Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optional child token config #955

Closed
wants to merge 2 commits into from
Closed

Optional child token config #955

wants to merge 2 commits into from

Conversation

nikolaishields
Copy link

@nikolaishields nikolaishields commented Jan 26, 2021
edited

This adds a new (often requested) vault provider configuration setting which can allow users to disable the creation of the intermediate child token (strongly discouraged, but made available for the cases that need it).

provider "vault" {
    address = "https://vault.testdomain"
    create_intermediate_child_token = false
}

(Open to changing the name of this config item, or related env var, but I like to be verbose with settings that typically shouldn't be adjusted without reading the documentation).

Community Note

* Please vote on this pull request by adding a +1 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original pull request comment to help the community and maintainers prioritize this request

* Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Closes #29
Closes #722
Relates #550
Relates #368
Relates #192

Relates to the following as well:
hashicorp/terraform#16457
hashicorp/terraform#14839
https://groups.google.com/forum/#!topic/terraform-tool/wtlLrKVQlAo

Release note for CHANGELOG:

Add `create_intermediate_child_token` optional provider configuration setting to control the use of ephemeral child tokens for use by terraform.

Output from acceptance testing:

$ make testacc TESTARGS='-run TestAccChildToken'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run TestAccChildToken -timeout 120m
?   	github.com/terraform-providers/terraform-provider-vault	[no test files]
?   	github.com/terraform-providers/terraform-provider-vault/cmd/coverage	[no test files]
testing: warning: no tests to run
PASS
ok  	github.com/terraform-providers/terraform-provider-vault/util	0.012s [no tests to run]
=== RUN   TestAccChildToken
--- PASS: TestAccChildToken (1.15s)
PASS
ok  	github.com/terraform-providers/terraform-provider-vault/vault	1.168s

@tstraley
Create optional provider config setting for using the child token
e9489f6 
Adds setting and documentation for create_intermediate_child_token
provider configuration item. This defaults to true and is strongly
discouraged to disable. When disabled, it allows users to use the
vault terraform provider without the provided token creating
ephermeral child token.
@tstraley
Add parameterized tests for new child token option
2a704f1 
Adds tests for the `create_intermediate_child_token`
vault provider config setting.

Also refactors a couple test helper functions to avoid
duplicate code in common testing patterns.
@hashicorp-cla
Copy link

hashicorp-cla commented Jan 26, 2021
edited

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
documentation size/L
Projects
None yet
Milestone
No milestone
3 participants
@nikolaishields @hashicorp-cla @tstraley