hashicorp · maxcoulombe · Dec 13, 2024 · Dec 11, 2024 · Dec 11, 2024 · Dec 11, 2024
@@ -0,0 +1,13 @@
+```release-note:deprecation
+the following resources are deprecated:
+  - `hcp_vault_secrets_integration_aws`
+  - `hcp_vault_secrets_integration_azure`
+  - `hcp_vault_secrets_integration_confluent`
+  - `hcp_vault_secrets_integration_gcp`
+  - `hcp_vault_secrets_integration_mongodbatlas`
+  - 'hcp_vault_secrets_integration_twilio'
+```
+
+```release-note:feature
+add 'hcp_vault_secrets_integration' resource as a replacement for the provider-specific resources
+```
@@ -0,0 +1,224 @@
+---
+page_title: "Resource hcp_vault_secrets_integration"
+subcategory: "HCP Vault Secrets"
+description: |-
+  The Vault Secrets integration resource manages an integration.
+---
+
+# hcp_vault_secrets_integration (Resource)
+
+The Vault Secrets integration resource manages an integration.
+
+## Example Usage
+
+```terraform
+// AWS
+resource "hcp_vault_secrets_integration" "example_aws_federated_identity" {
+  name          = "my-aws-1"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "aws"
+  aws_federated_workload_identity = {
+    audience = "<audience>>"
+    role_arn = "<role-arn>"
+  }
+}
+
+resource "hcp_vault_secrets_integration" "example_aws_access_keys" {
+  name          = "my-aws-2"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "aws"
+  aws_access_keys = {
+    access_key_id     = "<access-key-id>"
+    secret_access_key = "<secret-access-key>"
+  }
+}
+
+// Confluent
+resource "hcp_vault_secrets_integration" "example_confluent" {
+  name          = "my-confluent-1"
+  capabilities  = ["ROTATION"]
+  provider_type = "confluent"
+  confluent_static_credentials = {
+    cloud_api_key_id = "<cloud-api-key-id>"
+    cloud_api_secret = "<cloud-api-secret>"
+  }
+}
+
+// GCP
+resource "hcp_vault_secrets_integration" "example_gcp_json_service_account_key" {
+  name          = "my-gcp-1"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "gcp"
+  gcp_service_account_key = {
+    credentials = file("${path.module}/my-service-account-key.json")
+  }
+}
+
+resource "hcp_vault_secrets_integration" "example_gcp_base64_service_account_key" {
+  name          = "my-gcp-2"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "gcp"
+  gcp_service_account_key = {
+    credentials = filebase64("${path.module}/my-service-account-key.json")
+  }
+}
+
+resource "hcp_vault_secrets_integration" "example_gcp_federated_identity" {
+  name          = "my-gcp-3"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "gcp"
+  gcp_federated_workload_identity = {
+    service_account_email = "<service-account-email>"
+    audience              = "<audience>"
+  }
+}
+
+// MongoDB-Atlas
+resource "hcp_vault_secrets_integration" "example_mongodb_atlas" {
+  name          = "my-mongodb-1"
+  capabilities  = ["ROTATION"]
+  provider_type = "mongodb-atlas"
+  mongodb_atlas_static_credentials = {
+    api_public_key  = "<api-public-key>"
+    api_private_key = "<api-private-key>"
+  }
+}
+
+// Twilio
+resource "hcp_vault_secrets_integration" "example_twilio" {
+  name          = "my-twilio-1"
+  capabilities  = ["ROTATION"]
+  provider_type = "twilio"
+  twilio_static_credentials = {
+    account_sid    = "<account-sid>"
+    api_key_secret = "<api-key-secret>"
