diff --git a/internal/consts/consts.go b/internal/consts/consts.go index 8bfd3dc11..3e850ec80 100644 --- a/internal/consts/consts.go +++ b/internal/consts/consts.go @@ -37,7 +37,7 @@ const ( FieldParameters = "parameters" FieldMethod = "method" FieldNamespace = "namespace" - FieldIsRootNamespace = "is_root_namespace" + FieldUseRootNamespace = "use_root_namespace" FieldNamespaceID = "namespace_id" FieldNamespacePath = "namespace_path" FieldPathFQ = "path_fq" diff --git a/internal/provider/auth.go b/internal/provider/auth.go index fd77767c2..31e5214ce 100644 --- a/internal/provider/auth.go +++ b/internal/provider/auth.go @@ -151,7 +151,7 @@ func (l *AuthLoginCommon) Init(d *schema.ResourceData, authField string, validat func (l *AuthLoginCommon) Namespace() (string, bool) { if l.params != nil { - if v, ok := l.params[consts.FieldIsRootNamespace]; ok && v.(bool) { + if v, ok := l.params[consts.FieldUseRootNamespace]; ok && v.(bool) { return "", true } @@ -250,6 +250,12 @@ func (l *AuthLoginCommon) init(d *schema.ResourceData) (string, map[string]inter var params map[string]interface{} if v, ok := l.getOk(d, consts.FieldParameters); ok { params = v.(map[string]interface{}) + ns, _ := l.getOk(d, consts.FieldNamespace) + params[consts.FieldNamespace] = ns + + if v := l.get(d, consts.FieldUseRootNamespace); v != nil { + params[consts.FieldUseRootNamespace] = v + } } else { v := config[0] if v == nil { @@ -259,10 +265,6 @@ func (l *AuthLoginCommon) init(d *schema.ResourceData) (string, map[string]inter } } - if v, ok := params[consts.FieldIsRootNamespace]; ok && !v.(bool) { - delete(params, consts.FieldIsRootNamespace) - } - l.initialized = true return path, params, nil @@ -302,6 +304,10 @@ func (l *AuthLoginCommon) getOk(d *schema.ResourceData, field string) (interface return d.GetOk(l.fieldPath(d, field)) } +func (l *AuthLoginCommon) get(d *schema.ResourceData, field string) interface{} { + return d.Get(l.fieldPath(d, field)) +} + func (l *AuthLoginCommon) fieldPath(d *schema.ResourceData, field string) string { return fmt.Sprintf("%s.0.%s", l.authField, field) } @@ -332,24 +338,35 @@ func GetAuthLogin(r *schema.ResourceData) (AuthLogin, error) { return nil, nil } -func mustAddLoginSchema(r *schema.Resource, defaultMount string) *schema.Resource { +func mustAddLoginSchema(r *schema.Resource, authField string, defaultMount string) *schema.Resource { m := map[string]*schema.Schema{ consts.FieldNamespace: { Type: schema.TypeString, Optional: true, Description: fmt.Sprintf( "The authentication engine's namespace. Conflicts with %s", - consts.FieldIsRootNamespace, + consts.FieldUseRootNamespace, ), + ConflictsWith: []string{ + fmt.Sprintf("%s.0.%s", + authField, + consts.FieldUseRootNamespace, + ), + }, }, - consts.FieldIsRootNamespace: { + consts.FieldUseRootNamespace: { Type: schema.TypeBool, Optional: true, Description: fmt.Sprintf( "Authenticate to the root Vault namespace. Conflicts with %s", consts.FieldNamespace, ), - ConflictsWith: []string{consts.FieldNamespace}, + ConflictsWith: []string{ + fmt.Sprintf("%s.0.%s", + authField, + consts.FieldNamespace, + ), + }, }, } diff --git a/internal/provider/auth_aws.go b/internal/provider/auth_aws.go index 1c3bcf52d..d8047fd26 100644 --- a/internal/provider/auth_aws.go +++ b/internal/provider/auth_aws.go @@ -128,7 +128,7 @@ func GetAWSLoginSchemaResource(authField string) *schema.Resource { Description: `The Vault header value to include in the STS signing request.