From 02066981db8d34b275e4820f5477999aa8e191c4 Mon Sep 17 00:00:00 2001 From: Helen Fu <25168806+helenfufu@users.noreply.github.com> Date: Tue, 19 Nov 2024 16:45:28 -0800 Subject: [PATCH] only support external_id on vault versions >= 1.17 external_id support for aws auth sts configuration added in 1.17.0: https://github.com/hashicorp/vault/pull/26628 --- vault/resource_aws_auth_backend_sts_role.go | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/vault/resource_aws_auth_backend_sts_role.go b/vault/resource_aws_auth_backend_sts_role.go index 518c9f95e..0979259af 100644 --- a/vault/resource_aws_auth_backend_sts_role.go +++ b/vault/resource_aws_auth_backend_sts_role.go @@ -76,8 +76,11 @@ func awsAuthBackendSTSRoleCreate(d *schema.ResourceData, meta interface{}) error path := awsAuthBackendSTSRolePath(backend, accountID) data := map[string]interface{}{ - "sts_role": stsRole, - consts.FieldExternalID: externalID, + "sts_role": stsRole, + } + + if provider.IsAPISupported(meta, provider.VaultVersion117) { + data[consts.FieldExternalID] = externalID } log.Printf("[DEBUG] Writing STS role %q to AWS auth backend", path) @@ -128,8 +131,10 @@ func awsAuthBackendSTSRoleRead(d *schema.ResourceData, meta interface{}) error { d.Set("account_id", accountID) d.Set("sts_role", resp.Data["sts_role"]) - if v, ok := resp.Data[consts.FieldExternalID]; ok { - d.Set(consts.FieldExternalID, v) + if provider.IsAPISupported(meta, provider.VaultVersion117) { + if v, ok := resp.Data[consts.FieldExternalID]; ok { + d.Set(consts.FieldExternalID, v) + } } return nil @@ -147,8 +152,11 @@ func awsAuthBackendSTSRoleUpdate(d *schema.ResourceData, meta interface{}) error path := d.Id() data := map[string]interface{}{ - "sts_role": stsRole, - consts.FieldExternalID: externalID, + "sts_role": stsRole, + } + + if provider.IsAPISupported(meta, provider.VaultVersion117) { + data[consts.FieldExternalID] = externalID } log.Printf("[DEBUG] Updating STS role %q in AWS auth backend", path)