The vault_auth_backend resource does not support tuning the user-lockout-threshold, user-lockout-duration, user-lockout-disabled and related settings. It should.
For example, we needed to disable user lockout because our CI server occasionally builds images for container with broken auto-auth configurations. This causes unwanted knock-on effects where perfectly find vault-agent configs fail to auto-auth because our server has recently been hit too many times by broken work-in-progress vault-agent configs.
Affected Resource(s) and/or Data Source(s)
vault_auth_backend
Potential Terraform Configuration
resource "vault_auth_backend" "approle" {
type = "approle"
path = "approle"
description = "Allows our apps to authenticate with Vault"
tune {
user_lockout_config = {
lockout_disable = true
}
}
}
Description
The vault_auth_backend resource does not support tuning the user-lockout-threshold, user-lockout-duration, user-lockout-disabled and related settings. It should.
For example, we needed to disable user lockout because our CI server occasionally builds images for container with broken auto-auth configurations. This causes unwanted knock-on effects where perfectly find vault-agent configs fail to auto-auth because our server has recently been hit too many times by broken work-in-progress vault-agent configs.
Affected Resource(s) and/or Data Source(s)
vault_auth_backend
Potential Terraform Configuration
References
https://developer.hashicorp.com/vault/docs/commands/auth/tune#enable-user-lockout https://developer.hashicorp.com/vault/api-docs/system/auth#user_lockout_config
Would you like to implement a fix?
None