Open arpanrec opened 7 months ago
Thanks @arpanrec for reporting! If I am understanding correctly there are 2 options
auth_login
and auth_login_cert
not mutually exclusiveclient_auth
from any future versions of TFVPDoes that sound right to you? If yes, I am curious if you have reason to prefer one over the other? Thanks!
@fairclothjm Thanks for the response,
1) I don't have enough knowledge to comment on point 1. As vault should support only one way of authentication for a single provider configuration block, so in my mind (token, auth_login, auth_login_cert) all these are mutually exclusive is totally make sense and no need to change (Person Opinion). But there might be other use cases where I don't have any experience.
2) client_auth
(or pick any parameter) to provide the option for vault TCP listener mutual TLS auth (which is not vault TLS certificates auth method). So "Do not remove client_auth from any future versions of TFVP" makes sense here.
Thanks! Option 1 was hypothetical. I have not investigated if there are cases where it could make sense. I will discuss this issue with my team. Thanks!
Terraform Core Version
1.6.6
Terraform Vault Provider Version
3.24.0
Vault Server Version
1.15.2
Affected Resource(s)
provider "vault"
Expected Behavior
client_auth is being deprecated for auth_login_cert. My current vault config doesn’t have any PKI Auth setup, I needed this client_auth because I have mutual TLS enabled. and the authentication process is userpass.
I am expecting I should be able to use vault userpass login with mutual TLS enabled
Actual Behavior
As auth_login and auth_login_cert both are login methods terraform is throwing an error saying it's a conflict.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Here is my vault provider config. I did a micro testing just the provider and a basic kv resource, you will always get the same error
Steps to Reproduce
Just add vault provider with auth_login and auth_login_cert.
Debug Output
No response
Panic Output
No response
Important Factoids
Now if you change
auth_login_cert
toclient_auth
your code will work with the below Warning.As i already explained before my vault doesn't have a PKI Auth module, but I was using
client_auth
for mutual TLS auth, Here is my vault server tcp listener templateReferences
No response
Would you like to implement a fix?
None