diff --git a/vault/resource_pki_secret_backend_root_cert.go b/vault/resource_pki_secret_backend_root_cert.go index 104943d2c..fad9bb7a6 100644 --- a/vault/resource_pki_secret_backend_root_cert.go +++ b/vault/resource_pki_secret_backend_root_cert.go @@ -459,7 +459,7 @@ func pkiSecretBackendRootCertCreate(_ context.Context, d *schema.ResourceData, m // Whether name constraints fields (other than permitted_dns_domains), are supproted, // See VAULT-32141. isNameConstraintsExtensionSupported := provider.IsAPISupported(meta, provider.VaultVersion119) - if isNameConstraintsExtensionSupported { + if isNameConstraintsExtensionSupported || true { // FIXME(victorr): remove dev workaround rootCertStringArrayFields = append(rootCertStringArrayFields, consts.FieldExcludedDNSDomains, consts.FieldPermittedIPRanges, diff --git a/vault/resource_pki_secret_backend_root_cert_test.go b/vault/resource_pki_secret_backend_root_cert_test.go index 091c7eeef..460c5e550 100644 --- a/vault/resource_pki_secret_backend_root_cert_test.go +++ b/vault/resource_pki_secret_backend_root_cert_test.go @@ -50,10 +50,10 @@ func TestPkiSecretBackendRootCertificate_basic(t *testing.T) { // TestPkiSecretBackendRootCertificate_name_constraints is just like TestPkiSecretBackendRootCertificate_basic, // but it uses the permitted_/excluded_ parameters for the name constraints extension. func TestPkiSecretBackendRootCertificate_name_constraints(t *testing.T) { - meta := testProvider.Meta().(*provider.ProviderMeta) - if !meta.IsAPISupported(provider.VaultVersion119) { - t.Skip("requires Vault 1.19+") - } + //meta := testProvider.Meta().(*provider.ProviderMeta) + //if !meta.IsAPISupported(provider.VaultVersion119) { + // t.Skip("requires Vault 1.19+") + //} // FIXME(victorr): DO NOT COMMIT path := "pki-" + strconv.Itoa(acctest.RandInt()) config := testPkiSecretBackendRootCertificateConfig_name_constraints(path) @@ -155,6 +155,8 @@ func checkCertificateNameConstraints(resourceName string, s *terraform.State) er check(consts.FieldPermittedURIDomains, cert.PermittedURIDomains, "https://example.com", "https://www.example.com") check(consts.FieldExcludedURIDomains, cert.ExcludedURIDomains, "ftp://example.com") + failedChecks = append(failedChecks, errors.New("REALITY CHECK: TEST IS RUNNING")) + return errors.Join(failedChecks...) } diff --git a/vault/resource_pki_secret_backend_root_sign_intermediate.go b/vault/resource_pki_secret_backend_root_sign_intermediate.go index 5516e8106..593bd7d7d 100644 --- a/vault/resource_pki_secret_backend_root_sign_intermediate.go +++ b/vault/resource_pki_secret_backend_root_sign_intermediate.go @@ -328,7 +328,7 @@ func pkiSecretBackendRootSignIntermediateCreate(ctx context.Context, d *schema.R // Whether name constraints fields (other than permitted_dns_domains), are supproted, // See VAULT-32141. isNameConstraintsExtensionSupported := provider.IsAPISupported(meta, provider.VaultVersion119) - if isNameConstraintsExtensionSupported { + if isNameConstraintsExtensionSupported || true { // FIXME(victorr): remove dev workaround intermediateSignStringArrayFields = append(intermediateSignStringArrayFields, consts.FieldExcludedDNSDomains, consts.FieldPermittedIPRanges, diff --git a/vault/resource_pki_secret_backend_root_sign_intermediate_test.go b/vault/resource_pki_secret_backend_root_sign_intermediate_test.go index 134fa3644..5aaa7347d 100644 --- a/vault/resource_pki_secret_backend_root_sign_intermediate_test.go +++ b/vault/resource_pki_secret_backend_root_sign_intermediate_test.go @@ -215,10 +215,10 @@ func TestPkiSecretBackendRootSignIntermediate_basic_pem_bundle(t *testing.T) { } func TestPkiSecretBackendRootSignIntermediate_name_constraints_pem_bundle(t *testing.T) { - meta := testProvider.Meta().(*provider.ProviderMeta) - if !meta.IsAPISupported(provider.VaultVersion119) { - t.Skip("requires Vault 1.19+") - } + //meta := testProvider.Meta().(*provider.ProviderMeta) + //if !meta.IsAPISupported(provider.VaultVersion119) { + // t.Skip("requires Vault 1.19+") + //} // FIXME(victorr): DO NOT COMMIT rootPath := "pki-root-" + strconv.Itoa(acctest.RandInt()) intermediatePath := "pki-intermediate-" + strconv.Itoa(acctest.RandInt())