search

upbound / provider-vault

A Crossplane provider for HashiCorp Vault
Apache License 2.0
14 stars 7 forks source link

Reference Accessor of oidc auth backend in groupAlias #36

Open kamalverma1 opened 2 months ago

kamalverma1 commented 2 months ago

What problem are you facing?

There should be a way to reference the accessor for the oidc method and also the canonicalId of groups while creating a group Alias. This is an issue if the Resource is created by a seperate claim.

How could Upbound help solve your problem?

Add somthing similar to Data Source in in terraform. Maybe somthing similar to referencing VPCID in this doc.

For example:

apiVersion: identity.vault.upbound.io/v1alpha1
kind: GroupAlias
metadata:
  annotations:
    meta.upbound.io/example-id: identity/v1alpha1/groupalias
  labels:
    testing.upbound.io/example-name: group-alias
  name: cld-csm-admins-sg-kdtesting
spec:
  deletionPolicy: Delete
  forProvider:
    namespace: mytestns
    canonicalIdRef: 
      name: <mytestgroup>
    mountAccessorRef: 
      name: <oidc-auth-backend-name> 
    name: <group-ObjectId>
    ----
tschlaepfer commented 2 months ago

Agree, would very much like this :)

tschlaepfer commented 1 month ago

I have created a draft MR for this feature, however, I'm not used to Go nor creating Crossplane providers so I would need some support. Right now I'm still struggling with the code to create a reference for different AuthBackend types. 

# config.go
....
r.References["mount_accessor"] = config.Reference{
    Type: "github.com/upbound/provider-vault/apis/jwt/v1alpha1.AuthBackend",
    Extractor: common.AccessorExtractor,
}

Do to the way the Terraform code for HashiCorp Vault has been written one would need to be able to configure multiple types here.

Could someone from the maintainers guide me on how this should be implemented?