search

opensearch-project / terraform-provider-opensearch

https://registry.terraform.io/providers/opensearch-project/opensearch
Apache License 2.0
74 stars 57 forks source link

[FEATURE] Support for AssumeRoleWithWebIdentity for authentication #89

Open yasirmohamed777 opened 11 months ago

yasirmohamed777 commented 11 months ago

Is your feature request related to a problem?

Working with the provider in CICD platform that provide support for AssumeRoleWithWebIdentity can be difficult when the provider does not support it. At the moment the provider uses assume role and if credentials OR profile is not provided, it fails with access denied

What solution would you like?

Implement support for AssumeRoleWithWebIdentity in the provider. An example of how would that look like is the AWS provider:

provider "aws" {
  assume_role_with_web_identity {
    role_arn                = "arn:aws:iam::123456789012:role/ROLE_NAME"
    session_name            = "SESSION_NAME"
    web_identity_token_file = "/Users/tf_user/secrets/web-identity-token"
  }
}

What alternatives have you considered?

Hacking up a solution in the CICD where it authenticate to AWS and creates a profile before running terraform

Do you have any additional context?

No

prudhvigodithi commented 11 months ago

Hey @yasirmohamed777 thanks for creating this support issue, please take a look and see if you can contribute to this enhancement, also adding @rblcoder @afrodidact @premkirank. Thank you

prudhvigodithi commented 6 months ago

Adding @Anirudh-1612