-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: Use default auth method if no auth method ID is provided for provider #385
Conversation
4c40ab4
to
9011676
Compare
9011676
to
f98cf49
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
couple questions, but overall looks great.
@@ -176,14 +204,14 @@ func providerAuthenticate(ctx context.Context, d *schema.ResourceData, md *metaD | |||
"login_name": authMethodLoginName, | |||
"password": authMethodPassword, | |||
} | |||
|
|||
case strings.HasPrefix(authMethodId.(string), "amoidc"): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we want to allow ldap auth methods in this switch?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I think we can add support for that as well. A separate PR where we add LDAP support and also use the default primary method for that.
// getDefaultAuthMethodId iterates over boundary client.List() to find the default auth method ID for the given scopeId. | ||
// If there is only one auth method, it'll return it even if it's not the primary auth method | ||
// If scope ID is empty or no primary auth method is found, it returns an error. | ||
func getDefaultAuthMethodId(ctx context.Context, client *authmethods.Client, scopeId, amType string) (string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to support ldap auth methods in this func?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I think we can add support for that as well. A separate PR where we add LDAP support and also use the default primary method for that.
recoveryKmsHcl, recoveryKmsHclOk := d.GetOk("recovery_kms_hcl") | ||
if token, ok := d.GetOk("token"); ok { | ||
md.client.SetToken(token.(string)) | ||
} | ||
|
||
// If auth_method_id is not set, get the default auth method ID for the given scope ID | ||
if !authMethodIdOk { | ||
defaultAuthMethodId, err := getDefaultAuthMethodId(ctx, amClient, providerScope, PASSWORD_AUTH_METHOD_PREFIX) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we want to support ldap as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I think we can add support for that as well. A separate PR where we add LDAP support and also use the default primary method for that.
- Make provider easier to read - Fix error typo
… provider (#385) * Use default auth method if no auth method ID is provided for provider
* feature: Use default auth method if no auth method ID is provided for provider (#385) * Use default auth method if no auth method ID is provided for provider * docs: Fix typo in Managed Group resource page (#370) * fix(credlib): Force new resource on credential_type change (#389) * update changelog --------- Co-authored-by: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Co-authored-by: Hugo <hugoamvieira@users.noreply.github.com>
… provider (hashicorp#385) * Use default auth method if no auth method ID is provided for provider
Enable easier authentication by automatically setting the auth method id for the TF provider. Instead of passing the
auth_methoid_id
to the provider, the provider will set theauth_method_id
.This is similar to Boundary CLI using the primary authentication for a given scope: hashicorp/boundary#2725
Using the Primary Auth Method in Global Scope
Using the Primary Auth Method in a passed-in scope:
Using auth_method_id (traditional)
Setting Auth Method ID
It sets the
auth_method_id
based on these rules:auth_method_id
is passed in, thatauth_method_id
is used