search

opensearch-project / terraform-provider-opensearch

https://registry.terraform.io/providers/opensearch-project/opensearch
Apache License 2.0
73 stars 55 forks source link

[BUG]opensearch_role_mapping resource - fails #158

Open kcorelight opened 5 months ago

kcorelight commented 5 months ago

What is the bug?

module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping will be created

╷ │ Error: elastic: Error 400 (Bad Request) │ │ with module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping, │ on ../../../modules/common/opensearch_saml/roles_mapping.tf line 19, in resource "opensearch_roles_mapping" "security_manager_mapping": │ 19: resource "opensearch_roles_mapping" "security_manager_mapping" { │ ╵ [root@9457465f450e NorthAmerica]#

How can one reproduce the bug?

[root@9457465f450e NorthAmerica]# terraform apply --auto-approve -target=module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping

What is the expected behavior?

Successfully apply the resource

What is your host/environment?

N/A

Do you have any screenshots?

Above screenshot

Do you have any additional context?

Add any other context about the problem.

prudhvigodithi commented 5 months ago

[Triage] Thanks @kcorelight Looks similar https://github.com/opensearch-project/terraform-provider-opensearch/issues/153, https://github.com/opensearch-project/terraform-provider-opensearch/issues/156 .

Adding @rblcoder @bbarani

rblcoder commented 4 months ago

@kcorelight Does this help you with the issue on using and_backend_roles https://github.com/opensearch-project/security/issues/4084

rblcoder commented 3 months ago

and_backend_roles requires that all the backend roles be specified in this list and only users with all of these backend roles will be mapped to the role.

For example if and_backend_roles has ["IT", "Finance", "HR"] for a user to to be mapped to the role, the user would need to have all of these backend roles. Such a user can be created using,

PUT _plugins/_security/api/internalusers/johndoe
{
  "password": "myStrongPassword123@456",
  "backend_roles": ["IT", "Administrator", "HR"]
}

The following terraform code maps user johndoe to custom_role

terraform {
  required_providers {
    opensearch = {
      source = "opensearch-project/opensearch"
      version = "2.2.0"
    }
  }
}

provider "opensearch" {
  url = "https://localhost:9200"
  username          = "admin"
  password          = "myStrongPassword123@456"
  healthcheck = false
  insecure = true
  version_ping_timeout = "10"

}

resource "opensearch_roles_mapping" "custom_role_mapping" {
    role_name = "custom_role"
    description = "Mapping roles"
    and_backend_roles = ["IT", "Finance", "HR"]

}