Hi All,
I am having a kind of deadlock issue.
I am deploying vault resources using terraform (vault provider), where I have two resources
- vault_database_secret_backend_connection
- vault_database_secret_backend_role
The first resource is used to establish a backend connection and the second one is used to create a role(like readonly/readwrite) for the same database connection established in resource one.
where in resource two I have to pass db_name argument with the connection name from the resource one attributes.
Here vault_database_secret_backend_connection is created without allowed_roles argument.
Till now it is fine.
When I am generating temp credentials like below, I am getting the role which i used is not part of the allowed_roles list.
vault read database/creds/my-read-role
Error reading database/creds/my-read-role: Error making API request.
URL: GET https://vault.xyz.com/v1/database/creds/my-read-role
Code: 500. Errors:
* 1 error occurred:
* "my-read-role" is not an allowed role
Role is created as part of the second resource which is a dependent on 1st resource because of db_name argument.
Now again how can I make the 1st resource is dependent on second resource to get the role names for the allowed_roles argument?
please guide me here.