Merge pull request #4 from mrzdvig/main

Add possibility to init HC Vault deployed in Kubernetes (port-forward)

.devcontainer/devcontainer.json

@@ -5,8 +5,8 @@
 	"build": {
 		"dockerfile": "Dockerfile",
 		"args": {
-			// Update the VARIANT arg to pick a version of Go: 1, 1.16, 1.15
-			"VARIANT": "1.16",
+			// Update the VARIANT arg to pick a version of Go: 1, 1.17, 1.16, 1.15
+			"VARIANT": "1.17",
 			// Options
 			"INSTALL_NODE": "false",
 			"NODE_VERSION": "lts/*"

.github/workflows/release.yml

@@ -28,7 +28,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16
+          go-version: 1.17
       -
         name: Import GPG key
         id: import_gpg

.github/workflows/test.yml

@@ -26,7 +26,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v2.1.3
       with:
-        go-version: '1.16'
+        go-version: '1.17'
       id: go
 
     - name: Check out code into the Go module directory
@@ -53,6 +53,7 @@ jobs:
         terraform:
           - '0.14.7'
           - '0.15.0'
+          - '1.0.5'
     steps:
 
     - name: Set up Vault
@@ -62,7 +63,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v2.1.3
       with:
-        go-version: '1.16'
+        go-version: '1.17'
       id: go
 
     - name: Check out code into the Go module directory

.gitignore

@@ -4,6 +4,7 @@
 example.tf
 terraform.tfplan
 terraform.tfstate
+.terraform.lock.hcl
 bin/
 dist/
 modules-dev/
@@ -23,7 +24,6 @@ website/node_modules
 .idea
 *.iml
 *.test
-*.iml
 
 website/vendor
 
@@ -33,3 +33,4 @@ website/vendor
 
 # Keep windows files with windows line endings
 *.winfile eol=crlf
+_Makefile

CHANGELOG.md

@@ -1,4 +1,9 @@
 
+## 0.2.0 (01 28, 2022)
+
+FEATURES:
+- Implemented init of HC Vault cluster deployed in Kubernetes (port-forward to a pod)
+
 ## 0.1.0 (04 23, 2021)
 
 Initial release

docs/data-sources/init.md

@@ -0,0 +1,26 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "vaultoperator_init Data Source - terraform-provider-vaultoperator"
+subcategory: ""
+description: |-
+  Resource for vault operator init
+---
+
+# vaultoperator_init (Data Source)
+
+Resource for vault operator init
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **initialized** (Boolean) The current initialization state of Vault.
+
+

docs/index.md

@@ -14,9 +14,25 @@ This Provider gives access to the `vault operator` operations, although currentl
 ## Example Usage
 
 ```terraform
+terraform {
+  required_providers {
+    vaultoperator = {
+      version = "0.2.0"
+      source  = "rickardgranberg/vaultoperator"
+    }
+  }
+}
+
 provider "vaultoperator" {
   # example configuration here
   vault_url = "http://vault:8200"
+  kube_config {
+    path       = "~/.kube/config"
+    namespace  = "vault"
+    service    = "vault"
+    localPort  = "8200"
+    remotePort = "8200"
+  }
 }
 ```
 
@@ -25,4 +41,18 @@ provider "vaultoperator" {
 
 ### Optional
 
-- **vault_url** (String) Vault instance URL
+- **kube_config** (Block List) (see [below for nested schema](#nestedblock--kube_config))
+- **request_headers** (Map of String)
+- **vault_addr** (String) Vault instance URL
+- **vault_url** (String, Deprecated) Vault instance URL
+
+<a id="nestedblock--kube_config"></a>
+### Nested Schema for `kube_config`
+
+Optional:
+
+- **local_port** (String) Local forward port
+- **namespace** (String) Kubernetes namespace where HC Vault is run
+- **path** (String) Full path to a Kubernetes config
+- **remote_port** (String) Remote service port to forward
+- **service** (String) Kubernetes service name of Vault

docs/resources/init.md

@@ -36,6 +36,8 @@ resource "vaultoperator_init" "example" {
 
 - **keys** (Set of String, Sensitive) The unseal keys.
 - **keys_base64** (Set of String, Sensitive) The unseal keys, base64 encoded.
+- **recovery_keys** (Set of String, Sensitive) The recovery keys
+- **recovery_keys_base64** (Set of String, Sensitive) The recovery keys, base64 encoded.
 - **root_token** (String, Sensitive) The Vault Root Token.
 
 ## Import
@@ -46,11 +48,11 @@ Import is supported from a json file with the Vault API schema:
 {
     "keys": [
         "...",
-        ...
+        "..."
     ],
     "keys_base64": [
         "...",
-        ...
+        "..."
     ],
     "root_token": "..."
 }

examples/provider/provider.tf

@@ -1,4 +1,20 @@
+terraform {
+  required_providers {
+    vaultoperator = {
+      version = "0.2.0"
+      source  = "rickardgranberg/vaultoperator"
+    }
+  }
+}
+
 provider "vaultoperator" {
   # example configuration here
   vault_url = "http://vault:8200"
+  kube_config {
+    path       = "~/.kube/config"
+    namespace  = "vault"
+    service    = "vault"
+    localPort  = "8200"
+    remotePort = "8200"
+  }
 }

go.mod

@@ -3,7 +3,24 @@ module github.com/rickardgranberg/terraform-provider-vaultoperator
 go 1.16
 
 require (
+	cloud.google.com/go/compute v1.1.0 // indirect
+	cloud.google.com/go/iam v0.1.1 // indirect
+	github.com/go-logr/logr v1.2.2 // indirect
+	github.com/google/go-cmp v0.5.7 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/hashicorp/terraform-plugin-docs v0.5.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.8.0
 	github.com/hashicorp/vault/api v1.2.0
+	golang.org/x/net v0.0.0-20220127074510-2fabfed7e28f // indirect
+	golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
+	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
+	google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350 // indirect
+	google.golang.org/grpc v1.44.0 // indirect
+	k8s.io/api v0.23.2
+	k8s.io/apimachinery v0.23.3
+	k8s.io/client-go v0.23.2
+	k8s.io/klog/v2 v2.40.1 // indirect
+	k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 // indirect
+	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )