You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Creating the same resource using the Vault CLI works ok:
vault login -namespace=my_namespace -method=oidc -path=azure_ad role="user"
Complete the login via your OIDC provider. Launching browser to:
https://login.microsoftonline.com/...
Waiting for OIDC authentication to complete...
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token ...
token_accessor ...
token_duration 168h
token_renewable true
token_policies ["default""user"]
identity_policies []
policies ["default""user"]
token_meta_role user
vault write aws/static-roles/test username=test-iam-user rotation_period=360
Key Value
--- -----
id <id>
name test
rotation_period 6m
username test-iam-user
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered:
Some more details to hopefully help with identifying the root cause, compared to #2131 I'm not triggering the issue here with a login timeout due to inactivity or due to an expired token.
When I run terraform apply on the above snippet I get redirected to a browser for SSO login, that immediately succeeds and returns back to Terraform, which then proceeds to crash within a second or two.
One strange workaround that I stumbled upon just now, if I change the access policy to the following:
and I get the error. I've tried this a few times and it seems to be consistent behaviour. Is there any reason why this policy change would affect the oidc login process?
Terraform Core Version
1.9.5
Terraform Vault Provider Version
4.4.0
Vault Server Version
1.16.5+ent
Affected Resource(s)
vault_aws_secret_backend_static_role
Expected Behavior
Terraform should create vault_aws_secret_backend_static_role.role resource.
Actual Behavior
Terraform crashes with the below error.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
backend.tf
main.tf
Steps to Reproduce
Run
terraform apply
on the above resource definition.Debug Output
No response
Panic Output
No response
Important Factoids
Here is the relevant auth role configuration in Vault:
vault.tf
user-policy.hcl
Creating the same resource using the Vault CLI works ok:
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: