: all  # Sign all artifacts (binaries, archives, etc.)
     args:
-      # if you are using this in a GitHub action or some other automated pipeline, you 
-      # need to pass the batch flag to indicate its not interactive.
       - "--batch"
       - "--local-user"
-      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "{{ .Env.GPG_FINGERPRINT }}"
       - "--output"
       - "${signature}"
       - "--detach-sign"
@@ -57,15 +52,10 @@ release:
   github:
     owner: keyfactor-pub
     name: terraform-provider-keyfactor
-
   extra_files:
     - glob: 'terraform-registry-manifest.json'
       name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
-  # If you want to manually examine the release before its live, uncomment this line:
-  # draft: true
 changelog:
-  skip: false
-  sort: desc
   filters:
     exclude:
-      - docs
+      - docs
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,14 @@
+# v2.2.0
+### Certificates
+
+#### Features
+* feat(certificates): `keyfactor_certificate` resource has a new parameter `collection_enrollment_wait` that allows the user to define an arbitrary wait time for the collection enrollment to complete. The default is 0 seconds.
+* feat(certificates): `keyfactor_certificate` resources now support `collection_enrollment_wait_max_retries`
+
+#### Fixes
+
+* fix(certificates): `keyfactor_certificate` resource `metadata` updates are now correctly scoped by `collection_id` if provided.
+
 # v2.1.11
 
 ### Certificates

diff --git a/GNUmakefile b/GNUmakefile
@@ -5,7 +5,7 @@ GOFMT_FILES  := $$(find $(PROVIDER_DIR) -name '*.go' |grep -v vendor)
 NAMESPACE=keyfactor-pub
 WEBSITE_REPO=https://github.com/Keyfactor/terraform-provider-keyfactor
 NAME=keyfactor
-VERSION=2.1.10
+VERSION=2.2.0-rc.8
 BINARY=terraform-provider-${NAME}
 BINARYV2=terraform-provider-${NAME}_${VERSION}
 OS_ARCH := $(shell go env GOOS)_$(shell go env GOARCH)

diff --git a/docs/resources/certificate.md b/docs/resources/certificate.md
@@ -88,6 +88,8 @@ resource "keyfactor_certificate" "kf_csr_cert" {
 
 ### Optional
 
+- `collection_enrollment_wait` (String) The maximum time to wait for a certificate to be added to a collection, post enrollment. This is useful for certificates that trigger issue handlers and/or workflows post enrollment and will delay the certificate being added to the expected collection. Format: 1h, 1m, 1s. Default: 0.
+- `collection_enrollment_wait_max_retries` (Number) The maximum number of times to retry checking if a certificate has been added to a collection in 30 second intervals. This takes precedence over `collection_enrollment_wait`. Default: 0.
 - `collection_id` (Number) Optional certificate collection ID. This is required if enrollment permissions have been granted at the collection level. NOTE: This will *not* assign the cert to the specified collection ID; assignment is based the collection's associated query. For more information on collection permissions see the Keyfactor Command docs: https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/CertificatePermissions.htm?Highlight=collection%20permissions
 - `common_name` (String) Subject common name (CN) of the certificate.
 - `country` (String) Subject country of the certificate