Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIF support for AWS secrets engine #24987

Merged
merged 10 commits into from
Jan 29, 2024
Merged

Conversation

vinay-gopalan
Copy link
Contributor

This PR adds plugin WIF support to the AWS secrets engine. This adds the following new fields to the config/root endpoint to enable configuring Workload Identity Federation:

  • identity_token_audience
  • identity_token_ttl
  • role_arn

The PR also adds a test to ensure that these fields can be set/read to the config and that providing mutually exclusive fields results in an error.

The PR also adds the PluginIdentityTokenFetcher that fetches the plugin identity token and passes it to the awsutil package to generate a credential chain. The full functionality of this feature is linked to this PR on the go-secure-stdlib: PR link, and will be available when those updates are merged and pulled into Vault.

@vinay-gopalan vinay-gopalan requested a review from a team as a code owner January 22, 2024 23:25
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jan 22, 2024
@vinay-gopalan vinay-gopalan added this to the 1.16.0-rc1 milestone Jan 22, 2024
Copy link

github-actions bot commented Jan 22, 2024

CI Results:
All Go tests succeeded! ✅

Copy link

github-actions bot commented Jan 29, 2024

Build Results:
All builds succeeded! ✅

@austingebauer austingebauer merged commit fcf7cf6 into main Jan 29, 2024
110 checks passed
@austingebauer austingebauer deleted the VAULT-22624/add-aws-wif-support branch January 29, 2024 19:34
Monkeychip pushed a commit that referenced this pull request Jan 30, 2024
* add new plugin wif fields to AWS Secrets Engine

* add changelog

* go get awsutil v0.3.0

* fix up changelog

* fix test and field parsing helper

* godoc on new test

* require role arn when audience set

* make fmt

---------

Co-authored-by: Austin Gebauer <[email protected]>
Co-authored-by: Austin Gebauer <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants