TFVP-Initial-Implementation-Sys-Backend-headers

[itsjiyapatel]

Description

Implements a new Terraform resource vault_config_ui_header for managing custom HTTP headers in the Vault UI. This provides a type-safe, user-friendly alternative to using vault_generic_endpoint for configuring security headers, CORS policies, and custom organizational headers.

Resource: vault_config_ui_header at internal/vault/sys/config/ui_header.go

• Full CRUD operations with proper error handling
• Vault 1.16.0+ version checking
• Sudo capability requirement with helpful error messages
• API asymmetry handling using multivalue=true parameter
• Import support and Enterprise namespace support
• RequiresReplace plan modifier on name field

Checklist

• Added CHANGELOG entry (only for user-facing changes)
• Acceptance tests where run against all supported Vault Versions

Output from acceptance testing:

$ go test -v -count=1 -run TestAccConfigUIHeader ./internal/vault/sys/config

=== RUN   TestAccConfigUIHeader
    ui_header_test.go:29: Vault server version "1.22.0-beta1+ent"
--- PASS: TestAccConfigUIHeader (0.85s)
=== RUN   TestAccConfigUIHeader_update
    ui_header_test.go:60: Vault server version "1.22.0-beta1+ent"
--- PASS: TestAccConfigUIHeader_update (1.73s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/internal/vault/sys/config 3.047s
...

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

PCI review checklist

• I have documented a clear reason for, and description of, the change I am making.

• If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

• If applicable, I've documented the impact of any changes to security controls.

  Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

[vijayavelsekar]

I think we can switch this to Set attribute type which would help ignore duplicates.

[Copilot]

Pull request overview

Adds a new Terraform Plugin Framework resource to manage Vault UI response headers via sys/config/ui/headers, providing a dedicated alternative to vault_generic_endpoint for security/CORS/custom headers.

Changes:

• Introduces vault_config_ui_header resource with CRUD, import-by-name, and Vault version gating.
• Registers the new resource in the framework provider and adds shared constant FieldValues.
• Adds website documentation, acceptance tests, and a CHANGELOG entry.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
website/docs/r/config_ui_header.html.md	New resource documentation and examples for UI headers
internal/vault/sys/config/ui_header.go	New TF Plugin Framework resource implementation for UI header CRUD/import
internal/vault/sys/config/ui_header_test.go	Acceptance tests for create/update/import behavior
internal/provider/fwprovider/provider.go	Registers the new resource with the framework provider
internal/consts/consts.go	Adds FieldValues constant used by the new resource/tests
CHANGELOG.md	Adds an Unreleased FEATURES entry for the new resource

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[harshit-nema]

Review comments provided for sys backend headers.