Feature Request: Include `role_id` in the output for the `vault_gcp_auth_backend_role` resource.

[pratheekrebala]

It would be really helpful if the output from the vault_gcp_auth_backend_role resource could include the role_id of the resource that has been created so that it can be used to create ACL policies or to associate specific roles with a vault_identity_entity resource using vault_identity_entity_alias

This attribute is available in the data_vault_gcp_auth_backend_role but not in the resource_vault_gcp_auth_backend_role object.

Terraform Version

Terraform v1.0.9 Provider version: v2.24.1

Affected Resource(s)

• vault_gcp_auth_backend_role

Expected Behavior

It would be great if the output from vault_gcp_auth_backend_role could also include the role_id of the resource created.

Actual Behavior

The vault_gcp_auth_backend_role does not return any computed attributes in it's output. (It only returns input attributes).

To fetch the role_id of a created role, the current workflow involves an additional call to the data of the vault_gcp_auth_backend_role resource.

Steps to Reproduce

1. Create an instance of the vault_gcp_auth_backend_role resource (e.g. with the name gcp-default)
2. Check the output from the state: terraform state show "vault_gcp_auth_backend_role.gcp-default"
3. The output does not include the role_id

Important Factoids

When using a GCE auth method, the default entity aliases are based on the role_id. Including this in the output would make it easy to customize ACL policies or to associate the given alias with an vault_identity_entity_alias resource.

[christophermaier]

The same situation applies to AWS auth roles, but there isn't even a corresponding data object to retrieve the ID from 😢

[jynolen]

As a workarround you can do this

data "vault_generic_secret" "test" {
  path = vault_gcp_auth_backend_role.test.id
}

Value will be available with data.vault_generic_secret.test.data["role_id"]