You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 4, 2023. It is now read-only.
it will break with ... reason=group already exists with path .... I wonder if you can fix this or if you are forced to wait for this feature to get implemented: hashicorp/terraform-provider-vault#1371
The text was updated successfully, but these errors were encountered:
Yes, I can confirm that behavior. This code here is not built to handle these cases. It only supports 1:1 mapping of AD groups to Vault namespaces.
An external mapping with a "foreign key" is needed to add support for such cases.
However, it might be easier to control the authorization to multiple namespaces by placing the users in the respective groups on the identity provider or identity management (IDM) system that is attached to Vault?
This has the additional benefit that one can see directly which user is actually authorized on which namespace.
Furthermore, I would not suggest to "reuse" existing AD groups in the IDM system for Vault authorization purposes, but create a new group for every Vault authorization purpose and deliberately add the users to these new groups.
vault-playground/docker/terraform/groups/main.tf
Line 19 in f28848d
Hey @in0rdr
Unfortunately this is not going to work: If you put another group into groups.yaml with access/admin to the same namespace like
testgroup2
it will break with
... reason=group already exists with path ...
. I wonder if you can fix this or if you are forced to wait for this feature to get implemented: hashicorp/terraform-provider-vault#1371The text was updated successfully, but these errors were encountered: