search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
458 stars 538 forks source link

[Enhancement]: vault_okta_auth_backend lacks support for configuration tune #2069

Open trodemaster opened 10 months ago

trodemaster commented 10 months ago

Description

We use the vault terraform provider and OKTA extensively. Currently, there is no way to set the OKTA auth method as the default one that users see when they access vault via the web interface via the terraform provider.

Affected Resource(s) and/or Data Source(s)

Potential Terraform Configuration

resource "vault_okta_auth_backend" "bigcustomer" {
  depends_on      = [vault_policy.namespace-management]
  description     = "OKTA + LoginMFA"
  organization    = var.okta_org
  base_url        = var.okta_base_url
  token           = var.okta_token
  max_ttl         = var.okta_ttl
  ttl             = var.okta_ttl
  bypass_okta_mfa = true # we use the LoginMFA instead
  tune = {
    listing_visibility = "unauth"
  }
}

References

See this document for the description of what we need to do. https://support.hashicorp.com/hc/en-us/articles/360001922527-Configuring-a-Default-UI-Auth-Method

Other auth backend providers already have support for tune. https://registry.terraform.io/providers/hashicorp/vault/2.9.0/docs/resources/auth_backend

Somewhat related issue https://github.com/hashicorp/terraform-provider-vault/issues/1353

Would you like to implement a fix?

No

Shocktrooper commented 2 weeks ago

I just ran into this as well