This PR adds support for arbitrary auth method tuning, needed in cases where tuning is not supported on the specific auth method resource.
Tuning is supported haphazardly across various resources, whether via dedicated auth method backend resources or the vault_auth_backend resource. Each of these seems to handle tuning differently as well, and in some cases, they do not reconcile changes made outside of the provider (vault_auth_backend simply writes and never reads tuning configuration from Vault). Worse, removing the tuning on those resources only removes the data from Terraform state, and leaves the configuration as-is within Vault.
In addition, none of those tuning methods support user lockout, which this PR adds for supported mount types.
This is a work in progress and feedback is welcome.
Closes #2069
Closes #2115
Closes #2109
Checklist
[ ] Added CHANGELOG entry (only for user-facing changes)
[ ] Acceptance tests where run against all supported Vault Versions
Output from acceptance testing:
Test has not yet been created.
Community Note
Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request
Description
This PR adds support for arbitrary auth method tuning, needed in cases where tuning is not supported on the specific auth method resource.
Tuning is supported haphazardly across various resources, whether via dedicated auth method backend resources or the vault_auth_backend resource. Each of these seems to handle tuning differently as well, and in some cases, they do not reconcile changes made outside of the provider (vault_auth_backend simply writes and never reads tuning configuration from Vault). Worse, removing the tuning on those resources only removes the data from Terraform state, and leaves the configuration as-is within Vault.
In addition, none of those tuning methods support user lockout, which this PR adds for supported mount types.
This is a work in progress and feedback is welcome.
Closes #2069 Closes #2115 Closes #2109
Checklist
Output from acceptance testing:
Test has not yet been created.
Community Note