Open darnold-harness opened 5 years ago
Hi @darnold-harness, what you're trying to achieve is not possible - terraform has to initialize the provider before it can provision any resources. So you got a chicken and egg situation here.
I suggest you wrap your terraform plan/apply cycle from the context you're trying to login using AppRole by providing the token as a input variable to your configuration. You can do that by leveraging Vault's CLI and some wrapper script to your terraform commands.
@tyrannosaurus-becks Recommendation: Close
So, what is the purpose of the approle login?
To grab a token using the approle
auth method. You could then use that token in many other contexts other than Vault - to provision a machine, for example and inject the token to it.
But how could you grab a token with this provider if in order to initialize the provider and provision a resource that would require the creation of a child token, from another token? I don't believe this is meant to be used as a "passthrough" to apply Terraform - unless you use different modules, and that would be a similar approach to wrapping plan/apply. Either way, you'd need a token as a starting point - that is just the way the Terraform and this provider works. Potentially, the provider authentication could be revamped, but it's a totally different matter and would require large scale changes to the codebase.
Yeah I am currently having this problem too, makes the Approle sort of useless then If your having to provider a token to begin with for the Vault provider just so you can retrieve another token? Makes no sense to me tbh.
Terraform Version
Terraform v0.11.13
Affected Resource(s)
Terraform Configuration Files
Debug Output
Error: Error refreshing state: 1 error(s) occurred: