Add support for passing region information stored in vault backend to AWS Config #832
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This allows us to use non-inferrable regions
ghost
added
the
| @@ -155,9 +155,17 @@ func awsAccessCredentialsDataSourceRead(d *schema.ResourceData, meta interface{} | |||
| d.Set("lease_start_time", time.Now().Format(time.RFC3339)) | |||
| d.Set("lease_renewable", secret.Renewable) | |||
|
|
|||
| rootPath := backend + "/config/root" | |||
| regionData, err := client.Logical().Read(rootPath) | |||
There was a problem hiding this comment.
Uhm, this line appears to be a breaking change if existing source has not declared a region...
There was a problem hiding this comment.
I can confirm that this is a breaking change; I'm already getting reports of 405 errors from teams who haven't pinned their provider versions.
There was a problem hiding this comment.
Thank you for reporting this; we're tracking it in #833
|
Hello, Can you please update the documentation and give an example? Thank you, |
catsby
added a commit
that referenced
this pull request
Jul 31, 2020
PR 832 inadvertently introduced issues when the token policy did not have the required permissions to read the root configuration. This reverts commit f8b83fb.
catsby
added a commit
that referenced
this pull request
Jul 31, 2020
dandandy
pushed a commit
to dandandy/terraform-provider-vault
that referenced
this pull request
Jun 17, 2021
… AWS Config (hashicorp#832) * Add support for passing region information to vault backend This allows us to use non-inferrable regions * Remove unnecessary data passing when obtaining region
dandandy
pushed a commit
to dandandy/terraform-provider-vault
that referenced
this pull request
Jun 17, 2021
PR 832 inadvertently introduced issues when the token policy did not have the required permissions to read the root configuration. This reverts commit f8b83fb.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows us to use non-inferrable regions with terraform and the vault provider.
Community Note
Relates OR Closes #679
Release note for CHANGELOG:
Output from acceptance testing:
(Note: You need numerous environment variables to be set for these acceptance tests to run.
TF_ACC=1VAULT_TOKEN=????The following env vars must be set based on information provided by your AWS instance. In order to truly test these changes, you'll need to get Access Keys from the
us-gov-west-1cloud, as those credentials were the ones that didn't work which prompted this change (You can also usecn-northwest-1to test this if you'd like).AWS_ACCESS_KEY_ID=????AWS_SECRET_ACCESS_KEY=????AWS_DEFAULT_REGION=(cn-northwest-1|us-gov-west-1|us-east-1)I'd suggest running the tests with both us-east-1 and us-gov-west-1 credentials to ensure it all works.