Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Secret fails though service account has required permissions for Create Secret and on associated SecretTemplate. #85

Open
amolpati1 opened this issue Nov 13, 2024 · 5 comments
Open

Create Secret fails though service account has required permissions for Create Secret and on associated SecretTemplate. #85

amolpati1 opened this issue Nov 13, 2024 · 5 comments

Comments

@amolpati1
Copy link

amolpati1 commented Nov 13, 2024
edited
Loading

Create Secret fails though service account has required permissions for Create Secret and on associated SecretTemplate.

Create Secret fails with Delinea TSS terraform provider.
Service Account has Create Secret and Template Owner permissions.
But It fails to get Secret Template and overall execution fails.

CreateSecret
trace.txt

But able to get same secret template and create new secret using Delinea Powershell Module using same Service Account.
Attached are the error screen shot using TSS provider, Trace file and screenshot of get secret template using Delinea Powershell Module
GetSecretTemplate

Expected behavior
New Secret should get created.

Sample Code:
terraform {
required_providers {
tss = {
source = "DelineaXPM/tss"
version = "2.0.8"
}
}
}

variable "tss_username" {
type = string
}

variable "tss_password" {
type = string
sensitive = true
}

variable "tss_server_url" {
type = string
default = "https://test.secretservercloud.com"
}

variable "tss_secret_name" {
type = string
default = "Secret Template Permission Test"
}

variable "tss_secret_siteid" {
type = string
default = "1"
}

variable "tss_secret_folderid" {
type = string
}

variable "tss_secret_templateid" {
type = string
}

variable "fields" {
type = list(object({
itemvalue = string
fieldname = string
}))
default = [
{
fieldname = "Machine"
itemvalue = "hostname"
},
{
fieldname = "Username"
itemvalue = "test_user"
},
{
fieldname = "Password"
itemvalue = "test_pass123."
}
]
}

provider "tss" {
username = var.tss_username
password = var.tss_password
server_url = var.tss_server_url
}

resource "tss_resource_secret" "secret_name" {
name = var.tss_secret_name
folderid = var.tss_secret_folderid
siteid = var.tss_secret_siteid
secrettemplateid = var.tss_secret_templateid
active = true
dynamic "fields" {
for_each = var.fields
content {
fieldname = fields.value.fieldname
itemvalue = fields.value.itemvalue
}
}
}
@amolpati1
Copy link
Author

Any update on the issue?

@amolpati1
Copy link
Author

Are there any developments regarding the issue?

@amolpati1
Copy link
Author

amolpati1 commented Nov 26, 2024
edited
Loading

Below are list of permission to service account.

Secret Permissions: Edit
Folder Level Permissions: Add secret
Secret Template Permission: Create Secret/Template Owner

Any update ?

@amolpati1
Copy link
Author

Appreciate if you could assist in this issue to get it resolved.

1 similar comment
@amolpati1
Copy link
Author

Appreciate if you could assist in this issue to get it resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@amolpati1