Add support for importing the PKI CRL config (hashicorp#1710)

- Adapt tests to support older vault versions
- Make some API data and schema set operations simpler
- Fix broken build

Author: benashz

.github/workflows/build.yml

@@ -3,14 +3,23 @@ name: Build
 on: push
 
 jobs:
+  gh-api-quota-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: get GH rate-limit config
+        run: |
+          curl -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/rate_limit
   go-version:
     runs-on: ubuntu-latest
     outputs:
       version: ${{ steps.go-version.outputs.version }}
     steps:
       - uses: actions/checkout@v3
       - id: go-version
-        run: echo "::set-output name=version::$(cat ./.go-version)"
+        run: echo "version=$(cat .go-version)" >> $GITHUB_OUTPUT
   build:
     needs: [go-version]
     runs-on: ubuntu-latest
@@ -23,6 +32,8 @@ jobs:
           make build
       - name: Run unit tests
         # here to short-circuit the acceptance tests, in the case of a failure.
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         run: |
           make test
   acceptance:

.github/workflows/issue-opened.yml

@@ -8,8 +8,9 @@ jobs:
   issue_triage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: github/[email protected]
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
         configuration-path: .github/labeler-issue-triage.yml
+        # TODO: update to use action/labeler https://github.com/actions/labeler

.gitignore

@@ -37,3 +37,6 @@ terraform-provider-vault
 
 # Scratch directory for miscellaneous files/examples/etc.
 scratch
+
+# others
+.swp

.go-version

@@ -1 +1 @@
-1.17.10
+1.19.4

README.md

@@ -23,7 +23,7 @@ Requirements
 ------------
 
 - [Terraform](https://www.terraform.io/downloads.html) 0.12.x and above, we recommend using the latest stable release whenever possible.
-- [Go](https://golang.org/doc/install) 1.17 (to build the provider plugin)
+- [Go](https://golang.org/doc/install) 1.19 (to build the provider plugin)
 
 Building The Provider
 ---------------------
@@ -45,7 +45,7 @@ $ make build
 Developing the Provider
 ---------------------------
 
-If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (version 1.16+ is *required*). You'll also need to correctly setup a [GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding `$GOPATH/bin` to your `$PATH`.
+If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (version 1.19+ is *required*). You'll also need to correctly setup a [GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding `$GOPATH/bin` to your `$PATH`.
 
 To compile the provider, run `make build`. This will build the provider and put the provider binary in the `$GOPATH/bin` directory.
 

generated/resources/transform/role/name.go

@@ -48,7 +48,7 @@ func NameResource() *schema.Resource {
 		Exists: resourceNameExists,
 		Delete: deleteNameResource,
 		Importer: &schema.ResourceImporter{
-			State: schema.ImportStatePassthrough,
+			StateContext: schema.ImportStatePassthroughContext,
 		},
 		Schema: fields,
 	}

go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/containerd/containerd v1.6.6 // indirect
 	github.com/coreos/go-oidc/v3 v3.4.0 // indirect
 	github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f
+	github.com/davecgh/go-spew v1.1.1
 	github.com/denisenkom/go-mssqldb v0.12.0
 	github.com/docker/distribution v2.8.1+incompatible // indirect
 	github.com/go-sql-driver/mysql v1.6.0

testutil/testutil.go

@@ -11,6 +11,7 @@ import (
 	"reflect"
 	"strconv"
 	"strings"
+	"sync"
 	"testing"
 
 	"github.com/coreos/pkg/multierror"
@@ -238,17 +239,16 @@ type GHOrgResponse struct {
 }
 
 // cache GH API responses to avoid triggering the GH request rate limiter
-var ghOrgResponseCache = map[string]*GHOrgResponse{}
+var ghOrgResponseCache = sync.Map{}
 
 // GetGHOrgResponse returns the GH org's meta configuration.
 func GetGHOrgResponse(t *testing.T, org string) *GHOrgResponse {
 	t.Helper()
 
