search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
457 stars 536 forks source link

[Enhancement]: Missing support for `ext_key_usage_oids` #2107

Closed austin-laney closed 8 months ago

austin-laney commented 8 months ago

Terraform Core Version

1.6.4

Terraform Vault Provider Version

3.23.0

Vault Server Version

1.15.2

Affected Resource(s)

No response

Expected Behavior

The Vault provider's vault_pki_secret_backend_role should expose a field for ext_key_usage_oids in line with the OpenAPI specification. Providing OIDs for key usage should render the desired OID under the Extended Key Usage OIDs field of the role:

Screenshot 2023-12-10 at 21 01 33

Actual Behavior

The provider does not contain a field in vault/resource_pki_secret_backend_role.go for ext_key_usage_oids so the provider plan will fail as no schema would include that attribute. Screenshot 2023-12-10 at 21 08 59

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

terraform {
  required_providers {
    vault = {
      source = "hashicorp/vault"
      version = "3.23.0"
    }
  }
}

provider "vault" {
 ..<snip>..
}

resource "vault_mount" "pki" {
  path                      = "pki"
  type                      = "pki"
  default_lease_ttl_seconds = 3600
  max_lease_ttl_seconds     = 86400
}

resource "vault_pki_secret_backend_role" "role" {
  backend          = vault_mount.pki.path
  name             = "my_role"
  ttl              = 3600
  allow_ip_sans    = true
  key_type         = "rsa"
  key_bits         = 4096
  allowed_domains  = ["example.com", "my.domain"]
  allow_subdomains = true
  allow_any_name = true

  policy_identifier {
    oid = "1.3.6.1.4.1.7.8"
    notice= "I am a user Notice"
  }
  policy_identifier {
    oid = "1.3.6.1.4.1.44947.1.2.4"
    cps ="https://example.com"
  }

   #ext_key_usage = ["1.3.6.1.4.1.311.4"] <<-- Does not render in role view or certificate
  ext_key_usage_oids = ["1.3.6.1.4.1.311.4"] <<-- Failure here.
}

Steps to Reproduce

  1. Create a main.tf with the contents of the provided configuration file.
  2. Run terraform plan
  3. Observe a schema validation error: Screenshot 2023-12-10 at 21 08 19

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

Yes