Facilitate use of User Managed Identities #277
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stevendpclark
previously approved these changes
Jan 30, 2025
Yeah, testing it in Azure was a pain too, even w/ terraform, but I did set up one user managed identity, tested it with and without client_id (and no client_secret), then two, one with permissions to access key vault and one without, so I could verify that the client_id was taking effect to select each one. |
jefferai
approved these changes
Jan 31, 2025
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 9, 2025
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 9, 2025
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 9, 2025
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 9, 2025
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 9, 2025
* wip * tidy Original commit: 0ea6bba
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 13, 2025
* wip * tidy Original commit: 0ea6bba
cipherboy
added a commit
to openbao/go-kms-wrapping
that referenced
this pull request
Feb 13, 2025
* wrappers/transit: support context cancelation (hashicorp#259) This makes the transit client respect context cancelation, which is a critical feature of any I/O API. Original commit: 05c77e8 * Support parseutil.ParsePath for sensitive values in wrapper configs (hashicorp#272) and Use ParsePaths to source sensitive wrapper config values from Env/File if desired (hashicorp#275) * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * rollback wrapper changes until we have a tagged top level package * Improve ParsePaths behavior in errors, and add a usage comment Original commit: a1337fd --- * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * update go.mods to point to a fixed tag for ParsePath * go mod tidy * pr feedback Original commit: 9aac87b * Facilitate use of User Managed Identities (hashicorp#277) * wip * tidy Original commit: 0ea6bba * Fix the fact that some GCP env vars are immune to disallowEnvVars (hashicorp#250) Original commit: 24f9019 * Fix transit context cancellation test Signed-off-by: Alexander Scheel <[email protected]> * Add wrapping.ParsePaths(...) to pkcs11 Signed-off-by: Alexander Scheel <[email protected]> * Bump openbao/api & openbao/sdk to latest versions Signed-off-by: Alexander Scheel <[email protected]> --------- Signed-off-by: Alexander Scheel <[email protected]> Co-authored-by: Johan Brandhorst-Satzkorn <[email protected]> Co-authored-by: Scott Miller <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
User managed identities in Azure are referenced only by client_id (if at
all), and don't use a client_secret. When client_secret is absent in wrapper
config, attempt to use this form of credential.
Fixes https://hashicorp.atlassian.net/browse/VAULT-32283 and https://hashicorp.atlassian.net/browse/VAULT-33015