Add support for disabled_validations to the PKI CMPv2 config resource #2412
Conversation
victorr
force-pushed
the
victorr/vault-34203-pki-cmpv2-optional-verifications
branch
from
2bc5562 to
efa5c94
Compare
victorr
force-pushed
the
victorr/vault-34203-pki-cmpv2-optional-verifications
branch
from
efa5c94 to
268438e
Compare
| @@ -63,6 +63,15 @@ func pkiSecretBackendConfigCMPV2DataSource() *schema.Resource { | |||
| Type: schema.TypeString, | |||
| }, | |||
| }, | |||
| consts.FieldDisabledValidations: { | |||
There was a problem hiding this comment.
Every other field seems to have a "computed" line - why not this one? How is this different than AuditFields in that sense? I'm also not really sure how optional works here? Most of these don't have that listed.
There was a problem hiding this comment.
The computed argument is mainly used when a value is returned from the server when no initial value from Terraform itself was provided. In this case since I believe the value returned will be an empty list it isn't required.
Optional only means the field does not need to be specified within the resource block
| * `audit_fields` - (Optional) Fields parsed from the CSR that appear in the audit and can be used by sentinel policies. | ||
|
|
||
| * `disabled_validations` - (Optional) A comma-separated list of validations not to perform on CMPv2 messages. |
There was a problem hiding this comment.
Might be nice to mention what the (current) supported options are.
There was a problem hiding this comment.
I believe the norm isn't to specify a list here as it can fall out of sync with the server side of things, especially across revisions.
Its the same reasoning the TFVP team have shied away from enforcing the valid values on the input schema as it causes end-user friction that we need to update and publish a new TFVP version every time something on the server changes
Description
Add support for disabled_validations to the PKI CMPv2 config resource.
Checklist
Output from acceptance testing:
Community Note