VAULT-38848: make enos_bundle_install artifactory.username optional

VERSION

@@ -1 +1 @@
-0.6.2
+0.6.3

docs/data-sources/artifactory_item.md

@@ -89,7 +89,7 @@ for every criteria. This means that you can use wildcards `*` for any field. See
 - `properties` (Map of String) A map of properties to match on
 - `query_template` (String) An AQL query to run. When a 'query' is provided all search properties are ignored so you must write the a complete and valid items.find() query
 - `repo` (String) The Artifactory repository you want to search in
-- `username` (String) The Artifactory API Key user name. Depending on your login scheme this is likely an email address. If no username is provided we'll assume you wish to use an identity token for Auth
+- `username` (String, Deprecated) The Artifactory API Key user name. Depending on your login scheme this is likely an email address. If no username is provided we'll assume you wish to use an identity token for Auth
 
 ### Read-Only
 

docs/resources/bundle_install.md

@@ -28,16 +28,18 @@ only one can be configured at a time.
 
 ### Optional
 
-- `artifactory` (Object, Sensitive) - `artifactory.username` (String) The Artifactory API username. This will likely be your hashicorp email address
-- `artifactory.token` (String) The Artifactory API token. You can sign into Artifactory and generate one
+- `artifactory` (Object, Sensitive) Configuration for installing artifacts from Artifactory
+- `artifactory.username` (String, Deprecated) The Artifactory API Key user name. Depending on your login scheme this is likely an email address. If no username is provided we'll assume you wish to use an identity token for Auth
+- `artifactory.token` (String) The Artifactory API Key token or identity token. API keys are deprecated so it is best to use an identity token
 - `artifactory.url` (String) The fully qualified Artifactory item URL. You can use enos_artifactory_item to search for this URL
 - `artifactory.sha256` (String) The Artifactory item SHA 256 sum. If present this will be verified on the remote target before the package is installed (see [below for nested schema](#nestedatt--artifactory))
 - `destination` (String) The destination directory of the installed binary, eg: /usr/local/bin/. This is required if the artifact is a zip archive and optional when installing RPM or Deb packages
 - `getter` (String) The method used to fetch the package
 - `installer` (String) The method used to install the package
 - `name` (String) The name of the artifact that was installed
 - `path` (String) The local path to a zip archive install bundle.
-- `release` (Object) - `release.product` (String) The product name that you wish to install, eg: 'vault' or 'consul'
+- `release` (Object) Configuration for installing artifacts from https://releases.hashicorpl.com
+- `release.product` (String) The product name that you wish to install, eg: 'vault' or 'consul'
 - `release.version` (String) The version of the product that you wish to install. Use the full semver version ('2.1.3' or 'latest')
 - `release.edition` (String) The edition of the product that you wish to install. Eg: 'ce', 'ent', 'ent.hsm', 'ent.hsm.fips1403', etc. (see [below for nested schema](#nestedatt--release))
 - `transport` (Dynamic) - `transport.ssh` (Object) the ssh transport configuration

docs/resources/consul_start.md

@@ -21,7 +21,8 @@ The `enos_consul_start` resource is capable of configuring a Consul service on a
 
 ### Optional
 
-- `config` (Object) - `config.bind_addr` (String) The Consul [bind_addr](https://developer.hashicorp.com/consul/docs/agent/config/config-files#bind_addr) value
+- `config` (Object) The consul configuration
+- `config.bind_addr` (String, Optional) The Consul [bind_addr](https://developer.hashicorp.com/consul/docs/agent/config/config-files#bind_addr) value
 - `config.datacenter` (String) The Consul [datacenter](https://developer.hashicorp.com/consul/docs/agent/config/config-files#datacenter) value
 - `config.data_dir` (String) The Consul [data_dir](https://developer.hashicorp.com/consul/docs/agent/config/config-files#data_dir) value
 - `config.retry_join` (List of String) The Consul [retry_join](https://developer.hashicorp.com/consul/docs/agent/config/config-files#retry_join) value

docs/resources/vault_start.md

@@ -27,7 +27,8 @@ As such, you will need to provide _all_ values except for `seals` until we make
 ### Required
 
