Using terraform to fetch entity name under alias

Question

I am trying to fetch all the entity names using data source vault_identity_entity, however unable to fetch the name of entity located under aliases.

Sample code: '''

data “vault_identity_group” “group” {
group_name = “vaultadmin”
}
data “vault_identity_entity” “entity” {
for_each = toset(data.vault_identity_group.group.member_entity_ids)
entity_id = each.value
}
data “null_data_source” “values” {
for_each = data.vault_identity_entity.entity
inputs = {
ssh_user_details = lookup(jsondecode(data.vault_identity_entity.entity[each.key].data_json),“name”,{})
}
}

"data_json": "{\"aliases\":[{\"canonical_id\":\"37b4c764-a4ec-dcb7-c3c7-31cf9c51e456\",\"creation_time\":\"2022-07-20T08:53:36.553988277Z\",\"custom_metadata\":null,\"id\":\"59fb8a9c-1c0c-0591-0f6e-1a153233e456\",\"last_update_time\":\"2022-07-20T08:53:36.553988277Z\",\"local\":false,\"merged_from_canonical_ids\":null,\"metadata\":null,\"mount_accessor\":\"auth_approle_12d1d8af\",\"mount_path\":\"auth/approle/\",\"mount_type\":\"approle\",\"name\":\"name.user@test.com\"}],\"creation_time\":\"2022-07-20T08:53:36.553982983Z\",\"direct_group_ids\":[\"e456cb46-2b51-737c-3277-64082352f47e\"],\"disabled\":false,\"group_ids\":[\"e456cb46-2b51-737c-3277-64082352f47e\"],\"id\":\"37b4c764-a4ec-dcb7-c3c7-31cf9c51e456\",\"inherited_group_ids\":[],\"last_update_time\":\"2022-07-20T08:53:36.553982983Z\",\"merged_entity_ids\":null,\"metadata\":null,\"name\":\"entity_ec5c123\",\"namespace_id\":\"root\",\"policies\":[]}",

Above scripts returns entity id entity_ec5c123. Any suggestions to retrieve the name field under aliases, which has users email id.

score 0 · Answer 1 · answered Oct 20 '22 at 18:17

Maybe something like this?

data “vault_identity_group” “group” {
  group_name = “vaultadmin”
}

data “vault_identity_entity” “entity” {
  for_each = toset(data.vault_identity_group.group.member_entity_ids)
  entity_id = each.value
}

locals {
  mount_accessor      = "auth_approle_12d1d8af"
  # mount_path        = "auth/approle/"
  aliases             = {for k,v in data.vault_identity_entity.entity : k => jsondecode(v.data_json, "aliases") }
}

data “null_data_source” “values” {
  for_each = data.vault_identity_entity.entity
  inputs = {
    ssh_user_details = lookup({for alias in lookup(local.aliases, each.key, "ent_missing") : alias.mount_accessor => alias.name}, local.mount_accessor, "ent_no_alias_on_auth_method")
  }
}

Basically you want to do a couple lookups here, you can simplify this if you can guarantee that each entity will only have a single alias, but otherwise you should probably be looking up the alias for a specific mount_accessor and discarding the other entries.

Haven't really done a bunch of testing with this code, but you should be able to run terraform console after doing an init on your workspace and figure out what the data structs look like if you have issues.

Using terraform to fetch entity name under alias

1 Answers1