Add support to set default issuers configuration for PKI Secrets Engine #1937
Conversation
| var pkiSecretBackendFromConfigIssuersPathRegex = regexp.MustCompile("^(.+)/config/issuers") | ||
|
|
||
| const ( | ||
| fieldDefaultFollowsLatestIssuer = "default_follows_latest_issuer" |
There was a problem hiding this comment.
I thought this might be a good spot for an example to showcase that if a schema field seems very specific to only a single resource, we need not export it out of the package and needlessly bulk up our consts package. Instead, we can define an unexported constant within the same file. However, if this feels a bit unclean, I'm happy to move it to the constants package
| leading or trailing `/`s. | ||
|
|
||
| * `default` - (Required) Specifies the default issuer using the issuer ID. | ||
| **NOTE:** It is recommended to only set the default issuer using the ID. |
There was a problem hiding this comment.
In Vault, one can provide both the issuer name and issuer ID to set this field. However, since the Vault response only ever returns the issuer ID for this field, there can be a drift in the TF state if we provide an issuer name but Vault returns an issuer ID. I opted to document for now that we recommend only using the ID (since that is fairly easy to do in TF), but in the future if users feel like they specifically want to be able to set this parameter by the issuer name we can always add an additional read-only schema field that will store the ID separately (thereby removing any drifts)
There was a problem hiding this comment.
Nice! thanks for the context!
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Adds a new resource with relevant tests and documentation that allows users to set the default issuer under a mount.