diff --git a/consul/resource_consul_prepared_query.go b/consul/resource_consul_prepared_query.go index 52072b71..55228ad6 100644 --- a/consul/resource_consul_prepared_query.go +++ b/consul/resource_consul_prepared_query.go @@ -186,6 +186,11 @@ Managing prepared queries is done using Consul's REST API. This resource is usef Required: true, Description: "The regular expression to match with. When using `name_prefix_match`, this regex is applied against the query name.", }, + "remove_empty_tags": { + Type: schema.TypeBool, + Optional: true, + Description: "If set to true, will cause the tags list inside the service structure to be stripped of any empty strings.", + }, }, }, }, @@ -295,8 +300,9 @@ func resourceConsulPreparedQueryRead(d *schema.ResourceData, meta interface{}) e if userWroteTemplate || pq.Template.Type != "" { template = append(template, map[string]interface{}{ - "type": pq.Template.Type, - "regexp": pq.Template.Regexp, + "type": pq.Template.Type, + "regexp": pq.Template.Regexp, + "remove_empty_tags": pq.Template.RemoveEmptyTags, }) } sw.set("template", template) @@ -377,8 +383,9 @@ func preparedQueryDefinitionFromResourceData(d *schema.ResourceData) *consulapi. if _, ok := d.GetOk("template.0"); ok { pq.Template = consulapi.QueryTemplate{ - Type: d.Get("template.0.type").(string), - Regexp: d.Get("template.0.regexp").(string), + Type: d.Get("template.0.type").(string), + Regexp: d.Get("template.0.regexp").(string), + RemoveEmptyTags: d.Get("template.0.remove_empty_tags").(bool), } } diff --git a/consul/resource_consul_prepared_query_test.go b/consul/resource_consul_prepared_query_test.go index 63235cfc..1a2ac885 100644 --- a/consul/resource_consul_prepared_query_test.go +++ b/consul/resource_consul_prepared_query_test.go @@ -36,6 +36,7 @@ func TestAccConsulPreparedQuery_basic(t *testing.T) { resource.TestCheckResourceAttr("consul_prepared_query.foo", "failover.0.datacenters.#", "2"), resource.TestCheckResourceAttr("consul_prepared_query.foo", "template.0.type", "name_prefix_match"), resource.TestCheckResourceAttr("consul_prepared_query.foo", "template.0.regexp", "hello"), + resource.TestCheckResourceAttr("consul_prepared_query.foo", "template.0.remove_empty_tags", "true"), resource.TestCheckResourceAttr("consul_prepared_query.foo", "dns.0.ttl", "8m"), ), }, @@ -305,8 +306,9 @@ resource "consul_prepared_query" "foo" { } template { - type = "name_prefix_match" - regexp = "hello" + type = "name_prefix_match" + regexp = "hello" + remove_empty_tags = true } dns { diff --git a/docs/resources/certificate_authority.md b/docs/resources/certificate_authority.md index 18a0e590..16a5b08b 100644 --- a/docs/resources/certificate_authority.md +++ b/docs/resources/certificate_authority.md @@ -13,7 +13,44 @@ The `consul_certificate_authority` resource can be used to manage the configurat -> **Note:** The keys in the `config` argument must be using Camel case. +## Example Usage +```terraform +# Using the built-in CA with specific TTL +resource "consul_certificate_authority" "connect" { + connect_provider = "consul" + + config_json = jsondecode({ + LeafCertTTL = "24h" + RotationPeriod = "2160h" + IntermediateCertTTL = "8760h" + }) +} + + +# Using Vault to manage and sign certificates +resource "consul_certificate_authority" "connect" { + connect_provider = "vault" + + config_json = jsonencode({ + Address = "http://localhost:8200" + Token = "..." + RootPKIPath = "connect-root" + IntermediatePKIPath = "connect-intermediate" + }) +} + + +# Using the AWS Certificate Manager Private Certificate Authority +# * https://aws.amazon.com/certificate-manager/private-certificate-authority/ +resource "consul_certificate_authority" "connect" { + connect_provider = "aws-pca" + + config_json = jsonencode({ + ExistingARN = "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-123456789012" + }) +} +``` ## Schema diff --git a/docs/resources/config_entry.md b/docs/resources/config_entry.md index e89573fa..aed07d70 100644 --- a/docs/resources/config_entry.md +++ b/docs/resources/config_entry.md @@ -281,7 +281,7 @@ resource "consul_config_entry" "mesh" { resource "consul_config_entry" "jwt_provider" { name = "provider-name" kind = "jwt-provider" - + config_json = jsonencode({ Issuer = "https://your.issuer.com" JSONWebKeySet = { diff --git a/docs/resources/prepared_query.md b/docs/resources/prepared_query.md index 5cf222a2..04cc2ee5 100644 --- a/docs/resources/prepared_query.md +++ b/docs/resources/prepared_query.md @@ -134,6 +134,10 @@ Required: - `regexp` (String) The regular expression to match with. When using `name_prefix_match`, this regex is applied against the query name. - `type` (String) The type of template matching to perform. Currently only `name_prefix_match` is supported. +Optional: + +- `remove_empty_tags` (Boolean) If set to true, will cause the tags list inside the service structure to be stripped of any empty strings. + ## Import Import is supported using the following syntax: diff --git a/templates/resources/config_entry.md b/templates/resources/config_entry.md index 642d9674..aed07d70 100644 --- a/templates/resources/config_entry.md +++ b/templates/resources/config_entry.md @@ -171,6 +171,24 @@ resource "consul_config_entry" "sd" { }) } +resource "consul_config_entry" "jwt_provider" { + name = "test-provider" + kind = "jwt-provider" + + config_json = jsonencode({ + Issuer = "test-issuer" + JSONWebKeySet = { + Remote = { + URI = "https://127.0.0.1:9091" + FetchAsynchronously = true + } + } + Forwarding = { + HeaderName = "test-token" + } + }) +} + resource "consul_config_entry" "service_intentions" { name = consul_config_entry.sd.name kind = "service-intentions" @@ -186,6 +204,13 @@ resource "consul_config_entry" "service_intentions" { Methods = ["GET", "HEAD"] PathExact = "/healtz" } + JWT = { + Providers = [ + { + Name = consul_config_entry.jwt_provider.name + } + ] + } } ] Precedence = 9 @@ -250,6 +275,29 @@ resource "consul_config_entry" "mesh" { } ``` +### `jwt-provider` config entry + +```hcl +resource "consul_config_entry" "jwt_provider" { + name = "provider-name" + kind = "jwt-provider" + + config_json = jsonencode({ + Issuer = "https://your.issuer.com" + JSONWebKeySet = { + Remote = { + URI = "https://your-remote.jwks.com" + FetchAsynchronously = true + CacheDuration = "10s" + } + } + Forwarding = { + HeaderName = "test-token" + } + }) +} +``` + ## Argument Reference