search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
341 stars 670 forks source link

ibm_sm_iam_credentials_configuration creates 2 configurations when using s2s auth #5800

Closed alex-reiff closed 2 days ago

alex-reiff commented 3 days ago

Community Note

Description

When attempting to create an IAM credentials engine in secrets manager using s2s auth, both a s2s auth and an API key auth configuration are created.

api_key field is still required and it does a validity check so I can't feed it a bad key to fail the API key configuration.

Terraform CLI and Terraform IBM Provider Version

Terraform v1.9.8
on darwin_arm64
+ provider registry.terraform.io/hashicorp/time v0.12.1
+ provider registry.terraform.io/ibm-cloud/ibm v1.70.0

Affected Resource(s)

Expected Behavior

An IAM credentials engine should be created using service 2 service authorization (because disabled is true).

Actual Behavior

BOTH a service 2 service configuration and an API key configuration are created.

image

Steps to Reproduce

resource "ibm_sm_iam_credentials_configuration" "sm_iam_engine_configuration" {
  instance_id = var.secrets_manager_guid
  region = var.region
  endpoint_type = var.endpoint_type
  name = var.iam_engine_name
  api_key = local.apikey
  disabled = true
}

Important Factoids

References

ocofaigh commented 3 days ago

@haimsch could you help with this one please?

IdanAdar commented 2 days ago

If you want to use IAM authorization for the IAM engine, you only need to configure the authorization using the IBM Cloud IAM provider. With an authorization in place, the IAM engine is essentially now configured, you no longer need to also use the SM provider to "configure the engine". Once the authorization is in place you don't need the API key anylonger. See internal IBM Slack for more about this.