ENG-14011: Add vault_integration_id field to cyral_sidecar resource i…

…n terraform provider (#565) * Add vault_integration_id to sidecar resource * Update cyral/internal/sidecar/resource.go Co-authored-by: Wilson de Carvalho <[email protected]> * Update docs --------- Co-authored-by: Wilson de Carvalho <[email protected]>
cyralinc · Sep 6, 2024 · 9789a2d · 9789a2d
1 parent 7fadcf6
commit 9789a2d
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 6 deletions.
diff --git a/cyral/internal/sidecar/model.go b/cyral/internal/sidecar/model.go
@@ -47,6 +47,9 @@ func (r *SidecarData) WriteToSchema(d *schema.ResourceData) error {
 		if err := d.Set("diagnostic_log_integration_id", r.SidecarProperties.DiagnosticLogIntegrationID); err != nil {
 			return fmt.Errorf("error setting 'diagnostic_log_integration_id' field: %w", err)
 		}
+		if err := d.Set("vault_integration_id", r.SidecarProperties.VaultIntegrationID); err != nil {
+			return fmt.Errorf("error setting 'vault_integration_id' field: %w", err)
+		}
 	}
 	if err := d.Set("labels", r.Labels); err != nil {
 		return fmt.Errorf("error setting 'labels' field: %w", err)
@@ -87,6 +90,7 @@ func (r *SidecarData) ReadFromSchema(d *schema.ResourceData) error {
 		DeploymentMethod:           d.Get("deployment_method").(string),
 		LogIntegrationID:           activityLogIntegrationID,
 		DiagnosticLogIntegrationID: d.Get("diagnostic_log_integration_id").(string),
+		VaultIntegrationID:         d.Get("vault_integration_id").(string),
 	}
 	r.ServicesConfig = SidecarServicesConfig{
 		"dispatcher": map[string]string{
@@ -103,6 +107,7 @@ type SidecarProperties struct {
 	DeploymentMethod           string `json:"deploymentMethod"`
 	LogIntegrationID           string `json:"logIntegrationID,omitempty"`
 	DiagnosticLogIntegrationID string `json:"diagnosticLogIntegrationID,omitempty"`
+	VaultIntegrationID         string `json:"vaultIntegrationID,omitempty"`
 }
 
 type SidecarServicesConfig map[string]map[string]string

diff --git a/cyral/internal/sidecar/resource.go b/cyral/internal/sidecar/resource.go
@@ -115,6 +115,11 @@ func resourceSchema() *schema.Resource {
 				Type:        schema.TypeString,
 				Optional:    true,
 			},
+			"vault_integration_id": {
+				Description: "ID of the HashiCorp Vault integration to associate to this sidecar to be used for database account authentication.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
 			"labels": {
 				Description: "Labels that can be attached to the sidecar and shown in the `Tags` field in the UI.",
 				Type:        schema.TypeList,

diff --git a/cyral/internal/sidecar/resource_test.go b/cyral/internal/sidecar/resource_test.go
@@ -4,10 +4,11 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
 	"github.com/cyralinc/terraform-provider-cyral/cyral/internal/sidecar"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/provider"
 	"github.com/cyralinc/terraform-provider-cyral/cyral/utils"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 )
 
