From d479c4f5d23d03c426d0b04be07dafbc8115dd46 Mon Sep 17 00:00:00 2001
From: Yorick Gersie <6005868+ygersie@users.noreply.github.com>
Date: Mon, 24 Jul 2023 10:13:19 +0200
Subject: [PATCH] prepared query: add missing RemoveEmptyTag and Name should be
 optional (#312)

  * The Name field of the JSON payload should be optional, see:
    https://www.consul.io/api-docs/query#name
  * Add missing https://www.consul.io/api-docs/query#removeemptytags
---
 consul/resource_consul_prepared_query.go      | 15 ++++--
 consul/resource_consul_prepared_query_test.go |  6 ++-
 docs/resources/certificate_authority.md       | 37 ++++++++++++++
 docs/resources/config_entry.md                |  2 +-
 docs/resources/prepared_query.md              |  4 ++
 templates/resources/config_entry.md           | 48 +++++++++++++++++++
 6 files changed, 105 insertions(+), 7 deletions(-)

diff --git a/consul/resource_consul_prepared_query.go b/consul/resource_consul_prepared_query.go
index 52072b71..55228ad6 100644
--- a/consul/resource_consul_prepared_query.go
+++ b/consul/resource_consul_prepared_query.go
@@ -186,6 +186,11 @@ Managing prepared queries is done using Consul's REST API. This resource is usef
 							Required:    true,
 							Description: "The regular expression to match with. When using `name_prefix_match`, this regex is applied against the query name.",
 						},
+						"remove_empty_tags": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Description: "If set to true, will cause the tags list inside the service structure to be stripped of any empty strings.",
+						},
 					},
 				},
 			},
@@ -295,8 +300,9 @@ func resourceConsulPreparedQueryRead(d *schema.ResourceData, meta interface{}) e
 
 	if userWroteTemplate || pq.Template.Type != "" {
 		template = append(template, map[string]interface{}{
-			"type":   pq.Template.Type,
-			"regexp": pq.Template.Regexp,
+			"type":              pq.Template.Type,
+			"regexp":            pq.Template.Regexp,
+			"remove_empty_tags": pq.Template.RemoveEmptyTags,
 		})
 	}
 	sw.set("template", template)
@@ -377,8 +383,9 @@ func preparedQueryDefinitionFromResourceData(d *schema.ResourceData) *consulapi.
 
 	if _, ok := d.GetOk("template.0"); ok {
 		pq.Template = consulapi.QueryTemplate{
-			Type:   d.Get("template.0.type").(string),
-			Regexp: d.Get("template.0.regexp").(string),
+			Type:            d.Get("template.0.type").(string),
+			Regexp:          d.Get("template.0.regexp").(string),
+			RemoveEmptyTags: d.Get("template.0.remove_empty_tags").(bool),
 		}
 	}
 
diff --git a/consul/resource_consul_prepared_query_test.go b/consul/resource_consul_prepared_query_test.go
index 63235cfc..1a2ac885 100644
--- a/consul/resource_consul_prepared_query_test.go
+++ b/consul/resource_consul_prepared_query_test.go
@@ -36,6 +36,7 @@ func TestAccConsulPreparedQuery_basic(t *testing.T) {
 					resource.TestCheckResourceAttr("consul_prepared_query.foo", "failover.0.datacenters.#", "2"),
 					resource.TestCheckResourceAttr("consul_prepared_query.foo", "template.0.type", "name_prefix_match"),
 					resource.TestCheckResourceAttr("consul_prepared_query.foo", "template.0.regexp", "hello"),
+					resource.TestCheckResourceAttr("consul_prepared_query.foo", "template.0.remove_empty_tags", "true"),
 					resource.TestCheckResourceAttr("consul_prepared_query.foo", "dns.0.ttl", "8m"),
 				),
 			},
@@ -305,8 +306,9 @@ resource "consul_prepared_query" "foo" {
 	}
 
 	template {
-		type = "name_prefix_match"
-		regexp = "hello"
+		type              = "name_prefix_match"
+		regexp            = "hello"
+		remove_empty_tags = true
 	}
 
 	dns {
diff --git a/docs/resources/certificate_authority.md b/docs/resources/certificate_authority.md
index 18a0e590..16a5b08b 100644
--- a/docs/resources/certificate_authority.md
+++ b/docs/resources/certificate_authority.md
@@ -13,7 +13,44 @@ The `consul_certificate_authority` resource can be used to manage the configurat
 
 -> **Note:** The keys in the `config` argument must be using Camel case.
 
