Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: vault_token_auth_backend_role does not support token_policies attribute #534

Merged
merged 1 commit into from
Oct 10, 2019
Merged

docs: vault_token_auth_backend_role does not support token_policies attribute #534

merged 1 commit into from
Oct 10, 2019

Conversation

joemiller
Copy link
Contributor

@joemiller joemiller commented Sep 11, 2019
edited
Loading

According to https://www.vaultproject.io/api/auth/token/index.html#create-update-token-role the vault_token_auth_backend_role does not support the new Vault 1.2+ token_policies attribute. Attempting to use this will result in Terraform attempting to re-add this attribute to the resource on every apply.

Users should use allowed_policies attribute instead.

resource "vault_token_auth_backend_role" "gke-foobar" {
   role_name    = "gke-foobari"
   token_period = 259200 # 720h/1month
   renewable    = true
   token_policies   = ["gke-foobar"]
 }
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.vault-common.vault_token_auth_backend_role.gke-foobar will be updated in-place
  ~ resource "vault_token_auth_backend_role" "gke-foobar" {
        disallowed_policies     = []
        id                      = "auth/token/roles/gke-foobar"
        orphan                  = false
        renewable               = true
        role_name               = "gke-foobar"
        token_bound_cidrs       = []
        token_explicit_max_ttl  = 0
        token_max_ttl           = 0
        token_no_default_policy = false
        token_num_uses          = 0
        token_period            = 86400
      ~ token_policies          = [
          + "gke-foobar",
        ]
        token_ttl               = 0
        token_type              = "default-service"
    }

Plan: 0 to add, 1 to change, 0 to destroy.

@joemiller
docs: vault_token_auth_backend_role does not support token_policies a…
bbf2766 
…ttribute

According to https://www.vaultproject.io/api/auth/token/index.html#create-update-token-role the vault_token_auth_backend_role does not support the new Vault 1.2+ `token_policies` attribute. Attempting to use this will result in Terraform attempting to re-add this attribute to the resource on every `apply` invocation.
@joemiller
Copy link
Contributor Author

First mentioned here - #502 (comment)

@kalafut kalafut self-assigned this Sep 24, 2019
@tyrannosaurus-becks tyrannosaurus-becks self-assigned this Oct 9, 2019
@tyrannosaurus-becks
Copy link
Contributor

tyrannosaurus-becks commented Oct 9, 2019
edited
Loading

Hi @joemiller , thanks for catching this and submitting a PR!

In looking at the code, I'm seeing that "token_policies" is still supported in the provider. It's added to the schema within this method.

Most of the time in this repo, code and documentation are added, changed, and removed at the same time. We may want to wait on this one until the documentation change matches the code.

@tyrannosaurus-becks
Copy link
Contributor

Chatted with the team about it more, and we decided to go ahead and move forward with this one. Just wanted to say thank you!

@tyrannosaurus-becks tyrannosaurus-becks merged commit d93160b into hashicorp:master Oct 10, 2019
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
@tyrannosaurus-becks
Merge pull request hashicorp#534 from joemiller/patch-1
8e237d5 
docs: vault_token_auth_backend_role does not support token_policies attribute
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kalafut kalafut

@tyrannosaurus-becks tyrannosaurus-becks

Labels
documentation size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joemiller @tyrannosaurus-becks @kalafut