 - `bin_path` (String) The fully qualified path to the vault binary
-- `config` (Object) - `config.api_addr` (String) The Vault [api_addr](https://developer.hashicorp.com/vault/docs/configuration#api_addr) value
+- `config` (Object) The vault configuration
+- `config.api_addr` (String) The Vault [api_addr](https://developer.hashicorp.com/vault/docs/configuration#api_addr) value
 - `config.cluster_addr` (String) The Vault [cluster_addr](https://developer.hashicorp.com/vault/docs/configuration#cluster_addr) value
 - `config.cluster_name` (String) The Vault [cluster_addr](https://developer.hashicorp.com/vault/docs/configuration#cluster_addr) value
 - `config.listener` (Object) The Vault [listener](https://developer.hashicorp.com/vault/docs/configuration/listener) stanza
@@ -38,14 +39,14 @@ As such, you will need to provide _all_ values except for `seals` until we make
 - `config.listener.inflight_requests_logging` (Object) The Vault listener [inflight_requests_logging](https://developer.hashicorp.com/vault/docs/configuration/listener/tcp#inflight_requests_logging-parameters) stanza
 - `config.listener.custom_response_headers` (Object) The Vault listener [custom_response_headers](https://developer.hashicorp.com/vault/docs/configuration/listener/tcp#custom_response_headers-parameters) stanza
 - `config.log_level` (String) The Vault [log_level](https://developer.hashicorp.com/vault/docs/configuration#log_level)
-- `config.storage` (Object) The Vault [storage](https://developer.hashicorp.com/vault/docs/configuration/storage) stanza
+- `config.storage` (Object, Optional) The Vault [storage](https://developer.hashicorp.com/vault/docs/configuration/storage) stanza
 - `config.storage.type` (String) The Vault [storage](https://developer.hashicorp.com/vault/docs/configuration/storage) type
 - `config.storage.attributes` (Object) The Vault [storage](https://developer.hashicorp.com/vault/docs/configuration/storage) parameters for the given storage type
 - `config.storage.retry_join` (Object) The Vault integrated storage [retry_join](https://developer.hashicorp.com/vault/docs/configuration/storage/raft#retry_join-stanza) stanza
-- `config.seal` (Object) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) stanza
+- `config.seal` (Object, Optional) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) stanza
 - `config.seal.type` (String) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) type
 - `config.seal.attributes` (String) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) parameters for the given seal type
-- `config.seals` (Object) Vault Enterprise [HA seal](https://developer.hashicorp.com/vault/docs/configuration/seal/seal-ha) configuration. Cannot be used in conjunction with `config.seal`. Up to three seals can be defined but only one is required.
+- `config.seals` (Object, Optional) Vault Enterprise [HA seal](https://developer.hashicorp.com/vault/docs/configuration/seal/seal-ha) configuration. Cannot be used in conjunction with `config.seal`. Up to three seals can be defined but only one is required.
 - `config.seals.primary` (Object) The primary [HA seal](https://developer.hashicorp.com/vault/docs/configuration/seal/seal-ha) stanza. Primary has priority 1
 - `config.seals.primary.type` (String) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) type
 - `config.seals.primary.attributes` (String) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) parameters for the given seal type
@@ -55,7 +56,7 @@ As such, you will need to provide _all_ values except for `seals` until we make
 - `config.seals.tertiary` (Object) The tertiary [HA seal](https://developer.hashicorp.com/vault/docs/configuration/seal/seal-ha) stanza. Tertiary has priority 3
 - `config.seals.tertiary.type` (String) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) type
 - `config.seals.tertiary.attributes` (String) The Vault [seal](https://developer.hashicorp.com/vault/docs/configuration/seal) parameters for the given seal type
-- `config.telemetry` (Object) The Vault [telemetry](https://developer.hashicorp.com/vault/docs/configuration/telemetry#telemetry-parameters) stanza (see [below for nested schema](#nestedatt--config))
+- `config.telemetry` (Object, Optional) The Vault [telemetry](https://developer.hashicorp.com/vault/docs/configuration/telemetry#telemetry-parameters) stanza (see [below for nested schema](#nestedatt--config))
 
