Previously, the association resource did not account for the secret-key granularity, which would create a sync target for each subkey of a KV secret. Now, the association resource must keep track of the sync statuses for all subkeys of this associated secret.
Notable improvements/changes:
Adds a new list schema field metadata which tracks the association metadata for each subkey (sync_status, updated_at)
Removes the schema types sync_status and updated_at
Adds granularity to all destination resources.
Makes the Association resource importable. Now, by providing the ID with the right format (encoding all necessary info), TFVP can enable a user to import their association metadata to track the lifecycle of all subkeys of an associated secret.
Fixes some tests
Checklist
[x] Added CHANGELOG entry (only for user-facing changes)
[x] Acceptance tests where run against all supported Vault Versions
Output from acceptance testing:
$ make testacc TESTARGS='-run=TestSecretsSyncAssociation_gh'
=== RUN TestSecretsSyncAssociation_gh
resource_secrets_sync_association_test.go:38: Vault server version "1.16.0+ent"
--- PASS: TestSecretsSyncAssociation_gh (2.67s)
PASS
Description
Previously, the association resource did not account for the
secret-key
granularity, which would create a sync target for each subkey of a KV secret. Now, the association resource must keep track of the sync statuses for all subkeys of this associated secret.Notable improvements/changes:
metadata
which tracks the association metadata for each subkey (sync_status
,updated_at
)sync_status
andupdated_at
granularity
to all destination resources.Checklist
Output from acceptance testing: