terraform-provider-vault icon indicating copy to clipboard operation
terraform-provider-vault copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[terraform-provider-vault] Connection to Vault Using OIDC

Open etiennejournet opened this issue 4 years ago • 9 comments

Hi,

Sorry if this has been answered earlier.

Is there a way that I could configure my provider vault to use OIDC authentification ? Such as this (doesn't work) :

provider "vault" {
  version = "=2.12"
  address = "https://vault.${terraform.workspace}.mydomain.fr"
  auth_login {
    path        = "auth/oidc/login/"
    parameters  = {
      role  = "admin"
    }
  }
}

Thanks,

etiennejournet avatar Aug 05 '20 08:08 etiennejournet

bump

etiennejournet avatar Aug 25 '20 15:08 etiennejournet

I hadn't found any. I just created a wrapper script that'd run the vault login before running terraform.

sidewinder12s avatar Oct 14 '20 22:10 sidewinder12s

FWIW, the closest to vault login -method=oidc -path=auth0-oidc I got with the provider was this configuration:

provider "vault" {
  address = local.vault_address
  auth_login {
    path = "/auth/auth0-oidc/oidc/auth_url"
    parameters = {
      "redirect_uri" = "http://localhost:8250/oidc/callback"
    }
  }
}

But it then crashes the provider:

panic: runtime error: invalid memory address or nil pointer dereference
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0xf4083b]
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: goroutine 53 [running]:
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: github.com/terraform-providers/terraform-provider-vault/vault.providerConfigure(0xc00049e230, 0x0, 0xc00000c660, 0xc00049e230, 0x0)
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:        /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-vault/vault/provider.go:708 +0x91b
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Provider).Configure(0xc0001f9a00, 0xc00007ff80, 0x116e660, 0xc00007fdd0)
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:        /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/schema/provider.go:275 +0xf6
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).Configure(0xc00018e7a0, 0x15d8720, 0xc00007ef30, 0xc0006ac340, 0xc00018e7a0, 0xc00007ef30, 0xc000353a48)
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:        /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin/grpc_provider.go:487 +0x2e6
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_Configure_Handler(0x12c8560, 0xc00018e7a0, 0x15d8720, 0xc00007ef30, 0xc000191020, 0x0, 0x15d8720, 0xc00007ef30, 0xc0001ac840, 0x144)
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:        /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-vault/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5/tfplugin5.pb.go:3135 +0x217
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: google.golang.org/grpc.(*Server).processUnaryRPC(0xc0004ae160, 0x15e4c80, 0xc000683b00, 0xc00021a400, 0xc00007e720, 0x1ec1078, 0x0, 0x0, 0x0)
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:        /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-vault/vendor/google.golang.org/grpc/server.go:995 +0x460
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: google.golang.org/grpc.(*Server).handleStream(0xc0004ae160, 0x15e4c80, 0xc000683b00, 0xc00021a400, 0x0)
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:        /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-vault/vendor/google.golang.org/grpc/server.go:1275 +0xd3d
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0006a8140, 0xc0004ae160, 0x15e4c80, 0xc000683b00, 0xc00021a400)
2020-09-09T09:17:53.172+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:        /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-vault/vendor/google.golang.org/grpc/server.go:710 +0xa1
2020-09-09T09:17:53.173+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4: created by google.golang.org/grpc.(*Server).serveStreams.func1
2020-09-09T09:17:53.173+0200 [DEBUG] plugin.terraform-provider-vault_v2.13.0_x4:        /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-vault/vendor/google.golang.org/grpc/server.go:708 +0xa1
2020-09-09T09:17:53.175+0200 [DEBUG] plugin: plugin process exited: path=.terraform/plugins/registry.terraform.io/hashicorp/vault/2.13.0/linux_amd64/terraform-provider-vault_v2.13.0_x4 pid=3587515 error="exit status 2"
2020/09/09 09:17:53 [ERROR] eval: *terraform.EvalConfigProvider, err: rpc error: code = Unavailable desc = transport is closing
2020/09/09 09:17:53 [ERROR] eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020/09/09 09:17:53 [ERROR] eval: *terraform.EvalOpFilter, err: rpc error: code = Unavailable desc = transport is closing
2020/09/09 09:17:53 [ERROR] eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020/09/09 09:17:53 [TRACE] [walkRefresh] Exiting eval tree: provider["registry.terraform.io/hashicorp/vault"]

Which I believe is caused by the lack of OIDC url handling in the provider.

pdecat avatar Oct 15 '20 07:10 pdecat

Just to add that we would also really benefit from this

ahackettboyle avatar May 20 '21 11:05 ahackettboyle

Bump!

sam-mundle avatar Jan 14 '22 16:01 sam-mundle

bump

zikphil avatar Apr 12 '22 14:04 zikphil

bump

SoulKyu avatar Jun 03 '22 15:06 SoulKyu

bump (needs this too)

eliebou avatar Jun 07 '22 16:06 eliebou

Hi Folks,

This work is planned to take place during Vault 1.12 release time frame. So it should be done some time before the beginning of October. This is part of broader initiative to fix up most auth/login issues across the board.

Thanks,

Ben

benashz avatar Jun 08 '22 18:06 benashz

Closed with #1615

benashz avatar Sep 26 '22 19:09 benashz