Skip to content

Commit

Permalink
Add 'iam_alias' and 'gce_alias' fields to API docs (#8822)
Browse files Browse the repository at this point in the history
  • Loading branch information
pcman312 authored and Brian Kassouf committed Apr 30, 2020
1 parent 5928c32 commit 72db5d9
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions website/pages/api-docs/auth/gcp/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,11 @@ The following parameters are only valid when the role is of type `"iam"`:
allow GCE instances to authenticate by inferring service accounts from the
GCE identity metadata token.

- `iam_alias` `(string: unique_id)` - Must be either `unique_id` or `role_id`.
If `unique_id` is specified, the service account's unique ID will be used for
alias names. If `role_id` is specified, the ID of the Vault role will be used.
Only used if `type` is `iam`.

#### `gce`-only Parameters

The following parameters are only valid when the role is of type `"gce"`:
Expand All @@ -164,6 +169,11 @@ The following parameters are only valid when the role is of type `"gce"`:
GCP labels are not currently ACL'd, we recommend that this be used in
conjunction with other restrictions.

- `gce_alias` `(string: instance_id)` - Must be either `instance_id` or `role_id`.
If `instance_id` is specified, the GCE instance ID will be used for alias names.
If `role_id` is specified, the ID of the Vault role will be used. Only used if
`type` is `gce`.

### Sample Payload

Example `iam` role:
Expand Down Expand Up @@ -316,9 +326,11 @@ $ curl \
},
"bound_service_accounts": ["[email protected]"],
"bound_zones": ["eu-west2-a", "us-east1-b"],
"gce_alias": "instance_id",
"max_ttl": 86400,
"policies": ["prod"],
"project_id": "project-123456",
"role_id": "6bbfab2b-ca32-6044-4829-4515728d87b1",
"type": "gce",
"ttl": 1800
}
Expand Down

0 comments on commit 72db5d9

Please sign in to comment.