Open kcorelight opened 5 months ago
[Triage] Thanks @kcorelight Looks similar https://github.com/opensearch-project/terraform-provider-opensearch/issues/153, https://github.com/opensearch-project/terraform-provider-opensearch/issues/158 .
Adding @rblcoder @bbarani
@kcorelight https://github.com/opensearch-project/terraform-provider-opensearch/blob/main/provider/resource_opensearch_roles_mapping.go is calling _plugins/_security/api/rolesmapping/
PUT _plugins/_security/api/rolesmapping/
What is the bug?
When I try to apply this resource, this is removing existing security users. So, no user has permission to update the role with additional users
I am trying the differences between backend_roles and and_backend_roles. The documentation is not clear https://registry.terraform.io/providers/phillbaker/elasticsearch/latest/docs/resources/opensearch_roles_mapping
How can one reproduce the bug?
resource "opensearch_roles_mapping" "security_manager_mapping" { role_name = "security_manager" description = "Mapping AWS IAM roles to ES role" backend_roles = concat(var.security_access_roles, [var.saml_master_backend_role]) }
Here var.saml_master_backend_role already has security manager permissions. But, still I see the following error
╷ │ Error: elastic: Error 403 (Forbidden) │ │ with module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping, │ on ../../../modules/common/opensearch_saml/roles_mapping.tf line 15, in resource "opensearch_roles_mapping" "security_manager_mapping": │ 15: resource "opensearch_roles_mapping" "security_manager_mapping" { │ ╵ [root@a044c3c081a3 NorthAmerica]#
What is the expected behavior?
The expected behavior is that, additional backend roles will be mapped to this opensearch role
What is your host/environment?
All OS
Do you have any screenshots?
╷ │ Error: elastic: Error 403 (Forbidden) │ │ with module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping, │ on ../../../modules/common/opensearch_saml/roles_mapping.tf line 15, in resource "opensearch_roles_mapping" "security_manager_mapping": │ 15: resource "opensearch_roles_mapping" "security_manager_mapping" { │ ╵ [root@a044c3c081a3 NorthAmerica]#
Do you have any additional context?
Add any other context about the problem.