How do I use multiple Vault Namespaces in one Workspace?
I’ve tried researching this, but it seems like the Terraform Provider for Vault is poorly implemented, at least in terms of parity with Vault’s API design.
1 Like
You want to use an alias.
See https://registry.terraform.io/providers/hashicorp/vault/latest/docs#example-multiple-namespace-support
What specifically is poorly implemented? You might want to file a GH issue if you have specific gaps.
1 Like
It’s a use case where, IMO, Terraform doesn’t handle resource creation / management as cleanly as the API.
Terraform is making the assumption that a given provider would only want to work on one namespace, rather than multiple. I think the poor implementation is based on that assumption.
I am cautious to suggest better ways to implement, given my relative unfamiliarity with the Vault provider’s codebase, but I would suggest opening up a way to treate the namespaces as a matter of API paths, rather than headers, perhaps (again, naive 30 second shot in the dark) by a namespace attribute for all resources, perhaps to be added as a path prefix atop whatever the provider namespace is.
That way if I have my platforms namespace configured in the provider, I could configure some resources that need to be in a child namespace called, perhaps, cloudaws, by adding the attribute namespace = cloudaws.
Title has incorrect terms for the tech involved. It should be “Multiple Vault Namespaces in One Terraform Workspace / Configuration Set”.
1 Like
Thanks for the improvement, @Wolfsrudel.
I’m also going to see if I should bring this up with some of my HC contacts as something worth throwing some documentation at.
A blog post is a-brewing!