 ### Optional
 

internal/plugin/datasource_artifactory_item.go

@@ -206,6 +206,7 @@ for every criteria. This means that you can use wildcards ^*^ for any field. See
 					Name:        "username",
 					Type:        tftypes.String,
 					Optional:    true,
+					Deprecated:  true,
 					Description: "The Artifactory API Key user name. Depending on your login scheme this is likely an email address. If no username is provided we'll assume you wish to use an identity token for Auth",
 				},
 				{

internal/plugin/resource_bundle_install.go

@@ -466,8 +466,9 @@ only one can be configured at a time.
 					Optional:        true,
 					DescriptionKind: tfprotov6.StringKindMarkdown,
 					Description: docCaretToBacktick(`
-- ^artifactory.username^ (String) The Artifactory API username. This will likely be your hashicorp email address
-- ^artifactory.token^ (String) The Artifactory API token. You can sign into Artifactory and generate one
+Configuration for installing artifacts from Artifactory
+- ^artifactory.username^ (String, Deprecated) The Artifactory API Key user name. Depending on your login scheme this is likely an email address. If no username is provided we'll assume you wish to use an identity token for Auth
+- ^artifactory.token^ (String) The Artifactory API Key token or identity token. API keys are deprecated so it is best to use an identity token
 - ^artifactory.url^ (String) The fully qualified Artifactory item URL. You can use enos_artifactory_item to search for this URL
 - ^artifactory.sha256^ (String) The Artifactory item SHA 256 sum. If present this will be verified on the remote target before the package is installed
 `),
@@ -479,6 +480,7 @@ only one can be configured at a time.
 
 					DescriptionKind: tfprotov6.StringKindMarkdown,
 					Description: docCaretToBacktick(`
+Configuration for installing artifacts from https://releases.hashicorpl.com
 - ^release.product^ (String) The product name that you wish to install, eg: 'vault' or 'consul'
 - ^release.version^ (String) The version of the product that you wish to install. Use the full semver version ('2.1.3' or 'latest')
 - ^release.edition^ (String) The edition of the product that you wish to install. Eg: 'ce', 'ent', 'ent.hsm', 'ent.hsm.fips1403', etc.
@@ -689,12 +691,25 @@ func (s *bundleInstallStateV1) Terraform5Value() tftypes.Value {
 }
 
 func (s *bundleInstallStateV1) ArtifactoryTerraform5Type() tftypes.Type {
-	return tftypes.Object{AttributeTypes: map[string]tftypes.Type{
+	return tftypes.Object{
+		AttributeTypes:     s.artifactoryAttrs(),
+		OptionalAttributes: s.artifactoryOptionalAttrs(),
+	}
+}
+
+func (s *bundleInstallStateV1) artifactoryAttrs() map[string]tftypes.Type {
+	return map[string]tftypes.Type{
 		"username": s.Artifactory.Username.TFType(),
 		"token":    s.Artifactory.Token.TFType(),
 		"url":      s.Artifactory.URL.TFType(),
 		"sha256":   s.Artifactory.SHA256.TFType(),
-	}}
+	}
+}
+
+func (s *bundleInstallStateV1) artifactoryOptionalAttrs() map[string]struct{} {
+	return map[string]struct{}{
+		"username": {},
+	}
 }
 
 func (s *bundleInstallStateV1) ReleaseTerraform5Type() tftypes.Type {
@@ -708,7 +723,11 @@ func (s *bundleInstallStateV1) ReleaseTerraform5Type() tftypes.Type {
 func (s *bundleInstallStateV1) ArtifactoryTerraform5Value() tftypes.Value {
 	// As this is an optional value, return a nil object instead of nil values
 	if tfStringsSetOrUnknown(s.Artifactory.Username, s.Artifactory.Token, s.Artifactory.URL) {
-		return tftypes.NewValue(s.ArtifactoryTerraform5Type(), map[string]tftypes.Value{
+		typ := tftypes.Object{
+			AttributeTypes: s.artifactoryAttrs(),
+		}
+
+		return tftypes.NewValue(typ, map[string]tftypes.Value{
 			"username": s.Artifactory.Username.TFValue(),
 			"token":    s.Artifactory.Token.TFValue(),
 			"url":      s.Artifactory.URL.TFValue(),

