terraform-provider-vault icon indicating copy to clipboard operation
terraform-provider-vault copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Add role_id attribute in vault_azure_auth_backend_role resource

Open rv-harsha opened this issue 1 year ago • 4 comments

Is your feature request related to a problem? Please describe. The vault_azure_auth_backend_role resource is not returning the role_id attribute.

 Error: Unsupported attribute
│ 
│   on ../modules/azure-entity-alias/main.tf line 42, in resource "vault_identity_entity_alias" "azure_auth_alias":
│   42:     name             = vault_azure_auth_backend_role.this.role_id
│ 
│ This object has no argument, nested block, or exported attribute named "role_id".
╵

Describe the solution you'd like

  • The vault_azure_auth_backend_role resource should be exporting the role_id or
  • There needs to be a data source to explicitly read the role-id for Azure backend roles. Something similar to that created for GCP: https://registry.terraform.io/providers/hashicorp/vault/latest/docs/data-sources/gcp_auth_backend_role.

Explain any additional use cases We need to associate the entity aliases with the Azure mounts created. To achieve this, we need to read (data block) the role id.

Additional context Add any other context or screenshots about the feature request here.

rv-harsha avatar Feb 20 '24 19:02 rv-harsha

@rv-harsha Hello! I am sorry you are having trouble. Can you try using role?

-name = vault_azure_auth_backend_role.this.role_id
+name = vault_azure_auth_backend_role.this.role

https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/azure_auth_backend_role#role

fairclothjm avatar Feb 20 '24 20:02 fairclothjm

Hi @fairclothjm. This works but this just returns the role name for the Azure backend role that I just created, right? However, we specifically want the retrieve the role_id and map it to an entity alias.

rv-harsha avatar Feb 20 '24 20:02 rv-harsha

The role name is the role's unique identifier. I am not aware of a role_id field returned by the azure auth plugin.

fairclothjm avatar Feb 20 '24 22:02 fairclothjm

Yes. Currently, we have provision to retrieve role ids for AWS and GCP Auth Roles only. We are looking for something similar. Like this one for GCP.

  • https://registry.terraform.io/providers/hashicorp/vault/latest/docs/data-sources/gcp_auth_backend_role

So we don't have this data source for Azure

data "vault_gcp_auth_backend_role" "role" {
  backend   = "my-gcp-backend"
  role_name = "my-role"
}

output "role-id" {
  value = "${data.vault_gcp_auth_backend_role.role.role_id}"
}

rv-harsha avatar Feb 21 '24 19:02 rv-harsha