[DEVOPS-4425] feat: add ephemeral resources for creds and certs#30
Merged
Conversation
|
Richard Boisvert (rbstp)
force-pushed
the
devops/ephemeral
branch
from
7a68dc5 to
751e984
Compare
Comment on lines
+20
to
+24
| Config: testAccEntryCredentialApiKeyEphemeralConfig("tf_test_api_key_eph_byname", "tf_test_api_key_eph_byname", ` | ||
| ephemeral "dvls_entry_credential_api_key" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| name = dvls_entry_credential_api_key.test.name | ||
| } |
Contributor
There was a problem hiding this comment.
Est-ce que ce serait plus clean de le déclarer plus tôt et de le passer en paramètre ?
Comment on lines
+50
to
+55
| Config: testAccEntryCredentialApiKeyEphemeralConfig("tf_test_api_key_eph_byid", "tf_test_api_key_eph_byid", ` | ||
| ephemeral "dvls_entry_credential_api_key" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| id = dvls_entry_credential_api_key.test.id | ||
| } | ||
| `), |
Comment on lines
+20
to
+25
| Config: testAccEntryCredentialAzureServicePrincipalEphemeralConfig("tf_test_azsp_eph_byname", "tf_test_azsp_eph_byname", ` | ||
| ephemeral "dvls_entry_credential_azure_service_principal" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| name = dvls_entry_credential_azure_service_principal.test.name | ||
| } | ||
| `), |
Comment on lines
+20
to
+25
| Config: testAccEntryCredentialConnectionStringEphemeralConfig("tf_test_connstr_eph_byname", "tf_test_connstr_eph_byname", ` | ||
| ephemeral "dvls_entry_credential_connection_string" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| name = dvls_entry_credential_connection_string.test.name | ||
| } | ||
| `), |
Comment on lines
+20
to
+25
| Config: testAccEntryCredentialSecretEphemeralConfig("tf_test_secret_eph_byname", "tf_test_secret_eph_byname", ` | ||
| ephemeral "dvls_entry_credential_secret" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| name = dvls_entry_credential_secret.test.name | ||
| } | ||
| `), |
Comment on lines
+20
to
+25
| Config: testAccEntryCredentialSSHKeyEphemeralConfig("tf_test_sshkey_eph_byname", "tf_test_sshkey_eph_byname", ` | ||
| ephemeral "dvls_entry_credential_ssh_key" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| name = dvls_entry_credential_ssh_key.test.name | ||
| } | ||
| `), |
Comment on lines
+51
to
+56
| Config: testAccEntryCredentialSSHKeyEphemeralConfig("tf_test_sshkey_eph_byid", "tf_test_sshkey_eph_byid", ` | ||
| ephemeral "dvls_entry_credential_ssh_key" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| id = dvls_entry_credential_ssh_key.test.id | ||
| } | ||
| `), |
Comment on lines
+80
to
+100
| %s | ||
|
|
||
| resource "dvls_vault" "test" { | ||
| name = %[2]q | ||
| } | ||
|
|
||
| resource "dvls_entry_credential_ssh_key" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| name = %[3]q | ||
| description = "test entry for ephemeral resource" | ||
| folder = "tf_test_folder" | ||
| tags = ["acceptance", "tf-test"] | ||
| username = "testuser" | ||
| password = "testpassword" | ||
| passphrase = "testpassphrase" | ||
| private_key_data = "-----BEGIN OPENSSH PRIVATE KEY-----\nfake-key-data\n-----END OPENSSH PRIVATE KEY-----" | ||
| } | ||
|
|
||
| %s | ||
|
|
||
| %s |
Contributor
There was a problem hiding this comment.
Je sais pas si ça vaudrait la peine de stocker ces strings autrement ou tout au même endroit pour faciliter leur maintenance dans le future si jamais on modifie un field ou une description ?
Comment on lines
+20
to
+25
| Config: testAccEntryCredentialUsernamePasswordEphemeralConfig("tf_test_userpass_eph_byname", "tf_test_userpass_eph_byname", ` | ||
| ephemeral "dvls_entry_credential_username_password" "test" { | ||
| vault_id = dvls_vault.test.id | ||
| name = dvls_entry_credential_username_password.test.name | ||
| } | ||
| `), |
Raphaël Larivière (Sylfwood)
previously approved these changes
May 25, 2026
Raphaël Larivière (Sylfwood)
approved these changes
May 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Warning
Two latent provider issues surfaced, because of DVLS 2026.1, that are worth follow-up but outside this PR. Temporary fix with 2nd commit.
Summary
Adds ephemeral resources for the certificate entry and all six credential subtypes (
username_password,api_key,secret,ssh_key,azure_service_principal,connection_string). Ephemerals fetch sensitive values during plan/apply but never persist them in Terraform state.What's new
dvls_entry_certificateanddvls_entry_credential_*credential_ephemeral.go:ephemeralResourceBase— Configure boilerplatecredentialEphemeralBase— addsid/nameExactlyOneOfvalidatorcredentialEphemeralCommonAttributes()— shared schema (id, vault_id, name, folder, description, tags)*DataSourceModeland reusessetEntryCredential*DataModel, so there's one source of truth per subtype.