New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: OIDC provider client API #12272
Conversation
It is not needed at this time.
- convert Callbacks to Operations - add test case for update operations
- add changelog - be more explicit in the case where we do not recieve a path field
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good! Just a few more comments.
@@ -8,6 +8,414 @@ import ( | |||
"github.com/hashicorp/vault/sdk/logical" | |||
) | |||
|
|||
// TestOIDC_Path_OIDC_ProviderClient_NoKeyParameter tests that a client cannot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice test cases 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a note around the key requirement that we'll want to re-visit later, but otherwise it's 👍 !
} | ||
|
||
if client.Key == "" { | ||
return logical.ErrorResponse("the key parameter is required"), nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we are going to create a default key and assign this on the client if not specified, then this may end up being optional.
* initial commit * add read and delete operations * fix bug in delete and add list unit test * func doc typo fix * add existence check for assignment * remove locking on the assignment resource It is not needed at this time. * convert Callbacks to Operations - convert Callbacks to Operations - add test case for update operations * add CRUD operations and test cases * add client api and tests * remove use of oidcCache * remove use of oidcCache * add template validation and update tests * remove usage of oidcCache * refactor struct and var names * harmonize test name conventions * refactor struct and var names * add changelog and refactor - add changelog - be more explicit in the case where we do not recieve a path field * refactor be more explicit in the case where a field is not provided * remove extra period from changelog * update scope path to be OIDC provider specific * refactor naming conventions * update assignment path * update scope path * enforce key existence on client creation * removed unused name field * removed unused name field * removed unused name field * prevent assignment deletion when ref'ed by a client * enfoce assignment existence on client create/update * update scope template description * error when attempting to created scope with openid reserved name * fix UT failures after requiring assignment existence * disallow key deletion when ref'ed by existing client * generate client_id and client_secret on CreateOp * do not allow key modification on client update * return client_id and client_secret on read ops * small refactor * fix bug in delete assignment op * remove client secret get call
Depends on PR #12266
Description
The client API allows Vault users to register clients, which represent an application that desires to authenticate and obtain identity information for its end-users.
Acceptance Criteria:
Manual tests
Depends on PR #12266