Skip to content

VAULT-37696: vault_plugin support for enterprise plugins#2707

Open
chpag wants to merge 11 commits intomainfrom
vault-37696-vault-enterprise-plugin
Open

VAULT-37696: vault_plugin support for enterprise plugins#2707
chpag wants to merge 11 commits intomainfrom
vault-37696-vault-enterprise-plugin

Conversation

@chpag
Copy link
Contributor

@chpag chpag commented Dec 16, 2025
edited
Loading

Description

This PR allow to use vault_plugin ressource for Vault Enteprise Plugin
As the sha should not be defined for enterprise plugin, it has been changed from mandatory to Optionnal
An additionnal check has been added in CustomzeDiff to add sha has mandatory if plugin version not ending with "+ent"

pluginIDRegex Regular Expression has been updated to allow "+" character in the version to allow "+ent"

when plugin is Enterprise, exclude sha from the attrbute retrievec by pluginRead(), so there is no mismatch between what is defined in the hcl code and what is put on the state file

Closes #2518

Checklist

  • Added CHANGELOG entry (only for user-facing changes)
  • Acceptance tests where run against all supported Vault Versions

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccXXX'

...

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

PCI review checklist

  • I have documented a clear reason for, and description of, the change I am making.

  • If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

  • If applicable, I've documented the impact of any changes to security controls.

    Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

@chpag
Fix plugin ent (#2706)
5662927 
* modified:   vault/resource_plugin.go
	modified:   vault/resource_plugin_test.go

* modified:   vault/resource_plugin_test.go
@chpag chpag requested review from a team as code owners December 16, 2025 11:35
@chpag chpag requested a review from roh-a December 16, 2025 11:35
@chpag chpag changed the title Fix plugin ent (#2706) VAULT-37696 (v2): vault_plugin support for enterprise plugins Dec 16, 2025
@chpag chpag changed the title VAULT-37696 (v2): vault_plugin support for enterprise plugins VAULT-37696: vault_plugin support for enterprise plugins Jan 6, 2026
siyer-corp
siyer-corp reviewed Jan 8, 2026
View reviewed changes
siyer-corp
siyer-corp reviewed Jan 8, 2026
View reviewed changes
fairclothjm
fairclothjm reviewed Feb 2, 2026
View reviewed changes
Copy link
Collaborator

@fairclothjm fairclothjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Can we also update the docs page since sha is not required except for CE plugins? https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/plugin#sha256-1

@chpag
Copy link
Contributor Author

chpag commented Feb 3, 2026

@fairclothjm : Doc has been updated to mark sha256 field as Optional, but still required for non-enteprise plugin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fairclothjm fairclothjm fairclothjm left review comments

@siyer-corp siyer-corp siyer-corp left review comments

@roh-a roh-a Awaiting requested review from roh-a roh-a is a code owner automatically assigned from hashicorp/vault

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Enhancement]: vault_plugin support for enterprise plugins

3 participants

@chpag @fairclothjm @siyer-corp