feat!: Abilitiy to set JWT audience claim (#204)

BREAKING CHANGE: JWTs can now be created with a fix audience value. Needed for OpenZiti integratin

Signed-off-by: Bryon Nevis <[email protected]>

internal/pkg/vault/management.go

@@ -562,14 +562,15 @@ func (c *Client) CreateNamedIdentityKey(token string, keyName string, algorithm
 	return err
 }
 
-func (c *Client) CreateOrUpdateIdentityRole(token string, roleName string, keyName string, template string, jwtTTL string) error {
+func (c *Client) CreateOrUpdateIdentityRole(token string, roleName string, keyName string, template string, audience string, jwtTTL string) error {
 
 	var templatePointer *string = nil
 	if template != "" {
 		templatePointer = &template
 	}
 
 	request := CreateOrUpdateIdentityRoleRequest{
+		ClientID: audience,
 		Key:      keyName,
 		Template: templatePointer, // optional field
 		TokenTTL: jwtTTL,

internal/pkg/vault/models.go

@@ -191,6 +191,7 @@ type CreateNamedKeyRequest struct {
 
 // CreateOrUpdateIdentityRoleRequest is the request to POST /v1/identity/oidc/role/:name
 type CreateOrUpdateIdentityRoleRequest struct {
+	ClientID string  `json:"client_id,omitempty"`
 	Key      string  `json:"key"`
 	Template *string `json:"template,omitempty"`
 	TokenTTL string  `json:"ttl"`

secrets/interfaces.go

@@ -88,5 +88,5 @@ type SecretStoreClient interface {
 	InternalServiceLogin(token string, authEngine string, username string, password string) (map[string]interface{}, error)
 	CheckIdentityKeyExists(token string, keyName string) (bool, error)
 	CreateNamedIdentityKey(token string, keyName string, algorithm string) error
-	CreateOrUpdateIdentityRole(token string, roleName string, keyName string, template string, jwtTTL string) error
+	CreateOrUpdateIdentityRole(token string, roleName string, keyName string, template string, audience string, jwtTTL string) error
 }