[Enhancement]: return full Vault response with `vault_generic_endpoint`

[jficz]

Description

Currently vault_generic_endpoint only returns the .data part of the response which is not always useful - such as when trying to create a token through auth/token/create/<role> where the .data field of the response is in fact null and the interesting data is returned in the .auth field.

Since the resource is called "generic", it should support all use cases, not just those which return .data in the response.

My use case specifically would be a workaround for #2541 as with neither this feature nor #2541 it is impossible to create an entity_alias-bound token using this provider.

Affected Resource(s) and/or Data Source(s)

• vault_generic_endpoint

Potential Terraform Configuration

resource "vault_generic_endpoint" "my_app_token" {
  path = "auth/token/create/app"
  write_fields = ["auth"]
  disable_read = true
  disable_delete = true
  ignore_absent_fields = true

  data_json = <<EOT
{
  "entity_alias": "my-app"
}
EOT
}

References

https://developer.hashicorp.com/vault/api-docs/auth/token#sample-response-1

Would you like to implement a fix?

No

[weitzj]

Intereseted as well, especially for bootstrapping DR secondary tokens with Terraform using the vault generic endpoint