Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error handling for identity_oidc_key vault calls #1142

Merged
merged 1 commit into from Aug 12, 2021
Merged

Error handling for identity_oidc_key vault calls #1142

merged 1 commit into from Aug 12, 2021

Conversation

tvoran
Copy link
Member

@tvoran tvoran commented Aug 9, 2021
edited

Checks the err from identityOidcKeyApiWrite() and adds tests to
exercise the error handling. Updates allowed client id test to satisfy
rotation_period and verification_ttl restrictions that are now
enforced in Vault 1.8.1 per hashicorp/vault#12151.

Since CI is using the latest vault image, TestAccIdentityOidcKeyAllowedClientId() started failing because the config change in ttl's wasn't being successfully applied to Vault, because 3600 was lower than the associated role's token ttl. The error being ignored from Vault was of the form:

unable to update key "test-role-8337740116836207150" because it is currently referenced by one or more roles with a token ttl greater than 3600 seconds

Community Note

  • Please vote on this pull request by adding a 馃憤 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Relates to hashicorp/vault#12151

Release note for CHANGELOG:

resource/identity_oidc_key: Error handling for identity oidc key vault calls

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccIdentityOidc -count=1'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./...) -v -run=TestAccIdentityOidc -count=1 -timeout 120m
[...]
=== RUN   TestAccIdentityOidcKeyAllowedClientId
--- PASS: TestAccIdentityOidcKeyAllowedClientId (0.53s)
=== RUN   TestAccIdentityOidcKey
--- PASS: TestAccIdentityOidcKey (0.30s)
=== RUN   TestAccIdentityOidcKeyUpdate
--- PASS: TestAccIdentityOidcKeyUpdate (0.55s)
=== RUN   TestAccIdentityOidcRole
--- PASS: TestAccIdentityOidcRole (0.23s)
=== RUN   TestAccIdentityOidcRoleWithClientId
--- PASS: TestAccIdentityOidcRoleWithClientId (0.31s)
=== RUN   TestAccIdentityOidcRoleUpdate
--- PASS: TestAccIdentityOidcRoleUpdate (0.45s)
=== RUN   TestAccIdentityOidc
--- PASS: TestAccIdentityOidc (0.20s)
PASS
ok  	github.com/hashicorp/terraform-provider-vault/vault	4.632s

@tvoran
Error handling for identity oidc vault calls
e67556a 
Checks the err from `identityOidcKeyApiWrite()` and adds tests to
exercise the error handling. Updates allowed client id test to satisfy
rotation_period and verification_ttl restrictions that are now
enforced in Vault 1.8.1.
@github-actions github-actions bot added the size/S label Aug 9, 2021
@tvoran tvoran merged commit 06651b1 into master Aug 12, 2021
@tvoran tvoran deleted the fix-identity-oidc-test branch August 12, 2021 21:17
davidmontoyago pushed a commit to davidmontoyago/terraform-provider-vault that referenced this pull request Aug 17, 2021
@tvoran @davidmontoyago
Error handling for identity oidc vault calls (hashicorp#1142)
15ff097 
Checks the err from `identityOidcKeyApiWrite()` and adds tests to
exercise the error handling. Updates allowed client id test to satisfy
rotation_period and verification_ttl restrictions that are now
enforced in Vault 1.8.1.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

@fairclothjm fairclothjm fairclothjm approved these changes

@austingebauer austingebauer Awaiting requested review from austingebauer

Assignees
No one assigned
Labels
size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tvoran @calvn @fairclothjm