New resources vault_plugin and vault_plugin_pinned_version

[tomhjp]

Description

Adds 2 new resources for managing external plugins; vault_plugin and vault_plugin_pinned_version.

Relates #1975
Closes #214

Checklist

• Added CHANGELOG entry (only for user-facing changes)
• Acceptance tests were run against all supported Vault Versions

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestPlugin'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test -run=TestPlugin -timeout 30m ./...
?       github.com/hashicorp/terraform-provider-vault   [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/coverage      [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/generate      [no test files]
?       github.com/hashicorp/terraform-provider-vault/helper    [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/consts   [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/identity/group   [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/identity/mfa     [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/pki      [no test files]
ok      github.com/hashicorp/terraform-provider-vault/codegen   (cached) [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/internal/identity/entity  (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-vault/internal/sync     [no test files]
?       github.com/hashicorp/terraform-provider-vault/schema    [no test files]
?       github.com/hashicorp/terraform-provider-vault/util/mountutil    [no test files]
ok      github.com/hashicorp/terraform-provider-vault/internal/provider (cached) [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/testutil  (cached) [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/util      (cached) [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/vault     2.780s

Example config:

provider "vault" {
}

resource "vault_plugin" "jwt" {
  type    = "auth"
  name    = "jwt"
  command = "vault-plugin-auth-jwt"
  version = "v0.17.0"
  sha256  = "6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc"
  env     = [
    "HTTP_PROXY=http://proxy.example.com:8080"
  ]
}

resource "vault_plugin_pinned_version" "jwt_pin" {
  type    = vault_plugin.jwt.type
  name    = vault_plugin.jwt.name
  version = vault_plugin.jwt.version
}

resource "vault_auth_backend" "jwt_auth" {
  type = vault_plugin_pinned_version.jwt_pin.name
}

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

[tomhjp]

Sorry - the tests are taking a bit longer than I expected. I'm working on them in https://github.com/hashicorp/terraform-provider-vault/compare/vault-24407/plugin-and-pinned-versions-support-testing?expand=1 but feel free to ignore this PR until I get them working.

[tomhjp]

The tests should pass now 👍 and I've verified that TestPlugin is running and not being skipped, but TestPluginPinnedVersion won't run in CI until we have 1.16 in the acceptance tests matrix.

[fairclothjm]

Overall LGTM. My only question is should we be checking for the resource existence and unsetting the id to remove it from TF state for both vault_plugin_pinned_version and vault_plugin?

[vinay-gopalan]

Looking great so far! Had a couple of questions/suggestions :)

[vinay-gopalan]

Thanks for working on this and responding to feedback! LGTM, had a few nits and suggestions fixes for docs sidebars, but should be good to go otherwise 😄

[tomhjp]

Thanks!