Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vault_aws_secret_backend requires AWS keys while they are not #633

Closed
adongy opened this issue Dec 13, 2019 · 0 comments · Fixed by #634
Closed

vault_aws_secret_backend requires AWS keys while they are not #633

adongy opened this issue Dec 13, 2019 · 0 comments · Fixed by #634

Comments

@adongy
Copy link
Contributor

adongy commented Dec 13, 2019

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

Terraform v0.12.18
+ provider.vault v2.7.0

Affected Resource(s)

  • vault_aws_secret_backend

Terraform Configuration Files

resource "vault_aws_secret_backend" "aws" {}

Expected Behavior

Should apply and create a new aws secret backend

Actual Behavior

Error: Missing required argument

  on aws-secret.tf line 10, in resource "vault_aws_secret_backend" "aws":
  10: resource "vault_aws_secret_backend" "aws" {

The argument "secret_key" is required, but no definition was found.


Error: Missing required argument

  on aws-secret.tf line 10, in resource "vault_aws_secret_backend" "aws":
  10: resource "vault_aws_secret_backend" "aws" {

The argument "access_key" is required, but no definition was found.

Steps to Reproduce

terraform plan

Explanation

https://github.com/terraform-providers/terraform-provider-vault/blob/bd8d994d16147ea49d1f2408927773584ea447bf/vault/resource_aws_secret_backend.go#L60-L71

These arguments are marked as required, but the Vault documentation says they are not:

https://www.vaultproject.io/docs/secrets/aws/index.html You can also specify the credentials via the standard AWS environment credentials, shared file credentials, or IAM role/ECS task credentials.

https://github.com/hashicorp/vault/blob/bfb63d7220a67d720634a9c2e1f3aa1d75b9c8ad/builtin/logical/aws/client.go#L58-L69
https://github.com/hashicorp/vault/blob/bfb63d7220a67d720634a9c2e1f3aa1d75b9c8ad/helper/awsutil/generate_credentials.go#L49-L51

Simple fix is to simply drop the requirement.

Thanks!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

aws_secret_backend: credentials are optional adongy/terraform-provider-vault
1 participant
@adongy