Add support for Customer Key Version and Encrypted Data Keys#1203
Merged
helenjw merged 12 commits intofeature/hyokfrom Aug 28, 2025
Merged
Add support for Customer Key Version and Encrypted Data Keys#1203helenjw merged 12 commits intofeature/hyokfrom
helenjw merged 12 commits intofeature/hyokfrom
Conversation
|
|
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes 1 out of 2 committers have signed the CLA.
Have you signed the CLA already but the status is still pending? Recheck it. |
helenjw
changed the title
helenjw
commented
Aug 27, 2025
Comment on lines
+11
to
+13
| // AWSOIDCConfigurations describes all the AWS OIDC configuration related methods that the HCP Terraform API supports. | ||
| // HCP Terraform API docs: | ||
| // https://developer.hashicorp.com/terraform/cloud-docs/api-docs/hold-your-own-key/oidc-configurations/aws |
Contributor
Author
There was a problem hiding this comment.
Realized these were missing from the PR for OIDC and HYOK configs 😢
hyok_encrypted_data_key.go
Outdated
| // Read a HYOK encrypted data key by its ID. | ||
| func (h hyokEncryptedDataKeys) Read(ctx context.Context, hyokEncryptedDataKeyID string) (*HYOKEncryptedDataKey, error) { | ||
| if !validStringID(&hyokEncryptedDataKeyID) { | ||
| return nil, ErrInvalidHYOK |
Contributor
There was a problem hiding this comment.
should we change ErrInvalidHYOK to something like ErrInvalidHYOKEncryptedDataKeyID?
Contributor
There was a problem hiding this comment.
I wonder if we should have test cases for Revoke and Delete.
Contributor
There was a problem hiding this comment.
That's tough, because we cant create the key version in tests. So we would need the user to manually input the key version ID which they want to revoke, and the test could only ever run once without changing the ID....that could work, but IMHO it probably isnt worth it
Contributor
There was a problem hiding this comment.
That's tough, because we cant create the key version in tests. So we would need the user to manually input the key version ID which they want to revoke, and the test could only ever run once without changing the ID....that could work, but IMHO it probably isnt worth it
Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com>
JarrettSpiker
approved these changes
Aug 28, 2025
Maed223
approved these changes
Aug 28, 2025
|
Reminder to the contributor that merged this PR: if your changes have added important functionality or fixed a relevant bug, open a follow-up PR to update CHANGELOG.md with a note on your changes. |
helenjw
added a commit
that referenced
this pull request
Aug 29, 2025
Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com>
iuri-slywitch-hashicorp
pushed a commit
that referenced
this pull request
Sep 12, 2025
Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com>
iuri-slywitch-hashicorp
added a commit
that referenced
this pull request
Sep 15, 2025
* initial attribute changes, wip * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Update workspace.go Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Add support for Customer Key Version and Encrypted Data Keys (#1203) Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Updating attributes. * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Add support for Customer Key Version and Encrypted Data Keys (#1203) Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Updating agent_pool. Added test case. * Updated agent pool integration test file. * Revert commented section. * Updating organization. WIP organization_integration_test. * Updated organization integration test. * Updating attributes. Updating test cases. * Added workspace integration test cases * Updated test cases. * Updated state_version. Updated Read test cases. * Updated hyok tests. Added environment variables. * Updated errors.go * WIP StateVersion * Updated skipHYOKIntegrationTests if-statement. * Added hyok-testing.sh to scripts folder. Finished state_version testing and new functions. * Updated uploading test. * Added comments to UploadSanitizedState. * Updated hyok test cases. * Updating state_version_mocks.go. --------- Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> Co-authored-by: Helen Jiang <50344290+helenjw@users.noreply.github.com>
helenjw
added a commit
that referenced
this pull request
Sep 15, 2025
Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com>
helenjw
added a commit
that referenced
this pull request
Sep 15, 2025
