-
Notifications
You must be signed in to change notification settings - Fork 548
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provider config #943
Provider config #943
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
@Gaardsholt How are you using this? According to documentation (https://www.vaultproject.io/docs/auth/jwt_oidc_providers) there are types other than string in the provider_config (see: "fetch_groups" and "fetch_user_info" get boolean values, "groups_recurse_max_depth" gets int value). However, using this, everything gets turned into string which is then not accepted. |
@tx-kstav Ohh.. you are right, I only tested the Azure specific one, which is just a string. |
Personally I would avoid hardcoding the provider_config keys, as it would give us more work to do whenever the config changes. "provider_config": {
Type: schema.TypeMap,
Optional: true,
Description: "Provider specific handling configuration",
}, But I will test it as soon as I get off work :) |
Thank you! I agree with your thought, if that works. I found it difficult to use the updated, local provider with my test, but will try to test too, after work. |
@tx-kstav can you test if it works if you just use strings instead of the correct type, something like this: resource "vault_jwt_auth_backend" "gsuite" {
provider = vault
path = "oidc"
type = "oidc"
provider_config = {
provider = "gsuite"
gsuite_service_account = "/path/to/service-account.json"
gsuite_admin_impersonate = "[email protected]"
fetch_groups = "true"
fetch_user_info = "true"
groups_recurse_max_depth = "5"
user_custom_schemas = "Education,Preferences"
}
} If that works, I will make a new pull request, so you can use the correct types. |
@Gaardsholt unfortunately that is how I found out the issue. String values are not accepted, the correct type is requested for each of the three "problematic" properties. `
` when trying to create a resource as you just wrote. This leads me to believe there is some bug in the provider code, but I haven't had the time to look into it yet. |
Exact output of trying to use strings (or even the correct type): # vault_jwt_auth_backend.this will be created
|
I have been looking a bit at this, and to be honest I don't know what the best way of solving this would be. |
It's ok @Gaardsholt , thanks for taking a look. I opened a new issue, hopefully it will be noticed :) |
* Rush B! * . * Provider config (hashicorp#1) * Rush B! * . * added provider_config to the matchingJwtMountConfigOptions list
This fixes #828