 func getTestCBS() sidecar.CertificateBundleSecrets {
@@ -27,6 +28,7 @@ var cloudFormationSidecarConfig = sidecar.SidecarData{
 		DeploymentMethod:           "cft-ec2",
 		LogIntegrationID:           "foo",
 		DiagnosticLogIntegrationID: "",
+		VaultIntegrationID:         "",
 	},
 	UserEndpoint:             "some.cft.user.endpoint",
 	CertificateBundleSecrets: getTestCBS(),
@@ -39,6 +41,7 @@ var dockerSidecarConfig = sidecar.SidecarData{
 		DeploymentMethod:           "docker",
 		LogIntegrationID:           "bar",
 		DiagnosticLogIntegrationID: "",
+		VaultIntegrationID:         "invalid-vault-integration-id",
 	},
 	UserEndpoint:             "some.docker.user.endpoint",
 	CertificateBundleSecrets: getTestCBS(),
@@ -51,6 +54,7 @@ var helmSidecarConfig = sidecar.SidecarData{
 		DeploymentMethod:           "helm3",
 		LogIntegrationID:           "baz",
 		DiagnosticLogIntegrationID: "",
+		VaultIntegrationID:         "123",
 	},
 	UserEndpoint:             "some.helm3.user.endpoint",
 	CertificateBundleSecrets: getTestCBS(),
@@ -63,6 +67,7 @@ var tfSidecarConfig = sidecar.SidecarData{
 		DeploymentMethod:           "terraform",
 		LogIntegrationID:           "qux",
 		DiagnosticLogIntegrationID: "",
+		VaultIntegrationID:         "123",
 	},
 	UserEndpoint:             "some.tf.user.endpoint",
 	CertificateBundleSecrets: getTestCBS(),
@@ -75,6 +80,7 @@ var singleContainerSidecarConfig = sidecar.SidecarData{
 		DeploymentMethod:           "singleContainer",
 		LogIntegrationID:           "quxx",
 		DiagnosticLogIntegrationID: "",
+		VaultIntegrationID:         "123",
 	},
 	UserEndpoint:             "some.singleContainer.user.endpoint",
 	CertificateBundleSecrets: getTestCBS(),
@@ -87,6 +93,7 @@ var linuxSidecarConfig = sidecar.SidecarData{
 		DeploymentMethod:           "linux",
 		LogIntegrationID:           "empty",
 		DiagnosticLogIntegrationID: "",
+		VaultIntegrationID:         "123",
 	},
 	UserEndpoint:             "some.linux.user.endpoint",
 	CertificateBundleSecrets: getTestCBS(),
@@ -98,6 +105,7 @@ var bypassNeverSidecarConfig = sidecar.SidecarData{
 		DeploymentMethod:           "terraform",
 		LogIntegrationID:           "a",
 		DiagnosticLogIntegrationID: "",
+		VaultIntegrationID:         "123",
 	},
 	ServicesConfig: sidecar.SidecarServicesConfig{
 		"dispatcher": map[string]string{
@@ -113,6 +121,7 @@ var bypassAlwaysSidecarConfig = sidecar.SidecarData{
 		DeploymentMethod:           "terraform",
 		LogIntegrationID:           "b",
 		DiagnosticLogIntegrationID: "",
+		VaultIntegrationID:         "123",
 	},
 	ServicesConfig: sidecar.SidecarServicesConfig{
 		"dispatcher": map[string]string{
@@ -185,15 +194,17 @@ func TestAccSidecarResource(t *testing.T) {
 func setupSidecarTest(sidecarData sidecar.SidecarData) (string, resource.TestCheckFunc) {
 	configuration := formatSidecarDataIntoConfig(sidecarData)
 
-	var deploymentMethod, logIntegrationID string
+	var deploymentMethod, logIntegrationID, vaultIntegrationID string
 	if properties := sidecarData.SidecarProperties; properties != nil {
 		deploymentMethod = properties.DeploymentMethod
 		logIntegrationID = properties.LogIntegrationID
+		vaultIntegrationID = properties.VaultIntegrationID
 	}
 	testFunctions := []resource.TestCheckFunc{
 		resource.TestCheckResourceAttr("cyral_sidecar.test_sidecar", "name", sidecarData.Name),
 		resource.TestCheckResourceAttr("cyral_sidecar.test_sidecar", "deployment_method", deploymentMethod),
 		resource.TestCheckResourceAttr("cyral_sidecar.test_sidecar", "activity_log_integration_id", logIntegrationID),
+		resource.TestCheckResourceAttr("cyral_sidecar.test_sidecar", "vault_integration_id", vaultIntegrationID),
 	}
 
 	if bypassMode := sidecarData.BypassMode(); bypassMode != "" {
@@ -232,25 +243,28 @@ func formatSidecarDataIntoConfig(sidecarData sidecar.SidecarData) string {
 		)
 	}
 
-	var deploymentMethod, logIntegrationID string
+	var deploymentMethod, logIntegrationID, vaultIntegrationID string
 	if properties := sidecarData.SidecarProperties; properties != nil {
 		deploymentMethod = properties.DeploymentMethod
 		logIntegrationID = properties.LogIntegrationID
+		vaultIntegrationID = properties.VaultIntegrationID
 	}
 
 	config := fmt.Sprintf(
 		`
 	resource "cyral_sidecar" "test_sidecar" {
-      		name = "%s"
-	      	deployment_method = "%s"
-	      	activity_log_integration_id = "%s"
+		name = "%s"
+		deployment_method = "%s"
+		activity_log_integration_id = "%s"
+		vault_integration_id = "%s"
 		labels = %s
 		user_endpoint = "%s"
 		%s
 		%s
       	}`, sidecarData.Name,
 		deploymentMethod,
 		logIntegrationID,
+		vaultIntegrationID,
 		utils.ListToStr(sidecarData.Labels),
 		sidecarData.UserEndpoint,
 		certBundleConfig,

diff --git a/docs/resources/sidecar.md b/docs/resources/sidecar.md
@@ -40,6 +40,7 @@ resource "cyral_sidecar" "some_resource_name" {
 -   `labels` (List of String) Labels that can be attached to the sidecar and shown in the `Tags` field in the UI.
 -   `log_integration_id` (String, Deprecated) ID of the log integration mapped to this sidecar, used for Cyral activity logs.
 -   `user_endpoint` (String) User-defined endpoint (also referred as `alias`) that can be used to override the sidecar DNS endpoint shown in the UI.
+-   `vault_integration_id` (String) ID of the HashiCorp Vault integration to associate to this sidecar to be used for database account authentication.
 
 ### Read-Only