+## Example Usage
 
+```terraform
+# Using the built-in CA with specific TTL
+resource "consul_certificate_authority" "connect" {
+  connect_provider = "consul"
+
+  config_json = jsondecode({
+    LeafCertTTL         = "24h"
+    RotationPeriod      = "2160h"
+    IntermediateCertTTL = "8760h"
+  })
+}
+
+
+# Using Vault to manage and sign certificates
+resource "consul_certificate_authority" "connect" {
+  connect_provider = "vault"
+
+  config_json = jsonencode({
+    Address             = "http://localhost:8200"
+    Token               = "..."
+    RootPKIPath         = "connect-root"
+    IntermediatePKIPath = "connect-intermediate"
+  })
+}
+
+
+# Using the AWS Certificate Manager Private Certificate Authority
+#  * https://aws.amazon.com/certificate-manager/private-certificate-authority/
+resource "consul_certificate_authority" "connect" {
+  connect_provider = "aws-pca"
+
+  config_json = jsonencode({
+    ExistingARN = "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-123456789012"
+  })
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
diff --git a/docs/resources/config_entry.md b/docs/resources/config_entry.md
index e89573fa..aed07d70 100644
--- a/docs/resources/config_entry.md
+++ b/docs/resources/config_entry.md
@@ -281,7 +281,7 @@ resource "consul_config_entry" "mesh" {
 resource "consul_config_entry" "jwt_provider" {
   name = "provider-name"
   kind = "jwt-provider"
-  
+
   config_json = jsonencode({
     Issuer = "https://your.issuer.com"
     JSONWebKeySet = {
diff --git a/docs/resources/prepared_query.md b/docs/resources/prepared_query.md
index 5cf222a2..04cc2ee5 100644
--- a/docs/resources/prepared_query.md
+++ b/docs/resources/prepared_query.md
@@ -134,6 +134,10 @@ Required:
 - `regexp` (String) The regular expression to match with. When using `name_prefix_match`, this regex is applied against the query name.
 - `type` (String) The type of template matching to perform. Currently only `name_prefix_match` is supported.
 
+Optional:
+
+- `remove_empty_tags` (Boolean) If set to true, will cause the tags list inside the service structure to be stripped of any empty strings.
+
 ## Import
 
 Import is supported using the following syntax:
diff --git a/templates/resources/config_entry.md b/templates/resources/config_entry.md
index 642d9674..aed07d70 100644
--- a/templates/resources/config_entry.md
+++ b/templates/resources/config_entry.md
@@ -171,6 +171,24 @@ resource "consul_config_entry" "sd" {
   })
 }
 
+resource "consul_config_entry" "jwt_provider" {
+	name = "test-provider"
+	kind = "jwt-provider"
+
+	config_json = jsonencode({
+		Issuer = "test-issuer"
+		JSONWebKeySet = {
+			Remote = {
+				URI = "https://127.0.0.1:9091"
+				FetchAsynchronously = true
+			}
+		}
+		Forwarding = {
+			HeaderName = "test-token"
+		}
+	})
+}
+
 resource "consul_config_entry" "service_intentions" {
   name = consul_config_entry.sd.name
   kind = "service-intentions"
@@ -186,6 +204,13 @@ resource "consul_config_entry" "service_intentions" {
               Methods   = ["GET", "HEAD"]
               PathExact = "/healtz"
             }
+            JWT = {
+              Providers = [
+                {
+                  Name = consul_config_entry.jwt_provider.name
+                }
+              ]
+            }
           }
         ]
         Precedence = 9
@@ -250,6 +275,29 @@ resource "consul_config_entry" "mesh" {
 }
 ```
 
+### `jwt-provider` config entry
+
+```hcl
+resource "consul_config_entry" "jwt_provider" {
+  name = "provider-name"
+  kind = "jwt-provider"
+
+  config_json = jsonencode({
+    Issuer = "https://your.issuer.com"
+    JSONWebKeySet = {
+      Remote = {
+        URI = "https://your-remote.jwks.com"
+        FetchAsynchronously = true
+        CacheDuration = "10s"
+      }
+    }
+    Forwarding = {
+      HeaderName = "test-token"
+    }
+  })
+}
+```
+
 
 ## Argument Reference