`, }, }, - }, consts.MountTypeAWS) + }, authField, consts.MountTypeAWS) } var _ AuthLogin = (*AuthLoginAWS)(nil) diff --git a/internal/provider/auth_aws_test.go b/internal/provider/auth_aws_test.go index 19a9594c0..677d70b25 100644 --- a/internal/provider/auth_aws_test.go +++ b/internal/provider/auth_aws_test.go @@ -46,6 +46,7 @@ func TestAuthLoginAWS_Init(t *testing.T) { }, expectParams: map[string]interface{}{ consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, consts.FieldRole: "alice", consts.FieldMount: consts.MountTypeAWS, consts.FieldAWSAccessKeyID: "key-id", diff --git a/internal/provider/auth_azure.go b/internal/provider/auth_azure.go index 2bdf49779..ba99d37b7 100644 --- a/internal/provider/auth_azure.go +++ b/internal/provider/auth_azure.go @@ -99,7 +99,7 @@ func GetAzureLoginSchemaResource(authField string) *schema.Resource { ConflictsWith: []string{fmt.Sprintf("%s.0.%s", authField, consts.FieldJWT)}, }, }, - }, consts.MountTypeAzure) + }, authField, consts.MountTypeAzure) } var _ AuthLogin = (*AuthLoginAzure)(nil) diff --git a/internal/provider/auth_azure_test.go b/internal/provider/auth_azure_test.go index 85340ca5c..dba384b3b 100644 --- a/internal/provider/auth_azure_test.go +++ b/internal/provider/auth_azure_test.go @@ -38,6 +38,7 @@ func TestAuthLoginAzure_Init(t *testing.T) { }, expectParams: map[string]interface{}{ consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, consts.FieldMount: consts.MountTypeAzure, consts.FieldRole: "alice", consts.FieldJWT: "jwt1", diff --git a/internal/provider/auth_cert.go b/internal/provider/auth_cert.go index abbdea424..e1332e44c 100644 --- a/internal/provider/auth_cert.go +++ b/internal/provider/auth_cert.go @@ -55,7 +55,7 @@ func GetCertLoginSchemaResource(authField string) *schema.Resource { Description: "Path to a file containing the private key that the certificate was issued for.", }, }, - }, consts.MountTypeCert) + }, authField, consts.MountTypeCert) } var _ AuthLogin = (*AuthLoginCert)(nil) diff --git a/internal/provider/auth_cert_test.go b/internal/provider/auth_cert_test.go index 5f93d82e5..a60958e17 100644 --- a/internal/provider/auth_cert_test.go +++ b/internal/provider/auth_cert_test.go @@ -53,12 +53,13 @@ func TestAuthLoginCert_Init(t *testing.T) { }, authField: consts.FieldAuthLoginCert, expectParams: map[string]interface{}{ - consts.FieldNamespace: "", - consts.FieldMount: consts.MountTypeCert, - consts.FieldName: "", - consts.FieldCACertFile: "ca.crt", - consts.FieldCertFile: "cert.crt", - consts.FieldKeyFile: "cert.key", + consts.FieldNamespace: "", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeCert, + consts.FieldName: "", + consts.FieldCACertFile: "ca.crt", + consts.FieldCertFile: "cert.crt", + consts.FieldKeyFile: "cert.key", }, wantErr: false, }, @@ -75,11 +76,12 @@ func TestAuthLoginCert_Init(t *testing.T) { }, authField: consts.FieldAuthLoginCert, expectParams: map[string]interface{}{ - consts.FieldNamespace: "", - consts.FieldMount: consts.MountTypeCert, - consts.FieldName: "bob", - consts.FieldCertFile: "cert.crt", - consts.FieldKeyFile: "cert.key", + consts.FieldNamespace: "", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeCert, + consts.FieldName: "bob", + consts.FieldCertFile: "cert.crt", + consts.FieldKeyFile: "cert.key", }, wantErr: false, }, @@ -97,12 +99,13 @@ func TestAuthLoginCert_Init(t *testing.T) { }, authField: consts.FieldAuthLoginCert, expectParams: map[string]interface{}{ - consts.FieldNamespace: "ns1", - consts.FieldMount: consts.MountTypeCert, - consts.FieldName: "", - consts.FieldCACertFile: "ca.crt", - consts.FieldCertFile: "cert.crt", - consts.FieldKeyFile: "cert.key", + consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeCert, + consts.FieldName: "", + consts.FieldCACertFile: "ca.crt", + consts.FieldCertFile: "cert.crt", + consts.FieldKeyFile: "cert.key", }, wantErr: false, }, @@ -125,15 +128,16 @@ func TestAuthLoginCert_Init(t *testing.T) { }, authField: consts.FieldAuthLoginCert, expectParams: map[string]interface{}{ - consts.FieldCACertDir: "/foo/baz", - consts.FieldSkipTLSVerify: true, - consts.FieldTLSServerName: "baz.biff", - consts.FieldNamespace: "ns1", - consts.FieldMount: "cert1", - consts.FieldName: "bob", - consts.FieldCACertFile: "ca.crt", - consts.FieldCertFile: "cert.crt", - consts.FieldKeyFile: "cert.key", + consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, + consts.FieldCACertDir: "/foo/baz", + consts.FieldSkipTLSVerify: true, + consts.FieldTLSServerName: "baz.biff", + consts.FieldMount: "cert1", + consts.FieldName: "bob", + consts.FieldCACertFile: "ca.crt", + consts.FieldCertFile: "cert.crt", + consts.FieldKeyFile: "cert.key", }, wantErr: false, }, diff --git a/internal/provider/auth_gcp.go b/internal/provider/auth_gcp.go index 56c39e002..5c8655b43 100644 --- a/internal/provider/auth_gcp.go +++ b/internal/provider/auth_gcp.go @@ -76,7 +76,7 @@ func GetGCPLoginSchemaResource(authField string) *schema.Resource { ConflictsWith: []string{fmt.Sprintf("%s.0.%s", authField, consts.FieldJWT)}, }, }, - }, consts.MountTypeGCP) + }, authField, consts.MountTypeGCP) } var _ AuthLogin = (*AuthLoginGCP)(nil) @@ -120,7 +120,7 @@ func (l *AuthLoginGCP) Login(client *api.Client) (*api.Secret, error) { } params, err := l.copyParamsExcluding( - consts.FieldIsRootNamespace, + consts.FieldUseRootNamespace, consts.FieldNamespace, consts.FieldMount, consts.FieldJWT, diff --git a/internal/provider/auth_generic.go b/internal/provider/auth_generic.go index 073660b75..00c5d1654 100644 --- a/internal/provider/auth_generic.go +++ b/internal/provider/auth_generic.go @@ -5,6 +5,7 @@ package provider import ( "fmt" + "log" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/vault/api" @@ -33,32 +34,16 @@ func GetGenericLoginSchema(authField string) *schema.Schema { } func GetGenericLoginSchemaResource(_ string) *schema.Resource { - return &schema.Resource{ + return mustAddLoginSchema(&schema.Resource{ Schema: map[string]*schema.Schema{ consts.FieldPath: { Type: schema.TypeString, Required: true, }, - consts.FieldNamespace: { - Type: schema.TypeString, - Optional: true, - Description: fmt.Sprintf( - "The authentication engine's namespace. Conflicts with %s", - consts.FieldIsRootNamespace, - ), - }, - consts.FieldIsRootNamespace: { - Type: schema.TypeBool, - Optional: true, - Description: fmt.Sprintf( - "Authenticate to the root Vault namespace. Conflicts with %s", - consts.FieldNamespace, - ), - ConflictsWith: []string{consts.FieldNamespace}, - }, consts.FieldParameters: { - Type: schema.TypeMap, - Optional: true, + Type: schema.TypeMap, + Optional: true, + Sensitive: true, Elem: &schema.Schema{ Type: schema.TypeString, }, @@ -68,7 +53,7 @@ func GetGenericLoginSchemaResource(_ string) *schema.Resource { Optional: true, }, }, - } + }, consts.FieldAuthLoginGeneric, consts.MountTypeNone) } var _ AuthLogin = (*AuthLoginGeneric)(nil) @@ -78,10 +63,8 @@ var _ AuthLogin = (*AuthLoginGeneric)(nil) // Requires configuration provided by SchemaLoginGeneric. type AuthLoginGeneric struct { AuthLoginCommon - path string - namespace string - namespaceExists bool - method string + path string + method string } func (l *AuthLoginGeneric) Init(d *schema.ResourceData, authField string) (AuthLogin, error) { @@ -115,7 +98,10 @@ func (l *AuthLoginGeneric) Login(client *api.Client) (*api.Secret, error) { return nil, err } - params, err := l.copyParams() + params, err := l.copyParamsExcluding( + consts.FieldNamespace, + consts.FieldUseRootNamespace, + ) if err != nil { return nil, err } diff --git a/internal/provider/auth_generic_test.go b/internal/provider/auth_generic_test.go index 09d25b046..9b5d614b3 100644 --- a/internal/provider/auth_generic_test.go +++ b/internal/provider/auth_generic_test.go @@ -19,7 +19,7 @@ func TestAuthLoginGeneric_Namespace(t *testing.T) { { name: "root-ns", params: map[string]interface{}{ - consts.FieldIsRootNamespace: true, + consts.FieldUseRootNamespace: true, }, want: "", exists: true, diff --git a/internal/provider/auth_jwt.go b/internal/provider/auth_jwt.go index b65886de8..bfa74aab5 100644 --- a/internal/provider/auth_jwt.go +++ b/internal/provider/auth_jwt.go @@ -33,7 +33,7 @@ func GetJWTLoginSchema(authField string) *schema.Schema { } // GetJWTLoginSchemaResource for the jwt authentication engine. -func GetJWTLoginSchemaResource(_ string) *schema.Resource { +func GetJWTLoginSchemaResource(authField string) *schema.Resource { return mustAddLoginSchema(&schema.Resource{ Schema: map[string]*schema.Schema{ consts.FieldRole: { @@ -48,7 +48,7 @@ func GetJWTLoginSchemaResource(_ string) *schema.Resource { DefaultFunc: schema.EnvDefaultFunc(consts.EnvVarVaultAuthJWT, nil), }, }, - }, consts.MountTypeJWT) + }, authField, consts.MountTypeJWT) } var _ AuthLogin = (*AuthLoginJWT)(nil) @@ -94,7 +94,7 @@ func (l *AuthLoginJWT) Login(client *api.Client) (*api.Secret, error) { } params, err := l.copyParamsExcluding( - consts.FieldIsRootNamespace, + consts.FieldUseRootNamespace, consts.FieldNamespace, consts.FieldMount, ) diff --git a/internal/provider/auth_jwt_test.go b/internal/provider/auth_jwt_test.go index 19520b34e..7a4c302c3 100644 --- a/internal/provider/auth_jwt_test.go +++ b/internal/provider/auth_jwt_test.go @@ -31,10 +31,11 @@ func TestAuthLoginJWT_Init(t *testing.T) { }, }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "ns1", - consts.FieldMount: consts.MountTypeJWT, - consts.FieldRole: "alice", - consts.FieldJWT: "jwt1", + consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeJWT, + consts.FieldRole: "alice", + consts.FieldJWT: "jwt1", }, wantErr: false, }, diff --git a/internal/provider/auth_kerberos.go b/internal/provider/auth_kerberos.go index 411c217b9..9c57bd909 100644 --- a/internal/provider/auth_kerberos.go +++ b/internal/provider/auth_kerberos.go @@ -98,7 +98,7 @@ func GetKerberosLoginSchemaResource(authField string) *schema.Resource { Description: "Strip the host from the username found in the keytab.", }, }, - }, consts.MountTypeKerberos) + }, authField, consts.MountTypeKerberos) return s } diff --git a/internal/provider/auth_kerberos_test.go b/internal/provider/auth_kerberos_test.go index 769d9cb03..2828b5d78 100644 --- a/internal/provider/auth_kerberos_test.go +++ b/internal/provider/auth_kerberos_test.go @@ -39,8 +39,9 @@ func TestAuthLoginKerberos_Init(t *testing.T) { }, authField: consts.FieldAuthLoginKerberos, expectParams: map[string]interface{}{ - consts.FieldToken: testNegTokenInit, consts.FieldNamespace: "", + consts.FieldUseRootNamespace: false, + consts.FieldToken: testNegTokenInit, consts.FieldMount: consts.MountTypeKerberos, consts.FieldUsername: "", consts.FieldService: "", diff --git a/internal/provider/auth_oci.go b/internal/provider/auth_oci.go index b558e9b54..eb61faa93 100644 --- a/internal/provider/auth_oci.go +++ b/internal/provider/auth_oci.go @@ -43,7 +43,7 @@ func GetOCILoginSchema(authField string) *schema.Schema { } // GetOCILoginSchemaResource for the OCI authentication engine. -func GetOCILoginSchemaResource(_ string) *schema.Resource { +func GetOCILoginSchemaResource(authField string) *schema.Resource { return mustAddLoginSchema(&schema.Resource{ Schema: map[string]*schema.Schema{ consts.FieldRole: { @@ -60,7 +60,7 @@ func GetOCILoginSchemaResource(_ string) *schema.Resource { ), }, }, - }, consts.MountTypeOCI) + }, authField, consts.MountTypeOCI) } var _ AuthLogin = (*AuthLoginOCI)(nil) diff --git a/internal/provider/auth_oci_test.go b/internal/provider/auth_oci_test.go index 8a9d553f8..f8bafd3c2 100644 --- a/internal/provider/auth_oci_test.go +++ b/internal/provider/auth_oci_test.go @@ -34,10 +34,11 @@ func TestAuthLoginOCI_Init(t *testing.T) { }, }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "ns1", - consts.FieldMount: consts.MountTypeOCI, - consts.FieldRole: "alice", - consts.FieldAuthType: ociAuthTypeAPIKeys, + consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeOCI, + consts.FieldRole: "alice", + consts.FieldAuthType: ociAuthTypeAPIKeys, }, wantErr: false, }, diff --git a/internal/provider/auth_oidc.go b/internal/provider/auth_oidc.go index 6427d5883..d7df69b5a 100644 --- a/internal/provider/auth_oidc.go +++ b/internal/provider/auth_oidc.go @@ -35,7 +35,7 @@ func GetOIDCLoginSchema(authField string) *schema.Schema { } // GetOIDCLoginSchemaResource for the oidc authentication engine. -func GetOIDCLoginSchemaResource(_ string) *schema.Resource { +func GetOIDCLoginSchemaResource(authField string) *schema.Resource { s := mustAddLoginSchema(&schema.Resource{ Schema: map[string]*schema.Schema{ consts.FieldRole: { @@ -56,7 +56,7 @@ func GetOIDCLoginSchemaResource(_ string) *schema.Resource { ValidateDiagFunc: GetValidateDiagURI([]string{"http", "https"}), }, }, - }, consts.MountTypeOIDC) + }, authField, consts.MountTypeOIDC) return s } diff --git a/internal/provider/auth_oidc_test.go b/internal/provider/auth_oidc_test.go index 2986ecd91..cc1069222 100644 --- a/internal/provider/auth_oidc_test.go +++ b/internal/provider/auth_oidc_test.go @@ -33,6 +33,7 @@ func TestAuthLoginOIDC_Init(t *testing.T) { }, expectParams: map[string]interface{}{ consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, consts.FieldMount: consts.MountTypeOIDC, consts.FieldRole: "alice", consts.FieldCallbackListenerAddress: "", diff --git a/internal/provider/auth_radius.go b/internal/provider/auth_radius.go index 13ce271d5..3b6b514e0 100644 --- a/internal/provider/auth_radius.go +++ b/internal/provider/auth_radius.go @@ -33,7 +33,7 @@ func GetRadiusLoginSchema(authField string) *schema.Schema { } // GetRadiusLoginSchemaResource for the radius authentication engine. -func GetRadiusLoginSchemaResource(_ string) *schema.Resource { +func GetRadiusLoginSchemaResource(authField string) *schema.Resource { return mustAddLoginSchema(&schema.Resource{ Schema: map[string]*schema.Schema{ consts.FieldUsername: { @@ -49,7 +49,7 @@ func GetRadiusLoginSchemaResource(_ string) *schema.Resource { DefaultFunc: schema.EnvDefaultFunc(consts.EnvVarRadiusPassword, nil), }, }, - }, consts.MountTypeRadius) + }, authField, consts.MountTypeRadius) } var _ AuthLogin = (*AuthLoginRadius)(nil) @@ -95,7 +95,7 @@ func (l *AuthLoginRadius) Login(client *api.Client) (*api.Secret, error) { } params, err := l.copyParamsExcluding( - consts.FieldIsRootNamespace, + consts.FieldUseRootNamespace, consts.FieldNamespace, consts.FieldMount, ) diff --git a/internal/provider/auth_radius_test.go b/internal/provider/auth_radius_test.go index 06b5f0936..cf66714ab 100644 --- a/internal/provider/auth_radius_test.go +++ b/internal/provider/auth_radius_test.go @@ -31,10 +31,11 @@ func TestAuthLoginRadius_Init(t *testing.T) { }, }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "ns1", - consts.FieldMount: consts.MountTypeRadius, - consts.FieldUsername: "alice", - consts.FieldPassword: "password1", + consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeRadius, + consts.FieldUsername: "alice", + consts.FieldPassword: "password1", }, wantErr: false, }, diff --git a/internal/provider/auth_test.go b/internal/provider/auth_test.go index 389eb50cc..fd5315a08 100644 --- a/internal/provider/auth_test.go +++ b/internal/provider/auth_test.go @@ -278,7 +278,7 @@ func TestAuthLoginCommon_Namespace(t *testing.T) { { name: "root-ns", params: map[string]interface{}{ - consts.FieldIsRootNamespace: true, + consts.FieldUseRootNamespace: true, }, want: "", exists: true, diff --git a/internal/provider/auth_token_file.go b/internal/provider/auth_token_file.go index 95bbc7b26..4c7a6ba06 100644 --- a/internal/provider/auth_token_file.go +++ b/internal/provider/auth_token_file.go @@ -37,7 +37,7 @@ func GetTokenFileSchema(authField string) *schema.Schema { } // GetTokenFileSchemaResource for pre-authenticated token-from-file. -func GetTokenFileSchemaResource(_ string) *schema.Resource { +func GetTokenFileSchemaResource(authField string) *schema.Resource { return mustAddLoginSchema(&schema.Resource{ Schema: map[string]*schema.Schema{ consts.FieldFilename: { @@ -48,7 +48,7 @@ func GetTokenFileSchemaResource(_ string) *schema.Resource { "line that is a valid Vault token", }, }, - }, consts.MountTypeNone) + }, authField, consts.MountTypeNone) } var _ AuthLogin = (*AuthLoginTokenFile)(nil) diff --git a/internal/provider/auth_token_file_test.go b/internal/provider/auth_token_file_test.go index 8730b44e3..944eed7b6 100644 --- a/internal/provider/auth_token_file_test.go +++ b/internal/provider/auth_token_file_test.go @@ -31,8 +31,9 @@ func TestAuthLoginTokenFile_Init(t *testing.T) { }, }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "", - consts.FieldFilename: "vault-token", + consts.FieldNamespace: "", + consts.FieldUseRootNamespace: false, + consts.FieldFilename: "vault-token", }, wantErr: false, }, @@ -48,8 +49,9 @@ func TestAuthLoginTokenFile_Init(t *testing.T) { consts.EnvVarTokenFilename: "/tmp/vault-token", }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "", - consts.FieldFilename: "/tmp/vault-token", + consts.FieldNamespace: "", + consts.FieldUseRootNamespace: false, + consts.FieldFilename: "/tmp/vault-token", }, wantErr: false, }, diff --git a/internal/provider/auth_userpass.go b/internal/provider/auth_userpass.go index 7606d1044..c7c82e427 100644 --- a/internal/provider/auth_userpass.go +++ b/internal/provider/auth_userpass.go @@ -64,7 +64,7 @@ func GetUserpassLoginSchemaResource(authField string) *schema.Resource { }, }, }, - }, consts.MountTypeUserpass) + }, authField, consts.MountTypeUserpass) } var _ AuthLogin = (*AuthLoginUserpass)(nil) @@ -105,7 +105,7 @@ func (l *AuthLoginUserpass) Login(client *api.Client) (*api.Secret, error) { } params, err := l.copyParamsExcluding( - consts.FieldIsRootNamespace, + consts.FieldUseRootNamespace, consts.FieldNamespace, consts.FieldMount, ) diff --git a/internal/provider/auth_userpass_test.go b/internal/provider/auth_userpass_test.go index 9cd11f11b..ea8cc6699 100644 --- a/internal/provider/auth_userpass_test.go +++ b/internal/provider/auth_userpass_test.go @@ -35,11 +35,12 @@ func TestAuthLoginUserPass_Init(t *testing.T) { }, }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "ns1", - consts.FieldMount: consts.MountTypeUserpass, - consts.FieldUsername: "alice", - consts.FieldPassword: "password1", - consts.FieldPasswordFile: "", + consts.FieldNamespace: "ns1", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeUserpass, + consts.FieldUsername: "alice", + consts.FieldPassword: "password1", + consts.FieldPasswordFile: "", }, wantErr: false, }, @@ -49,20 +50,20 @@ func TestAuthLoginUserPass_Init(t *testing.T) { raw: map[string]interface{}{ consts.FieldAuthLoginUserpass: []interface{}{ map[string]interface{}{ - consts.FieldNamespace: "", - consts.FieldIsRootNamespace: true, - consts.FieldUsername: "alice", - consts.FieldPassword: "password1", + consts.FieldNamespace: "", + consts.FieldUseRootNamespace: true, + consts.FieldUsername: "alice", + consts.FieldPassword: "password1", }, }, }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "", - consts.FieldIsRootNamespace: true, - consts.FieldMount: consts.MountTypeUserpass, - consts.FieldUsername: "alice", - consts.FieldPassword: "password1", - consts.FieldPasswordFile: "", + consts.FieldNamespace: "", + consts.FieldUseRootNamespace: true, + consts.FieldMount: consts.MountTypeUserpass, + consts.FieldUsername: "alice", + consts.FieldPassword: "password1", + consts.FieldPasswordFile: "", }, wantErr: false, }, @@ -79,11 +80,12 @@ func TestAuthLoginUserPass_Init(t *testing.T) { }, }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "baz", - consts.FieldMount: consts.MountTypeUserpass, - consts.FieldUsername: "alice", - consts.FieldPassword: "password1", - consts.FieldPasswordFile: "", + consts.FieldNamespace: "baz", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeUserpass, + consts.FieldUsername: "alice", + consts.FieldPassword: "password1", + consts.FieldPasswordFile: "", }, wantErr: false, }, @@ -99,11 +101,12 @@ func TestAuthLoginUserPass_Init(t *testing.T) { }, }, expectParams: map[string]interface{}{ - consts.FieldNamespace: "", - consts.FieldMount: consts.MountTypeUserpass, - consts.FieldUsername: "alice", - consts.FieldPassword: "password1", - consts.FieldPasswordFile: "", + consts.FieldNamespace: "", + consts.FieldUseRootNamespace: false, + consts.FieldMount: consts.MountTypeUserpass, + consts.FieldUsername: "alice", + consts.FieldPassword: "password1", + consts.FieldPasswordFile: "", }, wantErr: false, }, diff --git a/internal/provider/meta.go b/internal/provider/meta.go index 43cff413d..7651aefc4 100644 --- a/internal/provider/meta.go +++ b/internal/provider/meta.go @@ -246,9 +246,11 @@ func NewProviderMeta(d *schema.ResourceData) (interface{}, error) { if ns, ok := authLogin.Namespace(); ok { // the namespace configured on the auth_login takes precedence over the provider's // for authentication only. + log.Printf("[DEBUG] Setting Auth Login namespace to %q, use_root_namespace=%t", ns, ns == "") clone.SetNamespace(ns) } else if namespace != "" { // authenticate to the engine in the provider's namespace + log.Printf("[DEBUG] Setting Auth Login namespace to %q from provider configuration", namespace) clone.SetNamespace(namespace) }