Add support for Customer Key Version and Encrypted Data Keys #1203
Conversation
|
|
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes 1 out of 2 committers have signed the CLA.
Have you signed the CLA already but the status is still pending? Recheck it. |
helenjw
changed the title
| // AWSOIDCConfigurations describes all the AWS OIDC configuration related methods that the HCP Terraform API supports. | ||
| // HCP Terraform API docs: | ||
| // https://developer.hashicorp.com/terraform/cloud-docs/api-docs/hold-your-own-key/oidc-configurations/aws |
There was a problem hiding this comment.
Realized these were missing from the PR for OIDC and HYOK configs 😢
hyok_encrypted_data_key.go
Outdated
| // Read a HYOK encrypted data key by its ID. | ||
| func (h hyokEncryptedDataKeys) Read(ctx context.Context, hyokEncryptedDataKeyID string) (*HYOKEncryptedDataKey, error) { | ||
| if !validStringID(&hyokEncryptedDataKeyID) { | ||
| return nil, ErrInvalidHYOK |
There was a problem hiding this comment.
should we change ErrInvalidHYOK to something like ErrInvalidHYOKEncryptedDataKeyID?
There was a problem hiding this comment.
This was also addressed in 519cd19
There was a problem hiding this comment.
I wonder if we should have test cases for Revoke and Delete.
There was a problem hiding this comment.
That's tough, because we cant create the key version in tests. So we would need the user to manually input the key version ID which they want to revoke, and the test could only ever run once without changing the ID....that could work, but IMHO it probably isnt worth it
There was a problem hiding this comment.
That's tough, because we cant create the key version in tests. So we would need the user to manually input the key version ID which they want to revoke, and the test could only ever run once without changing the ID....that could work, but IMHO it probably isnt worth it
|
Reminder to the contributor that merged this PR: if your changes have added important functionality or fixed a relevant bug, open a follow-up PR to update CHANGELOG.md with a note on your changes. |
Co-authored-by: Jarrett Spiker <[email protected]>
Description
Add support for HYOK customer key versions and HYOK encrypted data keys.
Supported operations for
HYOKCustomerKeyVersions:Supported operations for
HYOKEncryptedDataKey:External links
Output from tests
envchain local-go-tfe go test -run TestHYOKEncryptedDataKeyRead -v 16:46:44 29ms === RUN TestHYOKEncryptedDataKeyRead === RUN TestHYOKEncryptedDataKeyRead/read_an_existing_encrypted_data_key --- PASS: TestHYOKEncryptedDataKeyRead (0.42s) --- PASS: TestHYOKEncryptedDataKeyRead/read_an_existing_encrypted_data_key (0.17s) PASS ok github.com/hashicorp/go-tfe 0.983senvchain local-go-tfe go test -run TestHYOKCustomerKeyVersions -v 16:46:55 3.019s === RUN TestHYOKCustomerKeyVersionsList === RUN TestHYOKCustomerKeyVersionsList/with_no_list_options --- PASS: TestHYOKCustomerKeyVersionsList (7.76s) --- PASS: TestHYOKCustomerKeyVersionsList/with_no_list_options (0.10s) === RUN TestHYOKCustomerKeyVersionsRead === RUN TestHYOKCustomerKeyVersionsRead/read_an_existing_key_version --- PASS: TestHYOKCustomerKeyVersionsRead (0.34s) --- PASS: TestHYOKCustomerKeyVersionsRead/read_an_existing_key_version (0.12s) PASS ok github.com/hashicorp/go-tfe 8.630sRollback Plan
Changes to Security Controls