New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for using MS Graph instead of AAD #67
Commits on Aug 30, 2021
-
Use the MS Graph API for atomic add/remove password operations
Azure Active Directory Graph API, now deprecated, does not provide support for atomically creating/removing passwords on an application. As a result, there is a race conditions that can occur when creds are being created for roles configured with an existing service principal that is configured on multiple mounts or across multiple Vault clusters. Unfortunately, [`Azure/azure-sdk-for-go`](https://github.com/Azure/azure-sdk-for-go) does not yet offer a MS Graph API client, therefore, this PR utilizes [`Azure/go-autorest`](https://github.com/Azure/go-autorest) to construct a client the same as [`Azure/azure-sdk-for-go`](https://github.com/Azure/azure-sdk-for-go). This changeset preserves using the AAD Graph API by default but provides a mount configuration option for toggling to the new MS Graph API. This is because the two APIs require different API permissions. This allows users to upgrade to the new plugin version and then switch to the new API. Additionally, although using the MS Graph API is a net benefit, it itself has reliability issues when handling multiple requests in parallel. More details can be found in https://github.com/mdgreenfield/microsoft-graph-api-reliability and I am working with Microsoft to try to get some of these reliability issues resolved. Fixes #58
Configuration menu - View commit details
-
Copy full SHA for b5fa247 - Browse repository at this point
Copy the full SHA b5fa247View commit details
Commits on Sep 3, 2021
-
Configuration menu - View commit details
-
Copy full SHA for adc4910 - Browse repository at this point
Copy the full SHA adc4910View commit details
Commits on Sep 15, 2021
-
Configuration menu - View commit details
-
Copy full SHA for 58d747b - Browse repository at this point
Copy the full SHA 58d747bView commit details -
Configuration menu - View commit details
-
Copy full SHA for fec9a43 - Browse repository at this point
Copy the full SHA fec9a43View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0c52a46 - Browse repository at this point
Copy the full SHA 0c52a46View commit details
Commits on Sep 20, 2021
-
Configuration menu - View commit details
-
Copy full SHA for b2a290a - Browse repository at this point
Copy the full SHA b2a290aView commit details
Commits on Sep 22, 2021
-
Configuration menu - View commit details
-
Copy full SHA for 2b07268 - Browse repository at this point
Copy the full SHA 2b07268View commit details
Commits on Sep 23, 2021
-
Configuration menu - View commit details
-
Copy full SHA for 3f4f563 - Browse repository at this point
Copy the full SHA 3f4f563View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.