Hamza/hackweek0725 extend vault config #32
Conversation
| // Manage the vault systemd service ourselves unless it has explicitly been | ||
| // set that we should not. | ||
| if manage, set := s.ManageService.Get(); !set || (set && manage) { | ||
| if manage, set := s.ManageService.Get(); !set || manage { |
There was a problem hiding this comment.
The previous expression was always True
|
Looks like there are serialization errors for the new config. We'll want to add test for all the new optional config: https://github.com/hashicorp-forge/terraform-provider-enos/blob/main/internal/plugin/resource_vault_start_test.go#L19 as well as coverage for the new attributes: https://github.com/hashicorp-forge/terraform-provider-enos/blob/main/internal/plugin/resource_vault_start_test.go#L82 |
|
We'll also want to set the new attributes in our scenarios. Here we configure the leader and follower nodes in our test scenarios. We should consider setting all of the new attributes. Where possible, split them between leader and follower so that we ensure coverage of the attribute but also that they are optional. |
|
re: The scenario failure, if we can duplicate it with the same variants locally then it's likely either an issue with the provider that has already existed or is present when testing that version of Vault. Things that we could do but are not required:
|
There was a problem hiding this comment.
Things are looking good! In addition to the inline feedback we'll also want to bump the VERSION file as it would be nice to release this after we get the two PR's in.
We'll also want to add the new attributes into the enos_vault_start resources in our enos scenarios. Since these all ought to be optional I'd suggest splitting the attributes up and testing them across both instances of the resource.
| "usage_gauge_period": "30m", | ||
| "maximum_gague_cardinality": 100, | ||
| }) | ||
| vaultCfg.UI.Set(true) |
There was a problem hiding this comment.
I like that we're testing optional attributes being set but most of the time our issues with optional attributes arise when we think they're optional but they really are not. Perhaps we should have another test case that only provides required inputs to ensure that it plans correctly.
| return tftypes.NewValue(s.Terraform5Type(), vals) | ||
| } | ||
|
|
||
| // Add Set method and configSet for experiments |
There was a problem hiding this comment.
Lets move the doc comment to the implementation below.
| vaultCfg.PluginDirectory.Set("/opt/plugins") | ||
| vaultCfg.PluginTmpdir.Set("/tmp/plugins") | ||
| vaultCfg.PluginFileUID.Set(1001) | ||
| vaultCfg.PluginFilePermissions.Set(0644) |
There was a problem hiding this comment.
We'll need to use octal notation to please the linters
| "github.com/hashicorp/terraform-plugin-go/tftypes" | ||
| ) | ||
|
|
||
| type vaultExperimentsConfig struct { |
There was a problem hiding this comment.
Given the values here, can't we use *tfStringSlice instead of creating an entirely new type?
| - ^config.seals.tertiary.type^ (String) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) type | ||
| - ^config.seals.tertiary.attributes^ (String) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) parameters for the given seal type | ||
| - ^config.telemetry^ (Object) The Vault [telemetry](https://developer.hashicorp.com/vault/docs/configuration/telemetry#telemetry-parameters) stanza | ||
| - ^config.ha_storage^ (Object) The Vault [ha_storage](https://developer.hashicorp.com/vault/docs/internals/high-availability?productSlug=vault&tutorialSlug=raft&tutorialSlug=raft-ha-storage) stanza |
There was a problem hiding this comment.
We'll need to run make docs before merge to ensure our rendered docs are accurate.
| "github.com/hashicorp/terraform-plugin-go/tftypes" | ||
| ) | ||
|
|
||
| type vaultReportingLicenseConfig struct { |
There was a problem hiding this comment.
Did we try to use a dynamicPseudoTypeBlock for this instead of creating an individual type? I suppose the benefit here is having named attributes in a struct vs keys in a map, so if that's something we need then I understand, but at first glance it feels largely the same.
If we do end up keeping this I want to make sure that all of none of the keys are required in tests. So we'll want to test setting no reporting config, all of it, and some of it.
| return tftypes.NewValue(tftypes.Object{AttributeTypes: attrs}, vals) | ||
| } | ||
|
|
||
| // Add Set methods and configSet types for reporting |
There was a problem hiding this comment.
Lets fix the doc comments in this file.
| "github.com/hashicorp/terraform-plugin-go/tftypes" | ||
| ) | ||
|
|
||
| type vaultUserLockoutConfig struct { |
There was a problem hiding this comment.
I have much the same opinion about this as I do the reporting config. It comes down to case of tradeoffs:
With the dynamic pseudo type block we can support mixed schema automatically so we don't have to deal with the optional attributes dance. It also allows us to future proof new configuration in some cases because when we render the config on the remote target we're iterating over a map of keys and writing the values, trusting in the configuration that has been passed to be valid.
With a new type for the block we now have to maintain a strict type and deal with optional attributes ourselves. We also have to individually add any new config if it changes. The upside of course is that we have strict validation, but we can also do that kind of validation with the dynamic pseudo type block if we want to, we'll just have to deal with a map instead of a struct.
If there are reasons for a new type we'll want to follow the same criteria: tests for none, some, and all of the attributes.
| } | ||
| if val, ok := c.PluginDirectory.Get(); ok { | ||
| if configMode == "file" { | ||
| hclBuilder.AppendAttribute("plugin_directory", val) |
There was a problem hiding this comment.
Do we also want to create the directory?
Adds support for the remaining Vault configs to the
vault_startresource. The configs added are:WIP: Add acceptance test for the remaining configs