Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ibm_sm_iam_credentials_configuration creates 2 configurations when using s2s auth #5800

Closed
alex-reiff opened this issue Nov 18, 2024 · 2 comments
Closed

ibm_sm_iam_credentials_configuration creates 2 configurations when using s2s auth #5800

alex-reiff opened this issue Nov 18, 2024 · 2 comments
Labels
service/Secrets Manager Issues related to Secrets Manager

Comments

@alex-reiff
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When attempting to create an IAM credentials engine in secrets manager using s2s auth, both a s2s auth and an API key auth configuration are created.

api_key field is still required and it does a validity check so I can't feed it a bad key to fail the API key configuration.

Terraform CLI and Terraform IBM Provider Version

Terraform v1.9.8
on darwin_arm64
+ provider registry.terraform.io/hashicorp/time v0.12.1
+ provider registry.terraform.io/ibm-cloud/ibm v1.70.0

Affected Resource(s)

  • ibm_sm_iam_credentials_configuration

Expected Behavior

An IAM credentials engine should be created using service 2 service authorization (because disabled is true).

Actual Behavior

BOTH a service 2 service configuration and an API key configuration are created.

image

Steps to Reproduce

resource "ibm_sm_iam_credentials_configuration" "sm_iam_engine_configuration" {
  instance_id = var.secrets_manager_guid
  region = var.region
  endpoint_type = var.endpoint_type
  name = var.iam_engine_name
  api_key = local.apikey
  disabled = true
}

Important Factoids

References

  • #0000
@github-actions github-actions bot added the service/Secrets Manager Issues related to Secrets Manager label Nov 18, 2024
@alex-reiff alex-reiff mentioned this issue Nov 18, 2024
Open
@ocofaigh
Copy link
Contributor

@haimsch could you help with this one please?

@IdanAdar
Copy link
Collaborator

If you want to use IAM authorization for the IAM engine, you only need to configure the authorization using the IBM Cloud IAM provider. With an authorization in place, the IAM engine is essentially now configured, you no longer need to also use the SM provider to "configure the engine". Once the authorization is in place you don't need the API key anylonger. See internal IBM Slack for more about this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/Secrets Manager Issues related to Secrets Manager
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@IdanAdar @ocofaigh @alex-reiff