Add support for Azure AD Role assignments to Vault Roles
ausfestivus opened this issue · 1 comments
ausfestivus commented
Morning,
We would like to use the Azure Secrets Vault Plugin to generate an SP that can by used by the Azure AD Terraform Provider.
For this to work, we would need to be able to assign Azure AD Roles to the Vault Role definition. This doesn't appear to be currently supported. Note that we are talking about "Azure AD Roles", not "Azure Roles".
I asked about how to do this in the Azure AD Provider and they suggested two alternate paths.
I still think it would be advantageous to be able to create a Vault Role that can utilise the Azure AD Roles.
TimHodkin commented
I have looked into this also and commented on another issue related to a similar issue:
#102 (comment)
Something like this:
vault write azure/roles/my-role ttl=1h azure_roles=-<<EOF
[
{
"role_name": "Global Reader",
"scope": "/"
}
]
EOF