-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Oracle Cloud auth to the Vault Agent #19260
Conversation
ad2abbd
to
5051c67
Compare
5051c67
to
136f21d
Compare
Hi there! This looks great! Sorry for the delay in reviewing, I only just spotted this today. I'm going to get a second set of eyes on this for the OCI-specific stuff that I'm less familiar with, but in principle I like this PR a lot, thank you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Submitted some requested changes - I'm also going to get someone who knows a bit more about OCI to review this, too, and the merge will also be contingent on their approval. Thanks again for the PR!
136f21d
to
22933f3
Compare
Thanks for the review @VioletHynes , I left some comments to ask for clarification for a few things. |
Thanks for the review @VioletHynes ! I pushed a commit to use |
b50cf06
to
5384508
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving - though I'll wait for @swenson 's approval before merging, due to his OCI expertise.
Thanks a bunch for this PR!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM; I haven't been able to test on OCI due to some account issues, but I will do so when I can next. I don't want that to block you though.
Thanks for reviewing @VioletHynes and @swenson ! I look forward to this being released 🚢 . |
Thanks a bunch for this PR. Great work, and thanks for being patient with reviews/approvals :) Merging 🚢 |
* Add Oracle Cloud auth to the Vault Agent * Use ParseDurationSecond to parse credential_poll_interval * Use os.UserHomeDir()
I finally got my OCI access worked out, and verified that this works as expected. Thanks! |
This PR adds the OCI (Oracle Cloud Infrastructure) auto-auth method to the Vault Agent.
It supports authentication via API Keys and Instance Principals.
The end to end test must be executed in an OCI compute instances, as the OCI auth backend in Vault currently only supports Instance Principal authentication. See: https://developer.hashicorp.com/vault/docs/auth/oci#configure-the-oci-tenancy-to-run-vault
To run the tests, set the following environment variables:
OCI_TEST_TENANCY_OCID
OCI_TEST_USER_OCID
OCI_TEST_FINGERPRINT
OCI_TEST_PRIVATE_KEY_PATH
OCI_TEST_OCID_LIST
Test results:
Closes #19195