Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow fusionauth_api_key to be scoped to lambdas #2919

Open
sareh opened this issue Nov 12, 2024 · 0 comments
Open

Allow fusionauth_api_key to be scoped to lambdas #2919

sareh opened this issue Nov 12, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@sareh
Copy link

sareh commented Nov 12, 2024

Allow fusionauth_api_key to be scoped to lambdas

Problem

Currently the fusionauth terraform provider fusionauth_api_key definition is only able to be scoped to a tenant_id, not to any lambdas.

Solution

Ideally I'd like for the fusionauth_api_key definition to be extended so that in addition to having a tenant_id that the key is scoped to, we can scope it to a set of lambda_ids, e.g. with this syntax:

resource "fusionauth_api_key" "group_endpoint" {
  tenant_id   = fusionauth_tenant.main.id
  lambda_ids = [fusionauth_lambda.gmd_jwt_populate.id]
  description = "FusionAuth API Key to be used for lambdas associated with this tenant"
  permissions_endpoints {
    endpoint = "/api/group"
    get      = true
    delete   = true
    patch    = true
    post     = true
    put      = true
  }
}

Then this API key would only be used for a specific tenant and for specific lambdas, and the key would be available in the environment configuration for the lambda itself.

Alternatives/workarounds

Alternatively to the approach above, it might be better to only allow one resource per API key, but the following would be a breaking change, since resource_type would be required (defaults to Tenant, but would allow Lambda) and resource_id would hold the id.

resource "fusionauth_api_key" "tenant_group_endpoint" {
  resource_type = "Tenant"
  resource_id = fusionauth_tenant.main.id
....
}

or:

resource "fusionauth_api_key" "lambda_group_endpoint" {
  resource_type = "Lambda"
  resource_id = fusionauth_lambda.main.id
....
}

Additional context

We are using the fusionauth terraform provider, so that's why the examples above are referring to that.
Repo: https://github.com/FusionAuth/terraform-provider-fusionauth
Docs: https://registry.terraform.io/providers/fusionauth/fusionauth/latest/docs/resources/api_key

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants