search

orange-cloudfoundry / terraform-provider-credhub

This terraform provider let you create and retrieve credentials from credhub
Apache License 2.0
8 stars 2 forks source link

Credhub permission support #1

Open gberche-orange opened 6 years ago

gberche-orange commented 6 years ago

With adoption of credhub, the need to provision permissions to read/write to credhub is increasing.

Being able to manage this into terraform would be useful both for static permissions, and dynamic permissions, such as in https://github.com/orange-cloudfoundry/sec-group-broker-filter/issues/50

Related endpoints: https://credhub-api.cfapps.io/#add-permissions https://credhub-api.cfapps.io/#get-permissions https://credhub-api.cfapps.io/#delete-permissions

Suggesting to expose permissions[n].actor as plain strings such as mtls-app:fdbeb2d4-b601-4a0d-91e8-7e38dde426f7 that terraform configurations can construct from other resources, such as $datasource.cloudfoundry.application.id or future UAA support in terraform cloudfoundry.