search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
451 stars 535 forks source link

[Enhancement]: Allow to set GCP auth JWT token TTL #2162

Open via-justa opened 4 months ago

via-justa commented 4 months ago

Description

You set the default value of the GCP auth TTL to 30 minutes. This TTL is extreamly long and divert from the default value set on the vault_gcp_auth_backend_role resource that assumingly use a more best practice value of 15 min.

Ideally the default values of both resources should match and we should have the ability to configure the TTL of the provider auth (as mentioned in the inline comment from 2 years ago)

https://github.com/hashicorp/terraform-provider-vault/blob/48ef44c3e56f4bd148afee182a1e77f4f51368ef/internal/provider/auth_gcp.go#L184C1-L191C4

        b, err := json.Marshal(
            map[string]interface{}{
                "sub": serviceAccount,
                "aud": fmt.Sprintf("https://vault/%s", l.params[consts.FieldRole]),
                // TODO: consider making this value a tunable
                "exp": time.Now().Add(time.Minute * 30).Unix(),
            },
        )

Affected Resource(s) and/or Data Source(s)

No response

Potential Terraform Configuration

No response

References

No response

Would you like to implement a fix?

None