New resources `vault_plugin` and `vault_plugin_pinned_version`

[tomhjp]

Description

Adds 2 new resources for managing external plugins; vault_plugin and vault_plugin_pinned_version.

Relates #1975 Closes #214

Checklist

• [x] Added CHANGELOG entry (only for user-facing changes)
• [x] Acceptance tests were run against all supported Vault Versions

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestPlugin'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test -run=TestPlugin -timeout 30m ./...
?       github.com/hashicorp/terraform-provider-vault   [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/coverage      [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/generate      [no test files]
?       github.com/hashicorp/terraform-provider-vault/helper    [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/consts   [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/identity/group   [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/identity/mfa     [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/pki      [no test files]
ok      github.com/hashicorp/terraform-provider-vault/codegen   (cached) [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/internal/identity/entity  (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-vault/internal/sync     [no test files]
?       github.com/hashicorp/terraform-provider-vault/schema    [no test files]
?       github.com/hashicorp/terraform-provider-vault/util/mountutil    [no test files]
ok      github.com/hashicorp/terraform-provider-vault/internal/provider (cached) [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/testutil  (cached) [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/util      (cached) [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/vault     2.780s

Example config:

provider "vault" {
}

resource "vault_plugin" "jwt" {
  type    = "auth"
  name    = "jwt"
  command = "vault-plugin-auth-jwt"
  version = "v0.17.0"
  sha256  = "6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc"
  env     = [
    "HTTP_PROXY=http://proxy.example.com:8080"
  ]
}

resource "vault_plugin_pinned_version" "jwt_pin" {
  type    = vault_plugin.jwt.type
  name    = vault_plugin.jwt.name
  version = vault_plugin.jwt.version
}

resource "vault_auth_backend" "jwt_auth" {
  type = vault_plugin_pinned_version.jwt_pin.name
}

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

[tomhjp]

Sorry - the tests are taking a bit longer than I expected. I'm working on them in https://github.com/hashicorp/terraform-provider-vault/compare/vault-24407/plugin-and-pinned-versions-support-testing?expand=1 but feel free to ignore this PR until I get them working.

[tomhjp]

The tests should pass now 👍 and I've verified that TestPlugin is running and not being skipped, but TestPluginPinnedVersion won't run in CI until we have 1.16 in the acceptance tests matrix.

[fairclothjm]

Clearing out the 4.0.0 milestone for now and we will do another release closer to Vault GA.

[tomhjp]

Thanks for all the feedback so far! I think I'm satisfied that everything is addressed now, so this is (finally) ready for another look.

[tomhjp]

Thanks!