Open kcorelight opened 5 months ago
[Triage] Thanks @kcorelight Looks similar https://github.com/opensearch-project/terraform-provider-opensearch/issues/153, https://github.com/opensearch-project/terraform-provider-opensearch/issues/156 .
Adding @rblcoder @bbarani
@kcorelight Does this help you with the issue on using and_backend_roles https://github.com/opensearch-project/security/issues/4084
and_backend_roles requires that all the backend roles be specified in this list and only users with all of these backend roles will be mapped to the role.
For example if and_backend_roles has ["IT", "Finance", "HR"] for a user to to be mapped to the role, the user would need to have all of these backend roles. Such a user can be created using,
PUT _plugins/_security/api/internalusers/johndoe
{
"password": "myStrongPassword123@456",
"backend_roles": ["IT", "Administrator", "HR"]
}
The following terraform code maps user johndoe to custom_role
terraform {
required_providers {
opensearch = {
source = "opensearch-project/opensearch"
version = "2.2.0"
}
}
}
provider "opensearch" {
url = "https://localhost:9200"
username = "admin"
password = "myStrongPassword123@456"
healthcheck = false
insecure = true
version_ping_timeout = "10"
}
resource "opensearch_roles_mapping" "custom_role_mapping" {
role_name = "custom_role"
description = "Mapping roles"
and_backend_roles = ["IT", "Finance", "HR"]
}
What is the bug?
module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping will be created
╷ │ Error: elastic: Error 400 (Bad Request) │ │ with module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping, │ on ../../../modules/common/opensearch_saml/roles_mapping.tf line 19, in resource "opensearch_roles_mapping" "security_manager_mapping": │ 19: resource "opensearch_roles_mapping" "security_manager_mapping" { │ ╵ [root@9457465f450e NorthAmerica]#
How can one reproduce the bug?
[root@9457465f450e NorthAmerica]# terraform apply --auto-approve -target=module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping
What is the expected behavior?
Successfully apply the resource
What is your host/environment?
N/A
Do you have any screenshots?
Above screenshot
Do you have any additional context?
Add any other context about the problem.