DO NOT MERGE Hack to run name constraints provider tests with a dev b…

…uild of Vault.
hashicorp · Jan 28, 2025 · 29254a0 · 29254a0
1 parent 3aa6b7d
commit 29254a0
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 10 deletions.
diff --git a/vault/resource_pki_secret_backend_root_cert.go b/vault/resource_pki_secret_backend_root_cert.go
@@ -459,7 +459,7 @@ func pkiSecretBackendRootCertCreate(_ context.Context, d *schema.ResourceData, m
 	// Whether name constraints fields (other than permitted_dns_domains), are supproted,
 	// See VAULT-32141.
 	isNameConstraintsExtensionSupported := provider.IsAPISupported(meta, provider.VaultVersion119)
-	if isNameConstraintsExtensionSupported {
+	if isNameConstraintsExtensionSupported || true { // FIXME(victorr): remove dev workaround
 		rootCertStringArrayFields = append(rootCertStringArrayFields,
 			consts.FieldExcludedDNSDomains,
 			consts.FieldPermittedIPRanges,

diff --git a/vault/resource_pki_secret_backend_root_cert_test.go b/vault/resource_pki_secret_backend_root_cert_test.go
@@ -50,10 +50,10 @@ func TestPkiSecretBackendRootCertificate_basic(t *testing.T) {
 // TestPkiSecretBackendRootCertificate_name_constraints is just like TestPkiSecretBackendRootCertificate_basic,
 // but it uses the permitted_/excluded_ parameters for the name constraints extension.
 func TestPkiSecretBackendRootCertificate_name_constraints(t *testing.T) {
-	meta := testProvider.Meta().(*provider.ProviderMeta)
-	if !meta.IsAPISupported(provider.VaultVersion119) {
-		t.Skip("requires Vault 1.19+")
-	}
+	//meta := testProvider.Meta().(*provider.ProviderMeta)
+	//if !meta.IsAPISupported(provider.VaultVersion119) {
+	//	t.Skip("requires Vault 1.19+")
+	//} // FIXME(victorr): DO NOT COMMIT
 
 	path := "pki-" + strconv.Itoa(acctest.RandInt())
 	config := testPkiSecretBackendRootCertificateConfig_name_constraints(path)
@@ -155,6 +155,8 @@ func checkCertificateNameConstraints(resourceName string, s *terraform.State) er
 	check(consts.FieldPermittedURIDomains, cert.PermittedURIDomains, "https://example.com", "https://www.example.com")
 	check(consts.FieldExcludedURIDomains, cert.ExcludedURIDomains, "ftp://example.com")
 
+	failedChecks = append(failedChecks, errors.New("REALITY CHECK: TEST IS RUNNING"))
+
 	return errors.Join(failedChecks...)
 }
 

diff --git a/vault/resource_pki_secret_backend_root_sign_intermediate.go b/vault/resource_pki_secret_backend_root_sign_intermediate.go
@@ -328,7 +328,7 @@ func pkiSecretBackendRootSignIntermediateCreate(ctx context.Context, d *schema.R
 	// Whether name constraints fields (other than permitted_dns_domains), are supproted,
 	// See VAULT-32141.
 	isNameConstraintsExtensionSupported := provider.IsAPISupported(meta, provider.VaultVersion119)
-	if isNameConstraintsExtensionSupported {
+	if isNameConstraintsExtensionSupported || true { // FIXME(victorr): remove dev workaround
 		intermediateSignStringArrayFields = append(intermediateSignStringArrayFields,
 			consts.FieldExcludedDNSDomains,
 			consts.FieldPermittedIPRanges,

diff --git a/vault/resource_pki_secret_backend_root_sign_intermediate_test.go b/vault/resource_pki_secret_backend_root_sign_intermediate_test.go
@@ -215,10 +215,10 @@ func TestPkiSecretBackendRootSignIntermediate_basic_pem_bundle(t *testing.T) {
 }
 
 func TestPkiSecretBackendRootSignIntermediate_name_constraints_pem_bundle(t *testing.T) {
-	meta := testProvider.Meta().(*provider.ProviderMeta)
-	if !meta.IsAPISupported(provider.VaultVersion119) {
-		t.Skip("requires Vault 1.19+")
-	}
+	//meta := testProvider.Meta().(*provider.ProviderMeta)
+	//if !meta.IsAPISupported(provider.VaultVersion119) {
+	//	t.Skip("requires Vault 1.19+")
+	//} // FIXME(victorr): DO NOT COMMIT
 
 	rootPath := "pki-root-" + strconv.Itoa(acctest.RandInt())
 	intermediatePath := "pki-intermediate-" + strconv.Itoa(acctest.RandInt())