Add new allowed_user_key_config field (#1413)

This fix introduces a new configuration block for the ssh_secret_backend_role resource, which supports the new vault-1.10 updates to the allowed_user_key_lengths parameter. The new config block is meant to supersede the current allowed_user_key_lengths provider field. Example role config: resource "vault_ssh_secret_backend_role" "demo" { name = "role1" backend = vault_mount.demo.path allowed_user_key_config { type = "rsa" lengths = [2048, 4096] } allowed_user_key_config { type = "dss" lengths = [2048, 4096] } } * Update docs * Complete the field name refactoring * Set the correct field in the legacy case * Add changelog entry
hashicorp · Apr 14, 2022 · 28ae26d · 28ae26d
1 parent 4330724
commit 28ae26d
Show file tree

Hide file tree

Showing 5 changed files with 496 additions and 252 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 3.5.0 (Unreleased)
+FEATURES:
+* `resource/vault_ssh_secret_backend_role`: support configuring multiple public SSH key lengths in vault-1.10+
+  ([#1413](https://github.com/terraform-providers/terraform-provider-vault/pull/1413))
+
 ## 3.4.1 (March 31, 2022)
 BUGS:
 * `data/azure_access_credentials`: Fix panic when `tenant_id` and `subscription_id` are specified together; add new `environment` override field

diff --git a/go.mod b/go.mod
@@ -16,6 +16,7 @@ require (
 	github.com/gosimple/slug v1.11.0
 	github.com/hashicorp/errwrap v1.1.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
+	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-hclog v1.0.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-retryablehttp v0.7.0
@@ -27,5 +28,6 @@ require (
 	github.com/hashicorp/vault/sdk v0.3.1-0.20211214161113-fcc5f22bea02
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/opencontainers/image-spec v1.0.2 // indirect
+	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
 	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
 )