+    api_key_sid    = "<api-key-sid>"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `capabilities` (Set of String) Capabilities enabled for the integration. See the Vault Secrets documentation for the list of supported capabilities per provider.
+- `name` (String) The Vault Secrets integration name.
+- `provider_type` (String) The provider or 3rd party platform the integration is for.
+
+### Optional
+
+- `aws_access_keys` (Attributes) AWS IAM key pair used to authenticate against the target AWS account. Cannot be used with `federated_workload_identity`. (see [below for nested schema](#nestedatt--aws_access_keys))
+- `aws_federated_workload_identity` (Attributes) (Recommended) Federated identity configuration to authenticate against the target AWS account. Cannot be used with `access_keys`. (see [below for nested schema](#nestedatt--aws_federated_workload_identity))
+- `azure_client_secret` (Attributes) Azure client secret used to authenticate against the target Azure application. Cannot be used with `federated_workload_identity`. (see [below for nested schema](#nestedatt--azure_client_secret))
+- `azure_federated_workload_identity` (Attributes) (Recommended) Federated identity configuration to authenticate against the target Azure application. Cannot be used with `client_secret`. (see [below for nested schema](#nestedatt--azure_federated_workload_identity))
+- `confluent_static_credentials` (Attributes) Confluent API key used to authenticate for cloud apis. (see [below for nested schema](#nestedatt--confluent_static_credentials))
+- `gcp_federated_workload_identity` (Attributes) (Recommended) Federated identity configuration to authenticate against the target GCP project. Cannot be used with `service_account_key`. (see [below for nested schema](#nestedatt--gcp_federated_workload_identity))
+- `gcp_service_account_key` (Attributes) GCP service account key used to authenticate against the target GCP project. Cannot be used with `federated_workload_identity`. (see [below for nested schema](#nestedatt--gcp_service_account_key))
+- `mongodb_atlas_static_credentials` (Attributes) MongoDB Atlas API key used to authenticate against the target project. (see [below for nested schema](#nestedatt--mongodb_atlas_static_credentials))
+- `project_id` (String) HCP project ID that owns the HCP Vault Secrets integration. Inferred from the provider configuration if omitted.
+- `twilio_static_credentials` (Attributes) Twilio API key parts used to authenticate against the target Twilio account. (see [below for nested schema](#nestedatt--twilio_static_credentials))
+
+### Read-Only
+
+- `organization_id` (String) HCP organization ID that owns the HCP Vault Secrets integration.
+- `resource_id` (String) Resource ID used to uniquely identify the integration instance on the HCP platform.
+- `resource_name` (String) Resource name used to uniquely identify the integration instance on the HCP platform.
+
+<a id="nestedatt--aws_access_keys"></a>
+### Nested Schema for `aws_access_keys`
+
+Required:
+
+- `access_key_id` (String) Key ID used with the secret key to authenticate against the target AWS account.
+- `secret_access_key` (String, Sensitive) Secret key used with the key ID to authenticate against the target AWS account.
+
+
+<a id="nestedatt--aws_federated_workload_identity"></a>
+### Nested Schema for `aws_federated_workload_identity`
+
+Required:
+
+- `audience` (String) Audience configured on the AWS IAM identity provider to federate access with HCP.
+- `role_arn` (String) AWS IAM role ARN the integration will assume to carry operations for the appropriate capabilities.
+
+
+<a id="nestedatt--azure_client_secret"></a>
+### Nested Schema for `azure_client_secret`
+
+Required:
+
+- `client_id` (String) Azure client ID corresponding to the Azure application.
+- `client_secret` (String) Secret value corresponding to the Azure client secret.
+- `tenant_id` (String) Azure tenant ID corresponding to the Azure application.
+
+
+<a id="nestedatt--azure_federated_workload_identity"></a>
+### Nested Schema for `azure_federated_workload_identity`
+
+Required:
+
+- `audience` (String) Audience configured on the Azure federated identity credentials to federate access with HCP.
+- `client_id` (String) Azure client ID corresponding to the Azure application.
+- `tenant_id` (String) Azure tenant ID corresponding to the Azure application.
+
+
+<a id="nestedatt--confluent_static_credentials"></a>
+### Nested Schema for `confluent_static_credentials`
+
+Required:
+
+- `cloud_api_key_id` (String) Public key used alongside the private key to authenticate for cloud apis.
+- `cloud_api_secret` (String, Sensitive) Private key used alongside the public key to authenticate for cloud apis.
+
+
+<a id="nestedatt--gcp_federated_workload_identity"></a>
+### Nested Schema for `gcp_federated_workload_identity`
+
+Required:
+
+- `audience` (String) Audience configured on the GCP identity provider to federate access with HCP.
+- `service_account_email` (String) GCP service account email that HVS will impersonate to carry operations for the appropriate capabilities.
+
+
+<a id="nestedatt--gcp_service_account_key"></a>
+### Nested Schema for `gcp_service_account_key`
+
+Required:
+
+- `credentials` (String) JSON or base64 encoded service account key received from GCP.
+
+Read-Only:
+
+- `client_email` (String) Service account email corresponding to the service account key.
+- `project_id` (String) GCP project ID corresponding to the service account key.
+
+
+<a id="nestedatt--mongodb_atlas_static_credentials"></a>
+### Nested Schema for `mongodb_atlas_static_credentials`
+
+Required:
+
+- `api_private_key` (String, Sensitive) Private key used alongside the public key to authenticate against the target project.
+- `api_public_key` (String) Public key used alongside the private key to authenticate against the target project.
+
+
+<a id="nestedatt--twilio_static_credentials"></a>
+### Nested Schema for `twilio_static_credentials`
+
+Required:
+
+- `account_sid` (String) Account SID for the target Twilio account.
+- `api_key_secret` (String, Sensitive) Api key secret used with the api key SID to authenticate against the target Twilio account.
+- `api_key_sid` (String) Api key SID to authenticate against the target Twilio account.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Vault Secrets Integration can be imported by specifying the name of the integration
+# Note that since sensitive information are never returned on the Vault Secrets API,
+# the next plan or apply will show a diff for sensitive fields.
+terraform import hcp_vault_secrets_integration.example my-integration-name
+```
@@ -9,6 +9,8 @@ description: |-
 
