search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
457 stars 536 forks source link

Support inheritable resource quotas #2133

Closed husunal closed 3 months ago

husunal commented 7 months ago

Description

Support inheritable parameter for the vault_quota_rate_limit and vault_quota_lease_count resources.

Checklist

Output from acceptance testing:

=== RUN   TestQuotaRateLimit
--- PASS: TestQuotaRateLimit (2.62s)
=== RUN   TestQuotaRateLimitWithRole
    resource_quota_rate_limit_test.go:88: Vault server version "1.15.4+ent"
--- PASS: TestQuotaRateLimitWithRole (1.91s)
=== RUN   TestQuotaRateLimitWithNamespace
--- PASS: TestQuotaRateLimitWithNamespace (4.68s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault
=== RUN   TestQuotaLeaseCount
--- PASS: TestQuotaLeaseCount (5.02s)
=== RUN   TestQuotaLeaseCountWithRole
    resource_quota_lease_count_test.go:86: Vault server version "1.15.4+ent"
--- PASS: TestQuotaLeaseCountWithRole (4.09s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault

Community Note

husunal commented 3 months ago

All tasks are done except for replacing GetOkExists. I have tested it with both GetOk and Get, but these changes caused other issues in the tests. @fairclothjm could you please take another look and merge it if everything looks good to you?

=== RUN   TestQuotaLeaseCount
--- PASS: TestQuotaLeaseCount (5.00s)
=== RUN   TestQuotaLeaseCountWithRole
    resource_quota_lease_count_test.go:80: Vault server version "1.16.2+ent"
--- PASS: TestQuotaLeaseCountWithRole (4.11s)
=== RUN   TestQuotaLeaseCountInheritable
    resource_quota_lease_count_test.go:122: Vault server version "1.16.2+ent"
--- PASS: TestQuotaLeaseCountInheritable (5.23s)
=== RUN   TestQuotaLeaseCountWithRoleInheritable
    resource_quota_lease_count_test.go:180: Vault server version "1.16.2+ent"
--- PASS: TestQuotaLeaseCountWithRoleInheritable (4.48s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault     19.934s
=== RUN   TestQuotaRateLimit
--- PASS: TestQuotaRateLimit (3.15s)
=== RUN   TestQuotaRateLimitWithRole
    resource_quota_rate_limit_test.go:83: Vault server version "1.16.2+ent"
--- PASS: TestQuotaRateLimitWithRole (3.01s)
=== RUN   TestQuotaRateLimitInheritable
    resource_quota_rate_limit_test.go:128: Vault server version "1.16.2+ent"
--- PASS: TestQuotaRateLimitInheritable (2.96s)
=== RUN   TestQuotaRateLimitWithNamespaceInheritable
    resource_quota_rate_limit_test.go:181: Vault server version "1.16.2+ent"
--- PASS: TestQuotaRateLimitWithNamespaceInheritable (4.15s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault     13.905s
fairclothjm commented 3 months ago

@husunal I am running the build for all supported vault versions and then will merge if all is good.

fairclothjm commented 3 months ago

@husunal Failing on Vault 1.16.1 Ent:

=== RUN   TestQuotaLeaseCount
    resource_quota_lease_count_test.go:26: Step 4/4 error: Error running apply: exit status 1

        Error: Error updating Resource Lease Count Quota tf-test-937347198022270975: Error making API request.

        URL: PUT http://localhost:8200/v1/sys/quotas/lease-count/tf-test-937347198022270975
        Code: 400. Errors:

        * quota rule with similar properties exists under the name "default"

          with vault_quota_lease_count.foobar,
          on terraform_plugin_test.tf line 2, in resource "vault_quota_lease_count" "foobar":
           2: resource "vault_quota_lease_count" "foobar" {

--- FAIL: TestQuotaLeaseCount (2.28s)
husunal commented 3 months ago

Thank you @fairclothjm

I’m unable to reproduce the error. Can we re-run the failed tests?

husunal commented 3 months ago

It seems that the test failure is related to the new default lease count quota. I have updated the test to skip creating a quota in the root namespace if the version is 1.16 or greater.

husunal commented 3 months ago

@fairclothjm can we run another build for all supported Vault versions?

The issue caused by the new default lease count quota should now be fixed.