Open FranckSallet opened 3 months ago
After study, the endpoint exist on the API but not yet implemented on the Terraform provider.
I am going to see with the team how we can add it for the next release.
thank you for the reply in this case, you must repair the destruction of the resource when changing the password. cf issue 17
It is tracked for fix and improvment for next release.
Hi @FranckSallet,
I'm currently looking into your enhancement request. I need some details about your usecase. Let me expand on what I have understood and correct me if I'm mistaken.
You have an already existing account in your AD. You want to create it in your Bastion with TF, create a new password for that account, and propagate it to the AD. Is that right ?
Hi @moulip
yes, that's exactly it. We need to manage AD account passwords through the password manager with TF. The password must also be able to be changed through the interface or via the password policy.
regards
Hi @moulip
yes, that's exactly it. We need to manage AD account passwords through the password manager with TF. The password must also be able to be changed through the interface or via the password policy.
regards
I completely get your use-case. I just want to make sure that we agree on the fact that the account already exists in the AD with a password already set and as soon as you create it for the first time in the Bastion, you will create it with another password which will replace the previously set password in AD upon creation.
Hi @moulip
We are completely agree about my use case. We have a already Active Directory account with a password. After that we want to manage the password with the "Password Manager" and the "Password Policy".
Regards
All right will dig into it now ;-)
Is your feature request related to a problem? Please describe. I use a global account to manage password of active directory accounts. The problem appears when I create a "wallix-bastion_domain_account_credential resource", I cannot propagate the password to the Active Directory account like I could do on the GUI. We therefore need manual action on the bastion for the account to be fully functional.
Describe the solution you'd like add a boolean parameter like "propagate_credential_change" in the "wallix-bastion_domain_account_credential" resource
Regards