-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for passing region information stored in vault backend to AWS Config #832
Add support for passing region information stored in vault backend to AWS Config #832
Conversation
This allows us to use non-inferrable regions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor nit, LGTM
@@ -155,9 +155,17 @@ func awsAccessCredentialsDataSourceRead(d *schema.ResourceData, meta interface{} | |||
d.Set("lease_start_time", time.Now().Format(time.RFC3339)) | |||
d.Set("lease_renewable", secret.Renewable) | |||
|
|||
rootPath := backend + "/config/root" | |||
regionData, err := client.Logical().Read(rootPath) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uhm, this line appears to be a breaking change if existing source has not declared a region...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can confirm that this is a breaking change; I'm already getting reports of 405 errors from teams who haven't pinned their provider versions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for reporting this; we're tracking it in #833
Hello, Can you please update the documentation and give an example? Thank you, |
PR 832 inadvertently introduced issues when the token policy did not have the required permissions to read the root configuration. This reverts commit f8b83fb.
… AWS Config (hashicorp#832) * Add support for passing region information to vault backend This allows us to use non-inferrable regions * Remove unnecessary data passing when obtaining region
PR 832 inadvertently introduced issues when the token policy did not have the required permissions to read the root configuration. This reverts commit f8b83fb.
This allows us to use non-inferrable regions with terraform and the vault provider.
Community Note
Relates OR Closes #679
Release note for CHANGELOG:
Output from acceptance testing:
(Note: You need numerous environment variables to be set for these acceptance tests to run.
TF_ACC=1
VAULT_TOKEN=????
The following env vars must be set based on information provided by your AWS instance. In order to truly test these changes, you'll need to get Access Keys from the
us-gov-west-1
cloud, as those credentials were the ones that didn't work which prompted this change (You can also usecn-northwest-1
to test this if you'd like).AWS_ACCESS_KEY_ID=????
AWS_SECRET_ACCESS_KEY=????
AWS_DEFAULT_REGION=(cn-northwest-1|us-gov-west-1|us-east-1)
I'd suggest running the tests with both us-east-1 and us-gov-west-1 credentials to ensure it all works.