terraform-provider-vault icon indicating copy to clipboard operation
terraform-provider-vault copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[Enhancement]: vault_auth_backend tune should support user lockout config

Open pieter-lautus opened this issue 1 year ago • 0 comments

Description

The vault_auth_backend resource does not support tuning the user-lockout-threshold, user-lockout-duration, user-lockout-disabled and related settings. It should.

For example, we needed to disable user lockout because our CI server occasionally builds images for container with broken auto-auth configurations. This causes unwanted knock-on effects where perfectly find vault-agent configs fail to auto-auth because our server has recently been hit too many times by broken work-in-progress vault-agent configs.

Affected Resource(s) and/or Data Source(s)

vault_auth_backend

Potential Terraform Configuration

resource "vault_auth_backend" "approle" {
  type        = "approle"
  path        = "approle"
  description = "Allows our apps to authenticate with Vault"

  tune {
    user_lockout_config = {
      lockout_disable = true
    }
  }
}

References

https://developer.hashicorp.com/vault/docs/commands/auth/tune#enable-user-lockout https://developer.hashicorp.com/vault/api-docs/system/auth#user_lockout_config

Would you like to implement a fix?

None

pieter-lautus avatar Dec 13 '23 11:12 pieter-lautus