internal/plugin/resource_bundle_install_test.go

@@ -38,7 +38,7 @@ func TestAccResourceBundleInstall(t *testing.T) {
 
 		  {{ if .Artifactory.URL.Value -}}
 		  artifactory = {
-			username = {{ if .Artifactory.Username.Value }} "{{ .Artifactory.Username.Value }}" {{ else }} null {{ end }}
+			{{ if .Artifactory.Username.Value }} username = "{{ .Artifactory.Username.Value }}" {{ end }}
 			token    = "{{ .Artifactory.Token.Value }}"
 			url      = "{{ .Artifactory.URL.Value }}"
 			sha256   = "{{ .Artifactory.SHA256.Value }}"
@@ -101,21 +101,21 @@ func TestAccResourceBundleInstall(t *testing.T) {
 		false,
 	})
 
-	installBundleArtifactory := newBundleInstallStateV1()
-	installBundleArtifactory.ID.Set("art")
-	installBundleArtifactory.Destination.Set("/opt/vault/bin")
-	installBundleArtifactory.Artifactory.Token.Set("1234abcd")
-	installBundleArtifactory.Artifactory.Username.Set("[email protected]")
-	installBundleArtifactory.Artifactory.URL.Set("https://artifactory.com")
-	installBundleArtifactory.Artifactory.SHA256.Set("abcd1234")
+	installBundleArtifactAPIAuth := newBundleInstallStateV1()
+	installBundleArtifactAPIAuth.ID.Set("art")
+	installBundleArtifactAPIAuth.Destination.Set("/opt/vault/bin")
+	installBundleArtifactAPIAuth.Artifactory.Token.Set("1234abcd")
+	installBundleArtifactAPIAuth.Artifactory.Username.Set("[email protected]")
+	installBundleArtifactAPIAuth.Artifactory.URL.Set("https://artifactory.com")
+	installBundleArtifactAPIAuth.Artifactory.SHA256.Set("abcd1234")
 	ssh = newEmbeddedTransportSSH()
 	ssh.User.Set("ubuntu")
 	ssh.Host.Set("localhost")
 	ssh.PrivateKey.Set(privateKey)
-	require.NoError(t, installBundleArtifactory.Transport.SetTransportState(ssh))
+	require.NoError(t, installBundleArtifactAPIAuth.Transport.SetTransportState(ssh))
 	cases = append(cases, testAccResourceTemplate{
 		"artifactory",
-		installBundleArtifactory,
+		installBundleArtifactAPIAuth,
 		resource.ComposeTestCheckFunc(
 			resource.TestMatchResourceAttr("enos_bundle_install.art", "id", regexp.MustCompile(`^path$`)),
 			resource.TestMatchResourceAttr("enos_bundle_install.art", "destination", regexp.MustCompile(`^/usr/local/bin/vault$`)),
@@ -129,6 +129,32 @@ func TestAccResourceBundleInstall(t *testing.T) {
 		false,
 	})
 
