terraform-provider-vault icon indicating copy to clipboard operation
terraform-provider-vault copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Understanding the deprecation of client_auth argument

Open sebastienbonami opened this issue 2 years ago • 1 comments

Hi, in the docs of the latest version (3.15.2 as of today), we can read the following statement about the client_auth argument:

At present there is little reason to set this, because Terraform does not support the TLS certificate authentication mechanism. *Deprecated, use auth_login_cert instead.

The thing is, I don't see auth_login_cert being an alternative to client_auth so I'm trying to figure this out. auth_login_cert is for presenting a certificate for the cert authentication engine. client_auth is for presenting a certificate for the tcp listener as far as I understand.

Actually, client_auth is certainly needed if the tls_require_and_verify_client_cert parameter of the tcp listener is enabled, and it's not deprecated as far as I know.

So why deprecating the client_auth argument?

Thanks for the help.

sebastienbonami avatar May 04 '23 20:05 sebastienbonami

@sebastienbonami Thanks for reporting! I don't have the context as to why the deprecation was announced. We are going to reevaluate this deprecation. Related to https://github.com/hashicorp/terraform-provider-vault/issues/2130

fairclothjm avatar Jan 29 '24 17:01 fairclothjm