terraform-provider-vault: vault_github_team token_policies breaks policy mapping

Terraform Version

Terraform v0.11.13

  • provider.vault v2.2.0

Affected Resource(s)

vault_github_team

Terraform Configuration Files

Before:

resource "vault_github_team" "sre" {
  backend  = "${vault_github_auth_backend.github.id}"
  team     = "sre"
  policies = ["admin"]
}

After:

resource "vault_github_team" "sre" {
  backend  = "${vault_github_auth_backend.github.id}"
  team     = "sre"
  token_policies = ["admin"]
}

Expected Behavior

When logging in with the correct github personal access token,

token_policies         ["default" "admin"]
policies                    ["default" "admin"]

Actual Behavior

Once the above code it applied to a vault instance, the “admin” policy is no longer bound to the token

token_policies         ["default"]
policies                    ["default"]

Reverting back from “token_policies” to “policies” will correct the behavior.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 4
  • Comments: 15 (9 by maintainers)

Commits related to this issue

Most upvoted comments

token_policies is working on vault_approle_auth_backend_role for me, using Vault 1.2.2.

+1
hamishforbes on Sep 4, 2019
Read more comments on GitHub
← terraform-provider-vault: Vault provider is unable to access data with a non-root token
terraform-provider-vsphere: Cannot find OS family for guest ID `windows2019srvNext_64Guest` →