Reputation: 951
Terraform - Enable OIDC on HashiCorp Vault child namespace
I am able to provision an OIDC auth method on a HashiCorp vault Root namespace, using the below Terraform resource block.
resource "vault_jwt_auth_backend" "oidc" {
description = "Azure Authentication with OIDC"
oidc_discovery_url = "https://login.microsoftonline.com/${var.tenant_id}/v2.0"
path = "oidc"
type = "oidc"
oidc_client_id = var.client_id
oidc_client_secret = var.client_secret
default_role = "reader"
provider_config = {
provider = "azure"
fetch_groups = true
fetch_user_info = true
groups_recurse_max_depth = 1
}
}
Problem is, the OIDC auth method in this instance gets enabled on the Root namespace. What I would however like to do is enable it on a child namespace, which is possible when using the Vault CLI as depicted below.
vault auth enable -namespace=education/training oidc
Is it possible to do something similar in Terraform?
Upvotes: 0
Views: 511
Answers (1)
Reputation: 11
I was able to create that by first terraform importing/creating the namespace with:
resource "vault_namespace" "child_namespace" {
path = "child_namespace"
}
Take into account that in the case of the previous example my root namesapce was declared in my provider.tf file (or environmental variable)
I later called the path of the newly created child namespace in the resource block for the auth method:
(Using your same example)
resource "vault_jwt_auth_backend" "oidc" {
description = "Azure Authentication with OIDC"
oidc_discovery_url = "https://login.microsoftonline.com/${var.tenant_id}/v2.0"
path = "oidc"
type = "oidc"
oidc_client_id = var.client_id
oidc_client_secret = var.client_secret
*namespace = vault_namespace.child_namespace.path*
default_role = "reader"
provider_config = {
provider = "azure"
fetch_groups = true
fetch_user_info = true
groups_recurse_max_depth = 1
}
}
For more information check: Codify Management of Vault Enterprise Using Terraform
Upvotes: 1
Related Questions
- Terraform create a azure key vault
- How to create a Hashicorp Vault user using Terraform
- Terraform - How to grant Azure API Management access to a key vault in a single TF run?
- How or Where Can I Access My Vault OIDC Logs and JWT Claim Metadata
- How to use terraform with hashicorp vault for openstack?
- Hashicorp Terraform - Storing Azure Storage account access key in Azure Key Vault
- OIDC identity provider
- Terraform key vault access policy
- Vault SSH PKI with OIDC - user as SSH principal
- Provider Configuration for vault in terraform