vault_ssh_secret_backend_role: add algorithm_signer argument

[andreaso]

The algorithm_signer argument was introduced in Vault 1.4.3. See also hashicorp/vault#9096.

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Release note for CHANGELOG:

resource/vault_ssh_secret_backend_role: Support new `algorithm_signer` argument

Output from acceptance testing:

$ TESTARGS="--run SSHSecretBackendRole" make testacc
...
=== RUN   TestAccSSHSecretBackendRole_basic
--- PASS: TestAccSSHSecretBackendRole_basic (0.27s)
=== RUN   TestAccSSHSecretBackendRoleOTP_basic
--- PASS: TestAccSSHSecretBackendRoleOTP_basic (0.16s)
=== RUN   TestAccSSHSecretBackendRole_import
--- PASS: TestAccSSHSecretBackendRole_import (0.18s)
...

[andreaso]

Hello @catsby. It was suggested in #vault-tool that I might want to ping you about this PR.

[catsby]

Sorry for the delay in review! I think we need to remove the Default at this time. Perhaps when this was originally opened the default was true, but I believe with hashicorp/vault#9824 that's not longer the case (and the docs on vaultproject.io need to be updated, I think)

[catsby]

I think we need to leave algorithm_signer as Optional: true and Computed: true and remove the default. The documentation on vaultproject.io says ssh-rsa is the default, but I believe that's not actually the case anymore. The API is returning "" now and not returning any defaults

[catsby]

Thank you for contributing! I made minor updates to account for the ssh-rsa no longer being a default, and I'm going to pull this in now. Thanks!

[andreaso]

Thanks!

Any best guest on when there will be a new release of the provider?