New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

provider/vault: vault_policy resource #10980

merged 3 commits into from Feb 13, 2017


None yet
4 participants

Mongey commented Dec 31, 2016

No description provided.


This comment has been minimized.


apparentlymart commented Dec 31, 2016

Hi @Mongey! Thanks for implementing this.

I unfortunately don't have time to properly review an test this today, but I will take a look at it properly soon. I added myself as a reviewer to remind me to take a look next time I'm spending time on Terraform.

@stack72 stack72 added the new-resource label Jan 2, 2017


Is there a chance that someone can edit this policy manually via the CLI? If so, we are not refreshing the state of the policy and Terraform will not think there are any changes to be made

In the Read func, we need to set the policy back to state IMO


This comment has been minimized.


Mongey commented Jan 17, 2017

@stack72 👍 will update.
I was using thevault_secret resource to guide me through implementing this; which is obviously special in the regard that it doesn't implement theRead like this should.


This comment has been minimized.


apparentlymart commented Jan 20, 2017

Yeah, for the secret resource I was being conservative to enable write-only access tokens to be used when populating secrets, but for this one I think we can assume that an admin-ish token will be used and so there isn't a strong reason to support write-only creds here I think.

@Mongey Mongey force-pushed the Mongey:cm-vault-policy branch from c6a8ae6 to ef7c077 Feb 12, 2017


This comment has been minimized.


directionless commented Feb 13, 2017

I was just finding myself in need of something like this. Any chance it being merged, or similar features?


This comment has been minimized.


stack72 commented Feb 13, 2017

Hi @Mongey

Thanks for this - this is now looking good! Tests are passing as well

% make testacc TEST=./builtin/providers/vault
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/13 18:52:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/vault -v  -timeout 120m
=== RUN   TestDataSourceGenericSecret
--- PASS: TestDataSourceGenericSecret (0.56s)
=== RUN   TestProvider
--- PASS: TestProvider (0.00s)
=== RUN   TestResourceGenericSecret
--- PASS: TestResourceGenericSecret (0.81s)
=== RUN   TestResourcePolicy
--- PASS: TestResourcePolicy (0.78s)
ok	2.170s


@stack72 stack72 merged commit a4d03c9 into hashicorp:master Feb 13, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

stack72 added a commit that referenced this pull request Feb 13, 2017

provider/vault: vault_policy resource (#10980)
* provider/vault: vault_policy resource

* website: vault_policy resource

* Refresh state when reading vault policy

@Mongey Mongey deleted the Mongey:cm-vault-policy branch Feb 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment