Skip to content

Allow fusionauth_api_key to be scoped to lambdas #2919

New issue
New issue
Open
Open
Allow fusionauth_api_key to be scoped to lambdas#2919
Labels
enhancementNew feature or request
@sareh

Description

@sareh
sareh
opened on Nov 12, 2024

Allow fusionauth_api_key to be scoped to lambdas

Problem

Currently the fusionauth terraform provider fusionauth_api_key definition is only able to be scoped to a tenant_id, not to any lambdas.

Solution

Ideally I'd like for the fusionauth_api_key definition to be extended so that in addition to having a tenant_id that the key is scoped to, we can scope it to a set of lambda_ids, e.g. with this syntax:

resource "fusionauth_api_key" "group_endpoint" {
  tenant_id   = fusionauth_tenant.main.id
  lambda_ids = [fusionauth_lambda.gmd_jwt_populate.id]
  description = "FusionAuth API Key to be used for lambdas associated with this tenant"
  permissions_endpoints {
    endpoint = "/api/group"
    get      = true
    delete   = true
    patch    = true
    post     = true
    put      = true
  }
}

Then this API key would only be used for a specific tenant and for specific lambdas, and the key would be available in the environment configuration for the lambda itself.

Alternatives/workarounds

Alternatively to the approach above, it might be better to only allow one resource per API key, but the following would be a breaking change, since resource_type would be required (defaults to Tenant, but would allow Lambda) and resource_id would hold the id.

resource "fusionauth_api_key" "tenant_group_endpoint" {
  resource_type = "Tenant"
  resource_id = fusionauth_tenant.main.id
....
}

or:

resource "fusionauth_api_key" "lambda_group_endpoint" {
  resource_type = "Lambda"
  resource_id = fusionauth_lambda.main.id
....
}

Additional context

We are using the fusionauth terraform provider, so that's why the examples above are referring to that.
Repo: https://github.com/FusionAuth/terraform-provider-fusionauth
Docs: https://registry.terraform.io/providers/fusionauth/fusionauth/latest/docs/resources/api_key

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions