You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the fusionauth terraform provider fusionauth_api_key definition is only able to be scoped to a tenant_id, not to any lambdas.
Solution
Ideally I'd like for the fusionauth_api_key definition to be extended so that in addition to having a tenant_id that the key is scoped to, we can scope it to a set of lambda_ids, e.g. with this syntax:
resource "fusionauth_api_key" "group_endpoint" {
tenant_id = fusionauth_tenant.main.id
lambda_ids = [fusionauth_lambda.gmd_jwt_populate.id]
description = "FusionAuth API Key to be used for lambdas associated with this tenant"
permissions_endpoints {
endpoint = "/api/group"
get = true
delete = true
patch = true
post = true
put = true
}
}
Then this API key would only be used for a specific tenant and for specific lambdas, and the key would be available in the environment configuration for the lambda itself.
Alternatives/workarounds
Alternatively to the approach above, it might be better to only allow one resource per API key, but the following would be a breaking change, since resource_type would be required (defaults to Tenant, but would allow Lambda) and resource_id would hold the id.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered:
Allow fusionauth_api_key to be scoped to lambdas
Problem
Currently the fusionauth terraform provider
fusionauth_api_key
definition is only able to be scoped to atenant_id
, not to any lambdas.Solution
Ideally I'd like for the
fusionauth_api_key
definition to be extended so that in addition to having atenant_id
that the key is scoped to, we can scope it to a set oflambda_ids
, e.g. with this syntax:Then this API key would only be used for a specific tenant and for specific lambdas, and the key would be available in the environment configuration for the lambda itself.
Alternatives/workarounds
Alternatively to the approach above, it might be better to only allow one resource per API key, but the following would be a breaking change, since
resource_type
would be required (defaults toTenant
, but would allowLambda
) andresource_id
would hold the id.or:
Additional context
We are using the fusionauth terraform provider, so that's why the examples above are referring to that.
Repo: https://github.com/FusionAuth/terraform-provider-fusionauth
Docs: https://registry.terraform.io/providers/fusionauth/fusionauth/latest/docs/resources/api_key
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered: