provider/vault: vault_policy resource

[Mongey]

No description provided.

[apparentlymart]

Hi @Mongey! Thanks for implementing this.

I unfortunately don't have time to properly review an test this today, but I will take a look at it properly soon. I added myself as a reviewer to remind me to take a look next time I'm spending time on Terraform.

[stack72]

Is there a chance that someone can edit this policy manually via the CLI? If so, we are not refreshing the state of the policy and Terraform will not think there are any changes to be made

In the Read func, we need to set the policy back to state IMO

[Mongey]

@stack72 👍 will update.
I was using thevault_secret resource to guide me through implementing this; which is obviously special in the regard that it doesn't implement theRead like this should.

[apparentlymart]

Yeah, for the secret resource I was being conservative to enable write-only access tokens to be used when populating secrets, but for this one I think we can assume that an admin-ish token will be used and so there isn't a strong reason to support write-only creds here I think.

[directionless]

I was just finding myself in need of something like this. Any chance it being merged, or similar features?

[stack72]

Hi @Mongey

Thanks for this - this is now looking good! Tests are passing as well

% make testacc TEST=./builtin/providers/vault
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/13 18:52:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/vault -v  -timeout 120m
=== RUN   TestDataSourceGenericSecret
--- PASS: TestDataSourceGenericSecret (0.56s)
=== RUN   TestProvider
--- PASS: TestProvider (0.00s)
=== RUN   TestResourceGenericSecret
--- PASS: TestResourceGenericSecret (0.81s)
=== RUN   TestResourcePolicy
--- PASS: TestResourcePolicy (0.78s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/vault	2.170s

Paul