Question: does the plugin support OCI Resource Principal?

[veny]

Vault version: 1.3.2
Underlying OS: Oracle Linux 7.9

I am able to authenticate against Vault from an OCI VM with use of Instance Principle. my setup follows this guideline and it works:

• https://www.vaultproject.io/docs/auth/oci

Then I changed my Dynamic Group definition to an OCI resource like this:

Any {resource.compartment.id = 'ocid1.compartment.oc1..aaaaaaaarqa72sgaavyXXXXXXXXXXXX7kdlg2t6a'}

and I started exactly the same Python code previously working on a VM with Instance Principal as a ML Job having a Resource Principle:

#signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner()
signer = oci.auth.signers.get_resource_principals_signer()
endpoint = "http://hostname:8200/v1/auth/oci/login/devrole"
response = requests.get(endpoint, auth=signer)
date = response.request.headers['date']
authorization = response.request.headers['authorization']
body = {
    "request_headers":{
        "Date":[date],
        "(request-target)":["get /v1/auth/oci/login/devrole"],
        "host":["hostname:8200"],
        "Content-Type":["application/json"],
        "Authorization":[authorization]
    }
}
response = requests.put(endpoint, json=body) # fails with 401

the first GET request delivers signature like this:

Signature algorithm=\"rsa-sha256\",headers=\"date (request-target) host\",keyId=\"ST$eyJraWQiOiJhc3d...SHORTENED...96lXYVCf+qAvHkFJw23JYovm6w==\",version=\"1\"

and in the PUT request I get 401 Unauthorized.

Does the plugin work also with Resource Principal?