-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable login from Azure VMs with user-assigned identities #29
Conversation
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
Does hashicorp have a good test environment for these sorts of changes? |
@kalafut is there something I can help with re testing this? We'd like to use user-assigned-identities with our vault deployment and would like to not maintain a fork of the auth plugin. |
Also interested in seeing this come to light |
Thanks for the PR! I think this is a good change and we’ll get it queued for review. |
@infa-bsurber Can you please check that the email on the commit matches the Github email you would have signed the CLA with (assuming that step was done). |
This github account is actually being abandoned, please someone else take this change and run with it. |
@kalafut can you take a look at this? I think it may resolve hashicorp/vault#7115 as well. Not sure how this works if @infa-bsurber 's account is being closed though. |
@null-route @ungureanuvladvictor @chrisjohnson Per @infa-bsurber's comments, it sounds like this PR can't foreseeably pass the CLA check so I'm going to close it. The best (and fairly straightforward) route would be for one of you, or someone else, to submit a new PR. I'll be happy to review it. |
Closing due to unsigned CLA. |
With user-assigned identities, the main Identity struct doesn't have a principal id. Instead, OID from the JWT should be compared against the system-assigned msi Principal ID + the Principal ID of any user-assigned msi
Should address hashicorp/vault#8082