-
Notifications
You must be signed in to change notification settings - Fork 548
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_secret_backend_role: support role_arns argument #407
Conversation
aws_secret_backend_role: support role_arns argument
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@oxlay thanks for working on this!
@@ -70,6 +70,16 @@ func awsSecretBackendRoleResource() *schema.Resource { | |||
Required: true, | |||
Description: "Role credential type.", | |||
}, | |||
"role_arns": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do role_arns
conflict with other fields in practice? The documentation doesn't say it does. Should we remove it from the conflicts with clauses?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
policy_document
apparently does not conflict withrole_arns
(see test using both), so I've removed the ConflictsWith clause for this onepolicy_arns
andpolicy_arn
are only valid whencredential_type
isiam_user
, whilerole_arns
is only valid whencredential_type
isassumed_role
and prohibited otherwise (per the doc), so in practice, they are mutually exclusive- for
policy
, the doc says "cannot be mixed with the parameters listed above", hence theConflictsWith
clause
roleARNs = append(roleARNs, roleIfc.(string)) | ||
} | ||
|
||
if policy == "" && len(policyARNs) == 0 && len(roleARNs) == 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure this check is needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you talking about the whole if { }
or just the && len(roleARNs) == 0
part?
+1 |
Could you please make release out of this change? Desperately need this feature |
+1 |
+1 |
@tyrannosaurus-becks any chance you can take a second look soon? 😄 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Thank you!
aws_secret_backend_role: support role_arns argument
This PR adds support in the provider for the
role_arns
parameter of AWS secret backend roles, added in Vault 0.11.