feat:Add support for CyberArk to external vault configuration

arthurpitman · arthurpitman · commit a09939bd4519 · 2026-02-24T11:54:28.000+01:00
diff --git a/dynatrace/api/v2/credentials/vault/settings/externalvault/config.go b/dynatrace/api/v2/credentials/vault/settings/externalvault/config.go
@@ -38,12 +38,23 @@ type Config struct {
 	RoleID            *string `json:"roleId,omitempty"`
 	SecretID          *string `json:"secretId,omitempty"` // The ID of Credentials within the Certificate Vault holding the secret id
 	VaultNameSpace    *string `json:"vaultNamespace,omitempty"`
-	// HashicorpCertificateConfig
+
+	// HashicorpCertificateConfig, CyberarkVaultUsernamePassword and CyberarkVaultAllowedLocationConfig
 	Certificate *string `json:"certificate,omitempty"` // The ID of Credentials within the Certificate Vault holding the certificate
+
 	// AzureClientSecret
 	TenantID     *string `json:"tenantId,omitempty"`     // Tenant (directory) ID of Azure application in Azure Active Directory which has permission to access secrets in Azure Key Vault
 	ClientID     *string `json:"clientId,omitempty"`     // Client (application) ID of Azure application in Azure Active Directory which has permission to access secrets in Azure Key Vault
 	ClientSecret *string `json:"clientSecret,omitempty"` // Client secret generated for Azure application in Azure Active Directory used for proving identity when requesting a token used later for accessing secrets in Azure Key Vault
+
+	//CyberarkVaultUsernamePassword
+	UsernamePasswordForCPM *string `json:"usernamePasswordForCPM,omitempty"` // No documentation available
+
+	// CyberarkVaultAllowedLocationConfig and CyberarkVaultUsernamePassword
+	ApplicationID *string `json:"applicationId,omitempty"`
+	SafeName      *string `json:"safeName,omitempty"`
+	FolderName    *string `json:"folderName,omitempty"`
+	AccountName   *string `json:"accountName,omitempty"`
 }
 
 func (me *Config) Schema() map[string]*schema.Schema {
@@ -114,6 +125,31 @@ func (me *Config) Schema() map[string]*schema.Schema {
 			Elem:        &schema.Schema{Type: schema.TypeString},
 			Optional:    true,
 		},
+		"username_password_for_cpm": {
+			Type:        schema.TypeString,
+			Description: "No documentation available",
+			Optional:    true,
+		},
+		"application_id": {
+			Type:        schema.TypeString,
+			Description: "No documentation available",
+			Optional:    true,
+		},
+		"safe_name": {
+			Type:        schema.TypeString,
+			Description: "No documentation available",
+			Optional:    true,
+		},
+		"folder_name": {
+			Type:        schema.TypeString,
+			Description: "No documentation available",
+			Optional:    true,
+		},
+		"account_name": {
+			Type:        schema.TypeString,
+			Description: "No documentation available",
+			Optional:    true,
+		},
 	}
 }
 
@@ -162,6 +198,22 @@ func (me *Config) MarshalHCL(properties hcl.Properties) error {
 	// 	return err
 	// }
 
+	if err := properties.Encode("username_password_for_cpm", me.UsernamePasswordForCPM); err != nil {
+		return err
+	}
+	if err := properties.Encode("application_id", me.ApplicationID); err != nil {
+		return err
+	}
+	if err := properties.Encode("safe_name", me.SafeName); err != nil {
+		return err
+	}
+	if err := properties.Encode("folder_name", me.FolderName); err != nil {
+		return err
+	}
+	if err := properties.Encode("account_name", me.AccountName); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -202,6 +254,23 @@ func (me *Config) UnmarshalHCL(decoder hcl.Decoder) error {
 	if value, ok := decoder.GetOk("token_secret_name"); ok {
 		me.TokenSecretName = opt.NewString(value.(string))
 	}
+
+	if value, ok := decoder.GetOk("username_password_for_cpm"); ok {
+		me.UsernamePasswordForCPM = opt.NewString(value.(string))
+	}
+	if value, ok := decoder.GetOk("application_id"); ok {
+		me.ApplicationID = opt.NewString(value.(string))
+	}
+	if value, ok := decoder.GetOk("safe_name"); ok {
+		me.SafeName = opt.NewString(value.(string))
+	}
+	if value, ok := decoder.GetOk("folder_name"); ok {
+		me.FolderName = opt.NewString(value.(string))
+	}
+	if value, ok := decoder.GetOk("account_name"); ok {
+		me.AccountName = opt.NewString(value.(string))
+	}
+
 	// removed because this seems to get automatically assumed by the REST API
 	//
 	// if value, ok := decoder.GetOk("credentials_used_for_external_synchronization"); ok {
@@ -216,6 +285,10 @@ func (me *Config) UnmarshalHCL(decoder hcl.Decoder) error {
 		me.SourceAuthMethod = SourceAuthMethods.HashicorpVaultAppRole
 	} else if me.Certificate != nil {
 		me.SourceAuthMethod = SourceAuthMethods.HashicorpVaultCertificate
+	} else if me.UsernamePasswordForCPM != nil {
+		me.SourceAuthMethod = SourceAuthMethods.CyberarkVaultUsernamePassword
+	} else if me.ApplicationID != nil || me.SafeName != nil || me.FolderName != nil || me.AccountName != nil {
+		me.SourceAuthMethod = SourceAuthMethods.CyberarkVaultAllowedLocationConfig
 	}
 	return nil
 }
diff --git a/dynatrace/api/v2/credentials/vault/settings/externalvault/enums.go b/dynatrace/api/v2/credentials/vault/settings/externalvault/enums.go
@@ -20,11 +20,15 @@ package externalvault
 type SourceAuthMethod string
 
 var SourceAuthMethods = struct {
-	AzureKeyVaultClientSecret SourceAuthMethod
-	HashicorpVaultAppRole     SourceAuthMethod
-	HashicorpVaultCertificate SourceAuthMethod
+	AzureKeyVaultClientSecret          SourceAuthMethod
+	HashicorpVaultAppRole              SourceAuthMethod
+	HashicorpVaultCertificate          SourceAuthMethod
+	CyberarkVaultUsernamePassword      SourceAuthMethod
+	CyberarkVaultAllowedLocationConfig SourceAuthMethod
 }{
 	SourceAuthMethod("AZURE_KEY_VAULT_CLIENT_SECRET"),
 	SourceAuthMethod("HASHICORP_VAULT_APPROLE"),
 	SourceAuthMethod("HASHICORP_VAULT_CERTIFICATE"),
+	SourceAuthMethod("CYBERARK_VAULT_USERNAME_PASSWORD"),
+	SourceAuthMethod("CYBERARK_VAULT_ALLOWED_LOCATION_CONFIG"),
 }
