hashicorp · louisruch · Jun 23, 2021 · Jun 1, 2021 · Jun 1, 2021 · Jun 3, 2021
diff --git a/docs/resources/auth_method_oidc.md b/docs/resources/auth_method_oidc.md
@@ -21,9 +21,11 @@ The OIDC auth method resource allows you to configure a Boundary auth_method_oid
 
 ### Optional
 
+- **account_claim_maps** (List of String) Account claim maps for the to_claim of sub.
 - **allowed_audiences** (List of String) Audiences for which the provider responses will be allowed
 - **api_url_prefix** (String) The API prefix to use when generating callback URLs for the provider. Should be set to an address at which the provider can reach back to the controller.
 - **callback_url** (String) The URL that should be provided to the IdP for callbacks.
+- **claims_scopes** (List of String) Claims scopes.
 - **client_id** (String) The client ID assigned to this auth method from the provider.
 - **client_secret** (String) The secret key assigned to this auth method from the provider. Once set, only the hash will be kept and the original value can be removed from configuration.
 - **client_secret_hmac** (String) The HMAC of the client secret returned by the Boundary controller, which is used for comparison after initial setting of the value.

@@ -0,0 +1,73 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "boundary_credential_library_vault Resource - terraform-provider-boundary"
+subcategory: ""
+description: |-
+  The credential library for Vault resource allows you to configure a Boundary credential library for Vault.
+---
+
+# boundary_credential_library_vault (Resource)
+
+The credential library for Vault resource allows you to configure a Boundary credential library for Vault.
+
+## Example Usage
+
+```terraform
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_scope" "project" {
+  name                   = "project_one"
+  description            = "My first scope!"
+  scope_id               = boundary_scope.org.id
+  auto_create_admin_role = true
+}
+
+resource "boundary_credential_store_vault" "example" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
+
+resource "boundary_credential_library_vault" "example" {
+  name                = "vault_library"
+  description         = "My first Vault credential library!"
+  credential_store_id = boundary_credential_store_vault.example.id
+  vault_path          = "database/creds/opened"
+  http_method         = "GET"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **credential_store_id** (String) The ID of the credential store that this library belongs to.
+- **vault_path** (String) The Vault path to query
+
+### Optional
+
+- **description** (String) The Vault credential library description.
+- **http_method** (String) The HTTP method to use when contacting Vault
+- **http_request_body** (String) The raw string to use in HTTP request to Vault
+- **name** (String) The Vault credential library name. Defaults to the resource name.
+
+### Read-Only
+
+- **id** (String) The ID of the Vault credential library.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import boundary_credential_library_vault.foo <my-id>
+```
@@ -0,0 +1,72 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "boundary_credential_store_vault Resource - terraform-provider-boundary"
+subcategory: ""
+description: |-
+  The credential store for Vault resource allows you to configure a Boundary credential store for Vault.
+---
+
+# boundary_credential_store_vault (Resource)
+
+The credential store for Vault resource allows you to configure a Boundary credential store for Vault.
+
+## Example Usage
+
+```terraform
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_scope" "project" {
+  name                   = "project_one"
+  description            = "My first scope!"
+  scope_id               = boundary_scope.org.id
+  auto_create_admin_role = true
+}
+
+resource "boundary_credential_store_vault" "example" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **address** (String) The address to Vault server
+- **scope_id** (String) The scope for this credential store
+- **token** (String) The Vault token
+
+### Optional
+
+- **ca_cert** (String) The Vault CA certificate to use
+- **client_certificate** (String) The Vault client certificate
+- **client_certificate_key** (String) The Vault client certificate key
+- **description** (String) The Vault credential store description.
+- **name** (String) The Vault credential store name. Defaults to the resource name.
+- **namespace** (String) The namespace within Vault to use
+- **tls_server_name** (String) The Vault TLS server name
+- **tls_skip_verify** (Boolean) Whether or not to skip TLS verification
+
+### Read-Only
+
+- **client_certificate_key_hmac** (String) The Vault client certificate key hmac
+- **id** (String) The ID of the Vault credential store.
+- **token_hmac** (String) The Vault token hmac
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import boundary_credential_store_vault.foo <my-id>
+```
@@ -33,6 +33,22 @@ resource "boundary_scope" "project" {
   auto_create_admin_role = true
 }
 
+resource "boundary_credential_store_vault" "foo" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
+
+resource "boundary_credential_library_vault" "foo" {
+  name                = "vault_library"
+  description         = "My first Vault credential library!"
+  credential_store_id = boundary_credential_store_vault.foo.id
+  vault_path          = "database/creds/opened"
+  http_method         = "GET"
+}
+
 resource "boundary_host_catalog" "foo" {
   name        = "test"
   description = "test catalog"
@@ -62,6 +78,10 @@ resource "boundary_host_set" "foo" {
     boundary_host.foo.id,
     boundary_host.bar.id,
   ]
+
+  credential_library_ids = [
+    boundary_credential_library_vault.foo.id
+  ]
 }
 
 resource "boundary_target" "foo" {
@@ -85,6 +105,7 @@ resource "boundary_target" "foo" {
 
 ### Optional
 
+- **credential_library_ids** (Set of String) A list of credential library ID's.
 - **default_port** (Number) The default port for this target.
 - **description** (String) The target description.
 - **host_set_ids** (Set of String) A list of host set ID's.

@@ -0,0 +1 @@
+terraform import boundary_credential_library_vault.foo <my-id>
@@ -0,0 +1,30 @@
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_scope" "project" {
+  name                   = "project_one"
+  description            = "My first scope!"
+  scope_id               = boundary_scope.org.id
+  auto_create_admin_role = true
+}
+
+resource "boundary_credential_store_vault" "example" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
+
+resource "boundary_credential_library_vault" "example" {
+  name                = "vault_library"
+  description         = "My first Vault credential library!"
+  credential_store_id = boundary_credential_store_vault.example.id
+  vault_path          = "database/creds/opened"
+  http_method         = "GET"
+}
@@ -0,0 +1 @@
+terraform import boundary_credential_store_vault.foo <my-id>
@@ -0,0 +1,22 @@
+resource "boundary_scope" "org" {
+  name                     = "organization_one"
+  description              = "My first scope!"
+  scope_id                 = "global"
+  auto_create_admin_role   = true
+  auto_create_default_role = true
+}
+
+resource "boundary_scope" "project" {
+  name                   = "project_one"
+  description            = "My first scope!"
+  scope_id               = boundary_scope.org.id
+  auto_create_admin_role = true
+}
+
+resource "boundary_credential_store_vault" "example" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
@@ -18,6 +18,22 @@ resource "boundary_scope" "project" {
   auto_create_admin_role = true
 }
 
+resource "boundary_credential_store_vault" "foo" {
+  name        = "vault_store"
+  description = "My first Vault credential store!"
+  address     = "http://localhost:55001"
+  token       = "s.0ufRo6XEGU2jOqnIr7OlFYP5"
+  scope_id    = boundary_scope.project.id
+}
+
+resource "boundary_credential_library_vault" "foo" {
+  name                = "vault_library"
+  description         = "My first Vault credential library!"
+  credential_store_id = boundary_credential_store_vault.foo.id
+  vault_path          = "database/creds/opened"
+  http_method         = "GET"
+}
+
 resource "boundary_host_catalog" "foo" {
   name        = "test"
   description = "test catalog"
@@ -47,6 +63,10 @@ resource "boundary_host_set" "foo" {
     boundary_host.foo.id,
     boundary_host.bar.id,
   ]
+
+  credential_library_ids = [
+    boundary_credential_library_vault.foo.id
+  ]
 }
 
 resource "boundary_target" "foo" {

@@ -13,13 +13,11 @@ require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/aliyun/alibaba-cloud-sdk-go v1.61.545 // indirect
 	github.com/aws/aws-sdk-go v1.35.4 // indirect
-	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/circonus-labs/circonusllhist v0.1.4 // indirect
 	github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe // indirect
-	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
 	github.com/golang/snappy v0.0.2 // indirect
-	github.com/hashicorp/boundary v0.2.2
-	github.com/hashicorp/boundary/api v0.0.10
+	github.com/hashicorp/boundary v0.3.1-0.20210612223955-f1a3b414a8ef
+	github.com/hashicorp/boundary/api v0.0.12-0.20210612223955-f1a3b414a8ef
 	github.com/hashicorp/boundary/sdk v0.0.4
 	github.com/hashicorp/cap v0.0.0-20210518163718-e72205e8eaae
 	github.com/hashicorp/go-immutable-radix v1.3.0 // indirect
@@ -33,11 +31,10 @@ require (
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect
-	github.com/pquerna/cachecontrol v0.0.0-20201205024021-ac21108117ac // indirect
 	github.com/prometheus/common v0.14.0 // indirect
 	github.com/prometheus/procfs v0.2.0 // indirect
 	github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c // indirect
+	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
 	google.golang.org/appengine v1.6.7 // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		terraform import boundary_credential_library_vault.foo <my-id>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		terraform import boundary_credential_store_vault.foo <my-id>