From 15ce0ed6e0d54c713add151c02debf70b9d69251 Mon Sep 17 00:00:00 2001 From: wmrmrx Date: Mon, 28 Oct 2024 11:02:34 -0300 Subject: [PATCH 1/4] db/cassandra: Add support for skip_verification config --- vault/resource_database_secret_backend_connection.go | 9 +++++++++ .../resource_database_secret_backend_connection_test.go | 1 + website/docs/r/database_secret_backend_connection.md | 3 +++ 3 files changed, 13 insertions(+) diff --git a/vault/resource_database_secret_backend_connection.go b/vault/resource_database_secret_backend_connection.go index 48680e0b6..d513e4be0 100644 --- a/vault/resource_database_secret_backend_connection.go +++ b/vault/resource_database_secret_backend_connection.go @@ -335,6 +335,12 @@ func getDatabaseSchema(typ schema.ValueType) schemaMap { Default: 5, Description: "The number of seconds to use as a connection timeout.", }, + "skip_verification": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.", + }, }, }, MaxItems: 1, @@ -1041,6 +1047,9 @@ func setCassandraDatabaseConnectionData(d *schema.ResourceData, prefix string, d if v, ok := d.GetOkExists(prefix + "connect_timeout"); ok { data["connect_timeout"] = v.(int) } + if v, ok := d.GetOkExists(prefix + "skip_verification"); ok { + data["skip_verification"] = v.(bool) + } } func getConnectionDetailsFromResponse(d *schema.ResourceData, prefix string, resp *api.Secret) map[string]interface{} { diff --git a/vault/resource_database_secret_backend_connection_test.go b/vault/resource_database_secret_backend_connection_test.go index c487f8aa3..438083780 100644 --- a/vault/resource_database_secret_backend_connection_test.go +++ b/vault/resource_database_secret_backend_connection_test.go @@ -116,6 +116,7 @@ func TestAccDatabaseSecretBackendConnection_cassandra(t *testing.T) { resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "cassandra.0.pem_json", ""), resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "cassandra.0.protocol_version", "4"), resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "cassandra.0.connect_timeout", "5"), + resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "cassandra.0.skip_verification", "false"), ), }, }, diff --git a/website/docs/r/database_secret_backend_connection.md b/website/docs/r/database_secret_backend_connection.md index b3d364fec..769f96c6a 100644 --- a/website/docs/r/database_secret_backend_connection.md +++ b/website/docs/r/database_secret_backend_connection.md @@ -124,6 +124,9 @@ Exactly one of the nested blocks of configuration options must be supplied. * `connect_timeout` - (Optional) The number of seconds to use as a connection timeout. +* `skip_verification` - (Optional) Skip permissions checks when a connection to Cassandra is first created. + These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles. + ### Couchbase Configuration Options * `hosts` - (Required) A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`. From 2ee9c53cf7af6e6a39400caafa2dae74f68f5f94 Mon Sep 17 00:00:00 2001 From: wmrmrx Date: Mon, 28 Oct 2024 13:14:10 -0300 Subject: [PATCH 2/4] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 333e48db9..7f8fb072b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ FEATURES: * Update `vault_database_secret_backend_connection` to support inline TLS config for PostgreSQL ([#2339](https://github.com/hashicorp/terraform-provider-vault/pull/2339)) +* Update `vault_database_secret_backend_connection` to support skip_verification config for Cassandra ([#2346](https://github.com/hashicorp/terraform-provider-vault/pull/2346)) ## 4.4.0 (Aug 7, 2024) From 5081f17e424401b31b41b1b609bd83cdb0dd5641 Mon Sep 17 00:00:00 2001 From: wmrmrx Date: Mon, 28 Oct 2024 13:35:17 -0300 Subject: [PATCH 3/4] Add missing test --- vault/resource_database_secret_backend_connection_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/vault/resource_database_secret_backend_connection_test.go b/vault/resource_database_secret_backend_connection_test.go index 438083780..6c9a579e2 100644 --- a/vault/resource_database_secret_backend_connection_test.go +++ b/vault/resource_database_secret_backend_connection_test.go @@ -160,6 +160,7 @@ func TestAccDatabaseSecretBackendConnection_cassandraProtocol(t *testing.T) { resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "cassandra.0.pem_json", ""), resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "cassandra.0.protocol_version", "5"), resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "cassandra.0.connect_timeout", "5"), + resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "cassandra.0.skip_verification", "false"), ), }, }, From d698db1f3946921470c36ca5f56c14ac0d79156f Mon Sep 17 00:00:00 2001 From: wmrmrx Date: Mon, 28 Oct 2024 13:45:07 -0300 Subject: [PATCH 4/4] Add skip_verification to getConnectionDetailsCassandra --- vault/resource_database_secret_backend_connection.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vault/resource_database_secret_backend_connection.go b/vault/resource_database_secret_backend_connection.go index d513e4be0..8159b3741 100644 --- a/vault/resource_database_secret_backend_connection.go +++ b/vault/resource_database_secret_backend_connection.go @@ -2079,6 +2079,9 @@ func getConnectionDetailsCassandra(d *schema.ResourceData, prefix string, resp * } result["connect_timeout"] = timeout } + if v, ok := data["skip_verification"]; ok { + result["skip_verification"] = v.(bool) + } return result, nil } return nil, nil