 The Vault Secrets AWS integration resource manages an AWS integration.
 
+~> **Note:** This resource is deprecated, please use `hcp_vault_secrets_integration` instead.
+
 ## Example Usage
 
 ```terraform

@@ -9,6 +9,8 @@ description: |-
 
 The Vault Secrets Confluent integration resource manages an Confluent integration.
 
+~> **Note:** This resource is deprecated, please use `hcp_vault_secrets_integration` instead.
+
 ## Example Usage
 
 ```terraform

@@ -9,6 +9,8 @@ description: |-
 
 The Vault Secrets GCP integration resource manages an GCP integration.
 
+~> **Note:** This resource is deprecated, please use `hcp_vault_secrets_integration` instead.
+
 ## Example Usage
 
 ```terraform

@@ -9,6 +9,8 @@ description: |-
 
 The Vault Secrets MongoDB Atlas integration resource manages an MongoDB Atlas integration.
 
+~> **Note:** This resource is deprecated, please use `hcp_vault_secrets_integration` instead.
+
 ## Example Usage
 
 ```terraform

@@ -9,6 +9,8 @@ description: |-
 
 The Vault Secrets Twilio integration resource manages a Twilio integration.
 
+~> **Note:** This resource is deprecated, please use `hcp_vault_secrets_integration` instead.
+
 ## Example Usage
 
 ```terraform

@@ -0,0 +1,4 @@
+# Vault Secrets Integration can be imported by specifying the name of the integration
+# Note that since sensitive information are never returned on the Vault Secrets API,
+# the next plan or apply will show a diff for sensitive fields.
+terraform import hcp_vault_secrets_integration.example my-integration-name
@@ -0,0 +1,83 @@
+// AWS
+resource "hcp_vault_secrets_integration" "example_aws_federated_identity" {
+  name          = "my-aws-1"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "aws"
+  aws_federated_workload_identity = {
+    audience = "<audience>>"
+    role_arn = "<role-arn>"
+  }
+}
+
+resource "hcp_vault_secrets_integration" "example_aws_access_keys" {
+  name          = "my-aws-2"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "aws"
+  aws_access_keys = {
+    access_key_id     = "<access-key-id>"
+    secret_access_key = "<secret-access-key>"
+  }
+}
+
+// Confluent
+resource "hcp_vault_secrets_integration" "example_confluent" {
+  name          = "my-confluent-1"
+  capabilities  = ["ROTATION"]
+  provider_type = "confluent"
+  confluent_static_credentials = {
+    cloud_api_key_id = "<cloud-api-key-id>"
+    cloud_api_secret = "<cloud-api-secret>"
+  }
+}
+
+// GCP
+resource "hcp_vault_secrets_integration" "example_gcp_json_service_account_key" {
+  name          = "my-gcp-1"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "gcp"
+  gcp_service_account_key = {
+    credentials = file("${path.module}/my-service-account-key.json")
+  }
+}
+
+resource "hcp_vault_secrets_integration" "example_gcp_base64_service_account_key" {
+  name          = "my-gcp-2"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "gcp"
+  gcp_service_account_key = {
+    credentials = filebase64("${path.module}/my-service-account-key.json")
+  }
+}
+
+resource "hcp_vault_secrets_integration" "example_gcp_federated_identity" {
+  name          = "my-gcp-3"
+  capabilities  = ["DYNAMIC", "ROTATION"]
+  provider_type = "gcp"
+  gcp_federated_workload_identity = {
+    service_account_email = "<service-account-email>"
+    audience              = "<audience>"
+  }
+}
+
+// MongoDB-Atlas
+resource "hcp_vault_secrets_integration" "example_mongodb_atlas" {
+  name          = "my-mongodb-1"
+  capabilities  = ["ROTATION"]
+  provider_type = "mongodb-atlas"
+  mongodb_atlas_static_credentials = {
+    api_public_key  = "<api-public-key>"
+    api_private_key = "<api-private-key>"
+  }
+}
+
+// Twilio
+resource "hcp_vault_secrets_integration" "example_twilio" {
+  name          = "my-twilio-1"
+  capabilities  = ["ROTATION"]
+  provider_type = "twilio"
+  twilio_static_credentials = {
+    account_sid    = "<account-sid>"
+    api_key_secret = "<api-key-secret>"
+    api_key_sid    = "<api-key-sid>"
+  }
+}
@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/go-version v1.7.0
-	github.com/hashicorp/hcp-sdk-go v0.124.0
+	github.com/hashicorp/hcp-sdk-go v0.126.0
 	github.com/hashicorp/terraform-plugin-docs v0.19.4
 	github.com/hashicorp/terraform-plugin-framework v1.5.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0

@@ -124,8 +124,8 @@ github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC16
 github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA=
 github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI=
 github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
-github.com/hashicorp/hcp-sdk-go v0.124.0 h1:Th4qCAAqlPrC5s2riHnMTsHFIZ5GsFWzK7l2W7vqsN4=
-github.com/hashicorp/hcp-sdk-go v0.124.0/go.mod h1:vQ4fzdL1AmhIAbCw+4zmFe5Hbpajj3NvRWkJoVuxmAk=
+github.com/hashicorp/hcp-sdk-go v0.126.0 h1:/ByCyXaKrwJwK5SMjp/JFK3ZbVqDxEaADQev3t6odI4=
+github.com/hashicorp/hcp-sdk-go v0.126.0/go.mod h1:vQ4fzdL1AmhIAbCw+4zmFe5Hbpajj3NvRWkJoVuxmAk=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ=