Add vault_config_ui_custom_message resource

CHANGELOG.md

@@ -1,8 +1,5 @@
 ## Unreleased
 
-FEATURES:
-* Add new resource `vault_config_ui_custom_message`: ([#2154](https://github.com/hashicorp/terraform-provider-vault/pull/2154)).
-
 BUGS:
 * Handle graceful destruction of resources when approle is deleted out-of-band ([#2142](https://github.com/hashicorp/terraform-provider-vault/pull/2142)).
 
@@ -11,6 +8,7 @@ FEATURES:
 * Add support to `enable_templating` in `vault_pki_secret_backend_config_urls` ([#2147](https://github.com/hashicorp/terraform-provider-vault/pull/2147)).
 * Add support for `skip_import_rotation` and `skip_static_role_import_rotation` in `ldap_secret_backend_static_role` and `ldap_secret_backend` respectively. Requires Vault 1.16+ ([#2128](https://github.com/hashicorp/terraform-provider-vault/pull/2128)).
 * Improve logging to track full API exchanges between the provider and Vault ([#2139](https://github.com/hashicorp/terraform-provider-vault/pull/2139))
+* Add new resource `vault_config_ui_custom_message`. Requires Vault 1.16+ Enterprise: ([#2154](https://github.com/hashicorp/terraform-provider-vault/pull/2154)).
 
 ## 3.25.0 (Feb 14, 2024)
 

vault/resource_config_ui_custom_messages.go → vault/resource_config_ui_custom_message.go

@@ -17,7 +17,7 @@ import (
 
 func configUICustomMessageResource() *schema.Resource {
 	return &schema.Resource{
-		CreateContext: configUICustomMessageCreate,
+		CreateContext: provider.MountCreateContextWrapper(configUICustomMessageCreate, provider.VaultVersion116),
 		ReadContext:   configUICustomMessageRead,
 		UpdateContext: configUICustomMessageUpdate,
 		DeleteContext: configUICustomMessageDelete,
@@ -75,7 +75,7 @@ func configUICustomMessageResource() *schema.Resource {
 			consts.FieldEndTime: {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Description: "The ending time of the active period of the custom message. Can be omitted for non-expiring messages",
+				Description: "The ending time of the active period of the custom message. Can be omitted for non-expiring message",
 			},
 			consts.FieldLink: {
 				Type:     schema.TypeSet,
@@ -107,6 +107,10 @@ func configUICustomMessageResource() *schema.Resource {
 }
 
 func configUICustomMessageCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	if !provider.IsEnterpriseSupported(meta) {
+		return diag.Errorf("config_ui_custom_message is not supported by this version of vault")
+	}
+
 	client, e := provider.GetClient(d, meta)
 	if e != nil {
 		return diag.FromErr(e)
@@ -146,7 +150,9 @@ func configUICustomMessageRead(ctx context.Context, d *schema.ResourceData, meta
 	}
 
 	if secret == nil || secret.Data == nil {
-		return diag.Errorf("response from Vault server is empty")
+		log.Printf("response from Vault server is empty")
+		d.SetId("")
+		return nil
 	}
 
 	secretData := secret.Data

vault/resource_config_ui_custom_messages_test.go → vault/resource_config_ui_custom_message_test.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-provider-vault/internal/consts"
+	"github.com/hashicorp/terraform-provider-vault/internal/provider"
 	"github.com/hashicorp/terraform-provider-vault/testutil"
 )
 
@@ -50,7 +51,10 @@ func TestAccConfigUICustomMessage(t *testing.T) {
 
 	resource.Test(t, resource.TestCase{
 		ProviderFactories: providerFactories,
-		PreCheck:          func() { testutil.TestAccPreCheck(t) },
+		PreCheck: func() {
+			testutil.TestAccPreCheck(t)
+			SkipIfAPIVersionLT(t, testProvider.Meta(), provider.VaultVersion116)
+		},
 		Steps: []resource.TestStep{
 			{
 				Config: testConfigUICustomMessageConfig(false),

website/docs/r/config_ui_custom_messages.html.md

@@ -0,0 +1,69 @@
+---
+layout: "vault"
+page_title: "Vault: vault_config_ui_custom_message resource"
+sidebar_current: "docs-vault-resource-config-ui-custom-message"
+description: |-
+  Manages a UI custom message in Vault.
+---
+
+# vault\_config\_ui\_custom\_message
+
+Manages a UI custom message in Vault. Custom messages are displayed in the Vault UI either on the login page or immediately after succesfully logging in.
+
+## Example Usage
+
+```hcl
+resource "vault_config_ui_custom_message" "maintenance" {
+  title         = "Upcoming maintenance"
+  message       = base64encode("Vault will be offline for planned maintenance on February 1st, 2024 from 05:00Z to 08:00Z")
+  type          = "banner"
+  authenticated = true
+  start_time    = "2024-01-01T00:00:00.000Z"
+  end_time      = "2024-02-01T05:00:00.000Z"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `namespace` - (Optional) The namespace to provision the resource in.
+  The value should not contain leading or trailing forward slashes.
+  The `namespace` is always relative to the provider's configured [namespace](/docs/providers/vault#namespace).
+   *Available only for Vault Enterprise*.
+
+* `title` - (Required) The title of the custom message to create.
+
+* `message` - (Required) The base64-encoded content of the custom message.
+
+* `start_time` - (Required) The time when the custom message begins to be active. This value can be set to a future time, but cannot
+   occur on or after the `end_time` value.
+
+* `authenticated` - (Optional) The value `true` if the custom message is displayed after logins are completed or `false` if they are
+   displayed during the login in the Vault UI. The default value is `true`.
+
+* `type` - (Optional) The presentation type of the custom message. Must be one of the following values: `banner` or `modal`.
+
+* `end_time` - (Optional) The time when the custom message expires. If this value is not specified, the custom message never expires.
+
+* `link` - (Optional) A hyperlink to be included with the message. [See below for more details](#link).
+
+* `options` - (Optional) A map of additional options that can be set on the custom message.
+
+### Link
+
+* `title` - (Required) The hyperlink title that is displayed in the custom message.
+
+* `href` - (Required) The URL set in the hyperlink's href attribute.
+
+## Attributes Reference
+
+No additional attributes are exported by this resource.
+
+## Import
+
+Custom messages can be imported using their `id` e.g.
+
+```
+$ terraform import vault_config_ui_custom_message.maintenance df773ef1-2794-45d3-9e25-bcccffe4dbde
+```

website/vault.erb

@@ -249,6 +249,10 @@
                             <a href="/docs/providers/vault/r/cert_auth_backend_role.html">vault_cert_auth_backend_role</a>
                         </li>
 
+                        <li<%= sidebar_current("docs-vault-resource-config-ui-custom-message") %>>
+                            <a href="/docs/providers/vault/r/config_ui_custom_message.html">vault_config_ui_custom_message</a>
+                        </li>
+
                         <li<%= sidebar_current("docs-vault-resource-consul-secret-backend") %>>
                             <a href="/docs/providers/vault/r/consul_secret_backend.html">vault_consul_secret_backend</a>
                         </li>