[Enhancement]: Support `credential_type` in `vault_terraform_cloud_secret_role` resource

[jamesmbourne]

Description

The credential_type is an important parameter on this resource which Vault allows to be set via the CLI as shown in the docs:

https://developer.hashicorp.com/vault/docs/secrets/terraform

$ vault write terraform/role/team-testing team_id="${TF_TEAM_ID}" credential_type=team description="testing token" ttl=200 max_ttl=600

This allows to swtich between the team and team_legacy token types in particular.

Trying to set a TTL on a team token without being able to set a credential_type results in an error on Vault 1.20.2:

$ vault write terraform/role/test team_id=${TEAM_ID} max_ttl=1h ttl=1h
Error writing data to terraform/role/test: Error making API request.

URL: PUT https://vault.example.com/v1/terraform/role/test
Code: 400. Errors:

* cannot provide description, ttl, or max_ttl with credential_type = team_legacy, try credential_type = team.

The lack of support means it is not possible to use the latest team credential type via the Vault provider.

Affected Resource(s) and/or Data Source(s)

• vault_terraform_cloud_secret_role

Potential Terraform Configuration

resource "vault_terraform_cloud_secret_role" "example" {
  backend         = vault_terraform_cloud_secret_backend.test.backend
  name            = "test-role"
  organization    = "example-organization-name"
  team_id         = "team-ieF4isC..."
  credential_type = "team"
}

References

• Vault Docs: https://developer.hashicorp.com/vault/docs/secrets/terraform

Would you like to implement a fix?

No

[drewmullen]

Theres a PR for this already :/ just waiting on a merge 😭 #2498