search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
30.88k stars 4.17k forks source link

Input doesn't match output of databases connection config #2962

Open LinusU opened 7 years ago

LinusU commented 7 years ago

When configuring a database backend you are giving it a connection_url, e.g.

{
  "allowed_roles": ["*"],
  "connection_url": "postgresql://user:passowrd@postgresql.service.consul:5432/db",
  "plugin_name": "postgresql-database-plugin"
}

But when reading the same path out, the following is returned:

{
  "allowed_roles": ["*"],
  "connection_details": {
    "connection_url": "postgresql://user:passowrd@postgresql.service.consul:5432/db"
  },
  "plugin_name": "postgresql-database-plugin"
}

Trying to set the second structure directly results in the error:

* error creating database object: connection_url cannot be empty

This is a problem because Terraform thinks that it needs to update the value every time I run terraform plan. Would it be possible to either accept both as input, switching the input to the second, or switching the output to the first format?

jefferai commented 7 years ago

The reason for the output being this way is sensible but I think we could add a check that would allow reading the url from the connection details struct.

LinusU commented 7 years ago

Sounds very good 👍