Giters

hashicorp / terraform-provider-vault

Terraform Vault provider

Home Page:https://www.terraform.io/docs/providers/vault/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Enhancement]: Add support for the exclude_cn_from_sans attribute to the vault_pki_secret_backend_role resource

n2ux opened this issue · comments

commented

Description

Vault PKI roles have an exclude_cn_from_sans boolean attribute. If the attribute is true the given common_name will not be included in DNS or Email Subject Alternate Names (as appropriate). This is useful if the role is for something that is not a hostname or email address.

Affected Resource(s) and/or Data Source(s)

vault_pki_secret_backend_role

Potential Terraform Configuration

resource "vault_pki_secret_backend_role" "role" {
  backend = "pki"
  name = "role"
  issuer_ref = "default"
  ttl = 63072000
  basic_constraints_valid_for_non_ca = true
  allow_any_name = true
  enforce_hostnames = false
  allow_localhost = false
  allow_wildcard_certificates = false
  key_type = "rsa"
  key_bits = 0
  key_usage = ["DigitalSignature", "KeyAgreement", "KeyEncipherment", "DataEncipherment"]
  client_flag = true
  server_flag = false
  ext_key_usage = ["ClientAuth"]
  allow_ip_sans = false
  allowed_serial_numbers = ["*"]
  organization = ["MyOrg"]
  ou = ["myou"]
  exclude_cn_from_sans = true
}

References

https://developer.hashicorp.com/vault/api-docs/secret/pki#exclude_cn_from_sans-1

Would you like to implement a fix?

None