Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Azure AD Role assignments to Vault Roles #92

Open
ausfestivus opened this issue Mar 6, 2022 · 1 comment
Open

Add support for Azure AD Role assignments to Vault Roles #92

ausfestivus opened this issue Mar 6, 2022 · 1 comment

Comments

@ausfestivus
Copy link

Morning,

We would like to use the Azure Secrets Vault Plugin to generate an SP that can by used by the Azure AD Terraform Provider.

For this to work, we would need to be able to assign Azure AD Roles to the Vault Role definition. This doesn't appear to be currently supported. Note that we are talking about "Azure AD Roles", not "Azure Roles".

I asked about how to do this in the Azure AD Provider and they suggested two alternate paths.

I still think it would be advantageous to be able to create a Vault Role that can utilise the Azure AD Roles.
@TimHodkin
Copy link

I have looked into this also and commented on another issue related to a similar issue:
#102 (comment)

Something like this:

vault write azure/roles/my-role ttl=1h azure_roles=-<<EOF
    [
        {
            "role_name": "Global Reader",
            "scope": "/"
        }
    ]
EOF

@nbutton23 nbutton23 mentioned this issue Mar 14, 2023
Open
@F21 F21 mentioned this issue Nov 13, 2023
Open
This was referenced Feb 8, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TimHodkin @ausfestivus