-	if v, ok := ghOrgResponseCache[org]; ok {
-		return v
-	}
-
 	client := newGHRESTClient()
+	if v, ok := ghOrgResponseCache.Load(org); ok {
+		return v.(*GHOrgResponse)
+	}
 
 	result := &GHOrgResponse{}
 	if err := client.get(fmt.Sprintf("orgs/%s", org), result); err != nil {
@@ -259,7 +259,7 @@ func GetGHOrgResponse(t *testing.T, org string) *GHOrgResponse {
 		t.Fatalf("expected org %q from GH API response, actual %q", org, result.Login)
 	}
 
-	ghOrgResponseCache[org] = result
+	ghOrgResponseCache.Store(org, result)
 
 	return result
 }
@@ -288,9 +288,11 @@ func (c *ghRESTClient) do(method, path string, v interface{}) error {
 	}
 
 	req.Header.Set("Accept", "application/vnd.github.v3+json")
+	req.Header.Set("X-GitHub-Api-Version", "2022-11-28")
 	if token := os.Getenv("GITHUB_TOKEN"); token != "" {
 		req.Header.Set("Authorization", "Bearer "+token)
 	}
+
 	resp, err := c.client.Do(req)
 	if err != nil {
 		return err

testutil/testutil_test.go

@@ -1,6 +1,7 @@
 package testutil
 
 import (
+	"reflect"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
@@ -275,3 +276,44 @@ func Test_assertVaultState(t *testing.T) {
 		})
 	}
 }
+
+func TestGetGHOrgResponse(t *testing.T) {
+	tests := []struct {
+		name string
+		org  string
+		want *GHOrgResponse
+	}{
+		{
+			name: "hashicorp",
+			org:  "hashicorp",
+			want: &GHOrgResponse{
+				Login: "hashicorp",
+				ID:    761456,
+			},
+		},
+		{
+			name: "github",
+			org:  "github",
+			want: &GHOrgResponse{
+				Login: "github",
+				ID:    9919,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := GetGHOrgResponse(t, tt.org); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("GetGHOrgResponse() = %v, want %v", got, tt.want)
+			}
+			v, ok := ghOrgResponseCache.Load(tt.org)
+			if !ok {
+				t.Fatalf("GetGHOrgResponse() result not cached for %s", tt.org)
+			}
+
+			got := v.(*GHOrgResponse)
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("GetGHOrgResponse() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

util/util.go

@@ -360,16 +360,41 @@ func GetAPIRequestDataWithSlice(d *schema.ResourceData, fields []string) map[str
 	return data
 }
 
+// GetAPIRequestDataWithSliceOk to pass to Vault from schema.ResourceData.
+// Only field values that are set in schema.ResourceData will be returned
+func GetAPIRequestDataWithSliceOk(d *schema.ResourceData, fields []string) map[string]interface{} {
+	data := make(map[string]interface{})
+	for _, k := range fields {
+		if v, ok := getAPIRequestValueOk(d, k); ok {
+			data[k] = v
+		}
+	}
+
+	return data
+}
+
 func getAPIRequestValue(d *schema.ResourceData, k string) interface{} {
-	sv := d.Get(k)
-	switch v := sv.(type) {
+	return getAPIValue(d.Get(k))
+}
+
+func getAPIValue(i interface{}) interface{} {
+	switch s := i.(type) {
 	case *schema.Set:
-		return v.List()
+		return s.List()
 	default:
-		return sv
+		return s
 	}
 }
 
+func getAPIRequestValueOk(d *schema.ResourceData, k string) (interface{}, bool) {
+	sv, ok := d.GetOk(k)
+	if !ok {
+		return nil, ok
+	}
+
+	return getAPIValue(sv), ok
+}
+
 func Remount(d *schema.ResourceData, client *api.Client, mountField string, isAuthMount bool) (string, error) {
 	ret := d.Get(mountField).(string)