* initial attribute changes, wip * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Update workspace.go Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Add support for Customer Key Version and Encrypted Data Keys (#1203) Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Updating attributes. * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Add support for Customer Key Version and Encrypted Data Keys (#1203) Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Updating agent_pool. Added test case. * Updated agent pool integration test file. * Revert commented section. * Updating organization. WIP organization_integration_test. * Updated organization integration test. * Updating attributes. Updating test cases. * Added workspace integration test cases * Updated test cases. * Updated state_version. Updated Read test cases. * Updated hyok tests. Added environment variables. * Updated errors.go * WIP StateVersion * Updated skipHYOKIntegrationTests if-statement. * Added hyok-testing.sh to scripts folder. Finished state_version testing and new functions. * Updated uploading test. * Added comments to UploadSanitizedState. * Updated hyok test cases. * Updating state_version_mocks.go. --------- Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> Co-authored-by: Helen Jiang <50344290+helenjw@users.noreply.github.com>
sebasslash
added a commit
that referenced
this pull request
Sep 23, 2025
* Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Add support for Customer Key Version and Encrypted Data Keys (#1203) Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * [TF-27661] Add support for HYOK related attributes (#1192) * initial attribute changes, wip * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Update workspace.go Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Add support for Customer Key Version and Encrypted Data Keys (#1203) Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Updating attributes. * Add support for HYOK Configurations and OIDC Configurations (#1162) Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> * Add support for Customer Key Version and Encrypted Data Keys (#1203) Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> * Updating agent_pool. Added test case. * Updated agent pool integration test file. * Revert commented section. * Updating organization. WIP organization_integration_test. * Updated organization integration test. * Updating attributes. Updating test cases. * Added workspace integration test cases * Updated test cases. * Updated state_version. Updated Read test cases. * Updated hyok tests. Added environment variables. * Updated errors.go * WIP StateVersion * Updated skipHYOKIntegrationTests if-statement. * Added hyok-testing.sh to scripts folder. Finished state_version testing and new functions. * Updated uploading test. * Added comments to UploadSanitizedState. * Updated hyok test cases. * Updating state_version_mocks.go. --------- Co-authored-by: Helen Jiang <helen.jiang@hashicorp.com> Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> Co-authored-by: Helen Jiang <50344290+helenjw@users.noreply.github.com> * Update CHANGELOG.md * Remove UpdatedAt and RevokedAt fields from hyok_customer_key_version * added workplaces secured * renamed workplaces to workspaces... oops * Update agent_pool.go Co-authored-by: Sebastian Rivera <sebastian.rivera@hashicorp.com> * Moved valid function in aws_oidc_configuration.go * Removing "omitempty" from HYOKEncryptedDataKey relationships * Changed from "string" to "*string" in state_version.go and added url.PathEscape in request calls for hyok stuff. * Moving HYOK organization validation to helper_test.go * Updating mock file. --------- Co-authored-by: iuri-slywitch-hashicorp <170475063+iuri-slywitch-hashicorp@users.noreply.github.com> Co-authored-by: Jarrett Spiker <jarrett.spiker@hashicorp.com> Co-authored-by: Dominic Retli <dominic.retli@hashicorp.com> Co-authored-by: Sebastian Rivera <sebastian.rivera@hashicorp.com> Co-authored-by: Iuri Slywitch <iuri.slywitch@hashicorp.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Add support for HYOK customer key versions and HYOK encrypted data keys.
Supported operations for
HYOKCustomerKeyVersions:Supported operations for
HYOKEncryptedDataKey:External links
Output from tests
envchain local-go-tfe go test -run TestHYOKEncryptedDataKeyRead -v 16:46:44 29ms === RUN TestHYOKEncryptedDataKeyRead === RUN TestHYOKEncryptedDataKeyRead/read_an_existing_encrypted_data_key --- PASS: TestHYOKEncryptedDataKeyRead (0.42s) --- PASS: TestHYOKEncryptedDataKeyRead/read_an_existing_encrypted_data_key (0.17s) PASS ok github.com/hashicorp/go-tfe 0.983senvchain local-go-tfe go test -run TestHYOKCustomerKeyVersions -v 16:46:55 3.019s === RUN TestHYOKCustomerKeyVersionsList === RUN TestHYOKCustomerKeyVersionsList/with_no_list_options --- PASS: TestHYOKCustomerKeyVersionsList (7.76s) --- PASS: TestHYOKCustomerKeyVersionsList/with_no_list_options (0.10s) === RUN TestHYOKCustomerKeyVersionsRead === RUN TestHYOKCustomerKeyVersionsRead/read_an_existing_key_version --- PASS: TestHYOKCustomerKeyVersionsRead (0.34s) --- PASS: TestHYOKCustomerKeyVersionsRead/read_an_existing_key_version (0.12s) PASS ok github.com/hashicorp/go-tfe 8.630sRollback Plan
Changes to Security Controls