Reference Accessor of oidc auth backend in groupAlias

[kamalverma1]

What problem are you facing?

There should be a way to reference the accessor for the oidc method and also the canonicalId of groups while creating a group Alias. This is an issue if the Resource is created by a seperate claim.

How could Upbound help solve your problem?

Add somthing similar to Data Source in in terraform. Maybe somthing similar to referencing VPCID in this doc.

For example:

apiVersion: identity.vault.upbound.io/v1alpha1
kind: GroupAlias
metadata:
  annotations:
    meta.upbound.io/example-id: identity/v1alpha1/groupalias
  labels:
    testing.upbound.io/example-name: group-alias
  name: cld-csm-admins-sg-kdtesting
spec:
  deletionPolicy: Delete
  forProvider:
    namespace: mytestns
    canonicalIdRef: 
      name: <mytestgroup>
    mountAccessorRef: 
      name: <oidc-auth-backend-name> 
    name: <group-ObjectId>
    ----

[tschlaepfer]

Agree, would very much like this :)

[tschlaepfer]

I have created a draft MR for this feature, however, I'm not used to Go nor creating Crossplane providers so I would need some support. Right now I'm still struggling with the code to create a reference for different AuthBackend types.

# config.go
....
r.References["mount_accessor"] = config.Reference{
    Type: "github.com/upbound/provider-vault/apis/jwt/v1alpha1.AuthBackend",
    Extractor: common.AccessorExtractor,
}

Do to the way the Terraform code for HashiCorp Vault has been written one would need to be able to configure multiple types here.

Could someone from the maintainers guide me on how this should be implemented?