-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support OIDC auth backends #398
Conversation
Any feedback on this PR? |
Do you plan to add bound_claims to the roles too? |
Our use case does not expect |
I will need that feature but do not want to force anyone to code it. |
Actually, not only As for |
awesome! |
Type: schema.TypeString, | ||
}, | ||
}, | ||
"bound_claims": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wondering if that should be plural or singular
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using plurals to be in line with Vault's documentation - https://www.vaultproject.io/api/auth/jwt/index.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @sergeytrasko ! I noticed this isn't compiling for me when I try to run the tests:
# github.com/terraform-providers/terraform-provider-vault/vault [github.com/terraform-providers/terraform-provider-vault/vault.test]
./resource_jwt_auth_backend.go:27:19: undefined: jwtAuthType
@@ -29,6 +28,15 @@ func jwtAuthBackendResource() *schema.Resource { | |||
ValidateFunc: validateNoTrailingSlash, | |||
}, | |||
|
|||
"type": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be role_type
to correspond with this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure... This type
belongs to auth backend not to a role.
Co-Authored-By: sergeytrasko <[email protected]>
Fixed compilation issue - it was result of incorrect merge from master. |
Awesome |
@tyrannosaurus-becks Does it seem ready from your side? Or is there something missing still? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sergeytrasko this looks great! Thanks for all your work on this!
Support OIDC auth backends
Adding support for OIDC auth backends.
The implementation is an extension of JWT auth backend (reusing most of the logics) + adding some required attributes.
Documentation updated with examples and description of new attributes.
Tested with local Vault 1.1.1