Facing error reading entity alias issue through terraform #2740
Description
Describe the bug
We are using Ansible script which using terraform modules to interact with vault server and there we are seeing intermittent issue related to vault like context deadline or failing to read/write entity alias.
We have created a single entity in Vault named “ProdEntity”. Within this entity, we create multiple aliases, each mapped to different authentication mount points such as AWS, Kubernetes, and AppRole.
These aliases are created during every tenant deployment. As a result, more than 4000 aliases have now been created under the “ProdEntity”.
We are observing below issue sometimes in our pipeline.
`STDERR:
Error: error reading entity alias "1f1c067f-10b5-481b-0d46-70e1401efffa": failed reading "/identity/entity-alias/id/1f1c067f-10b5-481b-0d46-70e1401efffa"
with module.operator_roles.vault_identity_entity_alias.aws_operator_read_alias,
on modules/operator-roles/main.tf line 85, in resource "vault_identity_entity_alias" "aws_operator_read_alias":
85: resource "vault_identity_entity_alias" "aws_operator_read_alias" {`
To Reproduce
Steps to reproduce the behavior:
- We are using ansible script which uses terraform module to create the resources.
Expected behavior
I am expecing our Terraform script should not fail because of vault intermitting issue.
Environment:
- Vault Server Version (retrieve with
vault status): Vault v1.19.7 - Vault CLI Version (retrieve with
vault version): - Server Operating System/Architecture:
Vault server configuration file(s):
# Paste your Vault config here.
# Be sure to scrub any sensitive valuesAdditional context
provider "vault" {
address = var.VAULT_SERVER_URL
skip_tls_verify = false
auth_login_jwt {
namespace = var.VAULT_NAMESPACE
mount = var.VAULT_AUTH_PATH
role = var.VAULT_AUTH_ROLE
jwt = var.GITLAB_JWT_TOKEN
}
}
we have also mention vault_client_timeout: "120" in terraform configuration