Merge pull request #118 from Venafi/venafi-token-release

feat(venafi-token): Prepares provider for venafi-token release
Venafi · Oct 7, 2023 · 6d60a2d · 6d60a2d
2 parents ac460a5 + ee08640
commit 6d60a2d
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
+## 0.17.2 (October 6th, 2023)
+Rolls back the error removal from version v0.17.1
+
 ## 0.17.1 (October 2nd, 2023)
-Removes an error thrown during provider configuration. Instead the error is thrown at resource creation.
+Removes an error thrown during provider configuration. Instead, the error is thrown at resource creation.
 This work is necessary to allow the venafi-token provider to successfully manage the tokens of this provider.
 
 ## 0.17.0 (September 25, 2023)

diff --git a/README.md b/README.md
@@ -27,6 +27,11 @@ This solution adds certificate enrollment capabilities to [HashiCorp Terraform](
 
 ## Requirements
 
+### Protection of the terraform state file
+
+Make sure that you are protecting your terraform state file as per the best practices by Hashicorp: [https://developer.hashicorp.com/terraform/language/state/sensitive-data](https://developer.hashicorp.com/terraform/language/state/sensitive-data).  
+This is an important step to prevent data breaches or leaks of sensitive data like usernames, passwords, tokens, secrets, etc.
+
 ### Venafi Trust Protection Platform
 
 Your certificate authority (CA) must be able to issue a certificate in
@@ -77,6 +82,15 @@ make changes to your system configuration, save the root certificate to a file
 in PEM format (e.g. /opt/venafi/bundle.pem) and include it using the
 `trust_bundle` parameter of your Venafi provider.
 
+### Trust Protection Platform Token Management
+The Venafi provider offers several authentication methods to Trust Protection Platform. All of them work by requesting 
+an access token that will grant access to the REST API. Automation becomes complex to manage when access tokens are 
+introduced as they have an expiration date. When that date is met, the token is no longer valid. 
+
+A new [Venafi-token provider](https://registry.terraform.io/providers/Venafi/venafi-token/latest) has been released that 
+allows customers to manage their access tokens. This way the Venafi provider will always have a valid token to use, and 
+automation will not be disrupted by token expiration.
+
 ### Venafi as a Service
 
 If you are using Venafi as a Service, verify the following:

diff --git a/venafi/provider.go b/venafi/provider.go
@@ -185,6 +185,11 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 
 	if !accessTokenMethod && !clientCertMethod && !userPassMethod && !apiKeyMethod && !devMode {
 		tflog.Error(ctx, messageVenafiNoAuthProvided)
+		diags = append(diags, diag.Diagnostic{
+			Severity: diag.Error,
+			Summary:  messageVenafiClientInitFailed,
+			Detail:   fmt.Sprintf("%s: %s", messageVenafiConfigFailed, messageVenafiNoAuthProvided),
+		})
 		return nil, diags
 	}
 

diff --git a/venafi/util.go b/venafi/util.go
@@ -138,9 +138,6 @@ func getIssuerHint(is string) util.IssuerHint {
 
 func getConnection(ctx context.Context, meta interface{}) (endpoint.Connector, error) {
 	tflog.Info(ctx, "Building Venafi Connector")
-	if meta == nil {
-		return nil, fmt.Errorf("%s: %s", messageVenafiClientInitFailed, messageVenafiNoAuthProvided)
-	}
 
 	cfg := meta.(*vcert.Config)
 	cl, err := vcert.NewClient(cfg)