Add auth_backend data source #606
Conversation
ghost
added
adongy
force-pushed
the
adong/add_auth_backend_data_source
branch
from
b49b678 to
3532a2a
Compare
|
Test failures seem unrelated. |
There was a problem hiding this comment.
Hi @adongy , thanks for working on this!
I have a question. I notice that we already have something close to this available as a resource versus a data source. For other data sources, I can more easily see why one would be pulling data from Vault into their Terraform config. Like, for instance, I could see someone using the AWS data source to get an AWS access key and secret for Terraform to use in spinning up infrastructure.
I don't quite imagine the use case for this one. Can you fill me in?
|
Hey @tyrannosaurus-becks, Thanks for the review! My use case is for bootstrapping Vault configuration. In my case, to avoid doing a manual "first time" Terraform configuration with a root token, I run a bootstrap script that registers some basic config. In my case, I register an admin policy, as well as a OIDC mount to allow GSuite admin users to login and get that policy. After that, I can revoke the initial root token, and work from short lived tokens. Through that bootstrap script, the OIDC mount is created, and I'd like to reuse it to allow non-admin users to also login through that auth backend. This config is managed through Vault identities, aliases shenanigans are used so it's a bit more complex. |
…ata_source Add auth_backend data source
Community Note
Add support for querying
vault_auth_backenddata with a datasource.Some resources need the auth backend accessor (e.g. for identity groups). If it's managed outside Terraform, we can query the accessor through this datasource.
Release note for CHANGELOG:
Output from acceptance testing: