search

aminueza / terraform-provider-minio

Terraform provider for managing MinIO S3 buckets and IAM Users.
https://registry.terraform.io/providers/aminueza/minio
GNU Affero General Public License v3.0
233 stars 69 forks source link

Allow STS credentials instead of username/password #551

Open jamie-pate opened 9 months ago

jamie-pate commented 9 months ago

Description

When working with terraform it's best practice to generate temporary credentials instead of username/password or other long term credentials.

This is possible with the minio AssumeRoleWithWebIdentity api using this example but it doesn't seem like this provider supports the username+secret+token authentication parameters that would make it work.

Steps to Reproduce

  1. Set up the example to obtain AccessKeyId,SecretAccessKey,SessionToken from the AssumeRoleWithWebIdentity api.
  2. Obtain these credentials
  3. Try to put them into the provider as $MINIO_USERNAME and $MINIO_PASSWORD but there's no way to do that.

Expected behavior: [What you expect to happen] Ideally there would be a third $MINIO_SESSION_TOKEN parameter. (minio_session_token in the provider config) that would allow these credentials to work using STS

Actual behavior: [What actually happens] There doesn't appear to be a way to enter the session token

Reproduces how often: [What percentage of the time does it reproduce?] 100%

Versions

Terraform v1.6.5 on linux_amd64

jamie-pate commented 9 months ago

Looking at the source code this may just be an undocumented feature: https://github.com/aminueza/terraform-provider-minio/blob/main/minio/provider.go#L72