+	installBundleArtifactTokenAuth := newBundleInstallStateV1()
+	installBundleArtifactTokenAuth.ID.Set("art")
+	installBundleArtifactTokenAuth.Destination.Set("/opt/vault/bin")
+	installBundleArtifactTokenAuth.Artifactory.Token.Set("1234abcd")
+	installBundleArtifactTokenAuth.Artifactory.URL.Set("https://artifactory.com")
+	installBundleArtifactTokenAuth.Artifactory.SHA256.Set("abcd1234")
+	ssh = newEmbeddedTransportSSH()
+	ssh.User.Set("ubuntu")
+	ssh.Host.Set("localhost")
+	ssh.PrivateKey.Set(privateKey)
+	require.NoError(t, installBundleArtifactTokenAuth.Transport.SetTransportState(ssh))
+	cases = append(cases, testAccResourceTemplate{
+		"artifactory",
+		installBundleArtifactTokenAuth,
+		resource.ComposeTestCheckFunc(
+			resource.TestMatchResourceAttr("enos_bundle_install.art", "id", regexp.MustCompile(`^path$`)),
+			resource.TestMatchResourceAttr("enos_bundle_install.art", "destination", regexp.MustCompile(`^/usr/local/bin/vault$`)),
+			resource.TestMatchResourceAttr("enos_bundle_install.art", "artifactory.token", regexp.MustCompile(`^1234abcd$`)),
+			resource.TestMatchResourceAttr("enos_bundle_install.art", "artifactory.url", regexp.MustCompile(`^https://artifactory.com$`)),
+			resource.TestMatchResourceAttr("enos_bundle_install.art", "artifactory.sha256", regexp.MustCompile(`^abcd1234$`)),
+			resource.TestMatchResourceAttr("enos_bundle_install.art", "transport.ssh.user", regexp.MustCompile(`^ubuntu$`)),
+			resource.TestMatchResourceAttr("enos_bundle_install.art", "transport.ssh.host", regexp.MustCompile(`^localhost$`)),
+		),
+		false,
+	})
+
 	// To do a real test, set the environment variables when running `make test-acc`
 	enosVars, ok := ensureEnosTransportEnvVars(t)
 	if ok {
@@ -183,8 +209,8 @@ func TestAccResourceBundleInstall(t *testing.T) {
 				bundleInstallArtifactoryInstall.Artifactory.Username.Set(artUser)
 			}
 			bundleInstallArtifactoryInstall.Artifactory.Token.Set(artToken)
-			bundleInstallArtifactoryInstall.Artifactory.URL.Set("https://artifactory.hashicorp.engineering/artifactory/hashicorp-packagespec-buildcache-local/cache-v1/vault-enterprise/7fb88d4d3d0a36ffc78a522d870492e5791bae1b0640232ce4c6d69cc22cf520/store/f45845666b4e552bfc8ca775834a3ef6fc097fe0-1a2809da73e5896b6f766b395ff6e1804f876c45.zip")
-			bundleInstallArtifactoryInstall.Artifactory.SHA256.Set("d01a82111133908167a5a140604ab3ec8fd18601758376a5f8e9dd54c7703373")
+			bundleInstallArtifactoryInstall.Artifactory.URL.Set("https://artifactory.hashicorp.engineering/artifactory/hashicorp-crt-prod-local/vault-enterprise/1.20.2%2Bent/8e95c64a526fa9f8aa0b822fcf5080eb0f6226be/vault_1.20.2%2Bent_linux_amd64.zip")
+			bundleInstallArtifactoryInstall.Artifactory.SHA256.Set("081e592c87d9209e0e77b8e7092ba71d9be64ba6eee0fafc935d9044d9c2afb3")
 			ssh := newEmbeddedTransportSSH()
 			ssh.Host.Set(enosVars["host"])
 			require.NoError(t, bundleInstallArtifactoryInstall.Transport.SetTransportState(ssh))

internal/plugin/resource_consul_start.go

@@ -262,7 +262,8 @@ The ^enos_consul_start^ resource is capable of configuring a Consul service on a
 					Optional:        true,
 					DescriptionKind: tfprotov6.StringKindMarkdown,
 					Description: docCaretToBacktick(`
-- ^config.bind_addr^ (String) The Consul [bind_addr](https://developer.hashicorp.com/consul/docs/agent/config/config-files#bind_addr) value
+The consul configuration
+- ^config.bind_addr^ (String, Optional) The Consul [bind_addr](https://developer.hashicorp.com/consul/docs/agent/config/config-files#bind_addr) value
 - ^config.datacenter^ (String) The Consul [datacenter](https://developer.hashicorp.com/consul/docs/agent/config/config-files#datacenter) value
 - ^config.data_dir^ (String) The Consul [data_dir](https://developer.hashicorp.com/consul/docs/agent/config/config-files#data_dir) value
 - ^config.retry_join^ (List of String) The Consul [retry_join](https://developer.hashicorp.com/consul/docs/agent/config/config-files#retry_join) value