[ Feature ] - Propagate credential change

[FranckSallet]

Is your feature request related to a problem? Please describe.
I use a global account to manage password of active directory accounts.
The problem appears when I create a "wallix-bastion_domain_account_credential resource", I cannot propagate the password to the Active Directory account like I could do on the GUI. We therefore need manual action on the bastion for the account to be fully functional.

Describe the solution you'd like
add a boolean parameter like "propagate_credential_change" in the "wallix-bastion_domain_account_credential" resource

Regards

[bsimonWallix]

After study, the endpoint exist on the API but not yet implemented on the Terraform provider.

I am going to see with the team how we can add it for the next release.

[FranckSallet]

thank you for the reply
in this case, you must repair the destruction of the resource when changing the password. cf issue 17

[bsimonWallix]

It is tracked for fix and improvment for next release.

[moulip]

Hi @FranckSallet,

I'm currently looking into your enhancement request. I need some details about your usecase.
Let me expand on what I have understood and correct me if I'm mistaken.

You have an already existing account in your AD.
You want to create it in your Bastion with TF, create a new password for that account, and propagate it to the AD.
Is that right ?

[FranckSallet]

Hi @moulip

yes, that's exactly it.
We need to manage AD account passwords through the password manager with TF.
The password must also be able to be changed through the interface or via the password policy.

regards

[moulip]

Hi @moulip

yes, that's exactly it. We need to manage AD account passwords through the password manager with TF. The password must also be able to be changed through the interface or via the password policy.

regards

I completely get your use-case. I just want to make sure that we agree on the fact that the account already exists in the AD with a password already set and as soon as you create it for the first time in the Bastion, you will create it with another password which will replace the previously set password in AD upon creation.

[FranckSallet]

Hi @moulip

We are completely agree about my use case.
We have a already Active Directory account with a password.
After that we want to manage the password with the "Password Manager" and the "Password Policy".

Regards

[moulip]

All right will dig into it now ;-)

[moulip]

Hi @FranckSallet !

Long time no talk sorry for that. I have done the task and the provider is now able to propagate the credential change BUT, this has led to find a bug in the Bastion which prevents me from releasing a new version.
We are on the path of fixing this bug and as from there I'll be able to commit.
Just to keep you updated.

[FranckSallet]

Hi @moulip

great to hear that
This next release of the provider will work with the bastion version 12 ?

[moulip]

Will try to do so !

[FranckSallet]

Hi @moulip

Any news or release date ?

Regards

[bsimonWallix]

We are just pushing the v0.14.0 - The fix of this is issue wasn't merged as it does need more testing.

We target a v0.14.1 next week for it.

[bsimonWallix]

Hello we just pushed the change from @moulip for this request.
We are still waiting on the fix on the bastion API. As for now the uuid of the password is lost on change and terraform have issue to keep the state.

[FranckSallet]

Bonjour Simon
Merci du retour
ce n'est toujours pas fixé dans la version 12.0.5 du bastion ?
Merci, Franck

[FranckSallet]

je ne vois pas l'option "Propagate credential change" dans la documentation de la version 14, c'est normal ?
Merci, Franck

[bsimonWallix]

C'est sur la branche develop pour le moment.
On devrait sortir une nouvelle release sous peu