Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: OIDC Provider API #12279

Merged
merged 60 commits into from
Aug 26, 2021
Merged

feature: OIDC Provider API #12279

merged 60 commits into from
Aug 26, 2021

Conversation

vinay-gopalan
Copy link
Contributor

@vinay-gopalan vinay-gopalan commented Aug 6, 2021
edited

Description

The provider API allows Vault admins to configure which Vault issuer, client IDs and scopes are permitted to authenticate via a specific client.

Acceptance Criteria:

A Vault user can perform operations using the provider API as specified in the RFC.

Manual Test

$ vault write identity/oidc/provider/my-provider \
    allowed_client_ids="*" \
    scopes="my-groups" \
    issuer="test-issuer"
Success! Data written to: identity/oidc/provider/my-provider

$ vault list identity/oidc/provider               
Keys
----
my-provider

$ vault read identity/oidc/provider/my-provider   
Key                   Value
---                   -----
allowed_client_ids    [*]
issuer                test-issuer
scopes                [my-groups]

$ vault delete identity/oidc/provider/my-provider 
Success! Data deleted (if it existed) at: identity/oidc/provider/my-provider

$ vault list identity/oidc/provider               
No value found at identity/oidc/provider

$ vault read identity/oidc/provider/my-provider   
No value found at identity/oidc/provider/my-provider

@vercel vercel bot temporarily deployed to Preview – vault-storybook August 9, 2021 17:53 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 9, 2021 17:53 Inactive
@fairclothjm
add changelog and refactor
e0c0e72 
- add changelog
- be more explicit in the case where we do not recieve a path field
@fairclothjm
Merge branch 'oidc-provider-assignment-api' into oidc-provider-scope-api
591a5c5
@fairclothjm
refactor
ced1882 
be more explicit in the case where a field is not provided
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 23, 2021 23:27 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 23, 2021 23:48 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 23, 2021 23:48 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 24, 2021 23:16 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 24, 2021 23:16 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 25, 2021 00:09 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 25, 2021 00:09 Inactive
austingebauer
austingebauer reviewed Aug 25, 2021
View reviewed changes
vault/identity_store_oidc_provider.go Outdated Show resolved Hide resolved
vault/identity_store_oidc_provider.go Outdated Show resolved Hide resolved
vault/identity_store_oidc_provider.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 25, 2021 21:32 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 25, 2021 21:32 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 25, 2021 22:03 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 25, 2021 22:03 Inactive
@vercel vercel bot temporarily deployed to Preview – vault August 25, 2021 23:24 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 25, 2021 23:24 Inactive
austingebauer
austingebauer approved these changes Aug 25, 2021
View reviewed changes
Copy link
Member

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

vault/identity_store_oidc_provider_test.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault August 25, 2021 23:50 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 25, 2021 23:50 Inactive
@vinay-gopalan vinay-gopalan merged commit 5080c3e into main Aug 26, 2021
@vinay-gopalan vinay-gopalan deleted the oidc-provider-api branch August 26, 2021 17:14
jartek pushed a commit to jartek/vault that referenced this pull request Sep 11, 2021
@vinay-gopalan @jartek
feature: OIDC Provider API (hashicorp#12279)
3bfc318
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonodonnell jasonodonnell jasonodonnell left review comments

@fairclothjm fairclothjm fairclothjm approved these changes

@austingebauer austingebauer austingebauer approved these changes

Assignees
No one assigned
Labels
pr/no-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vinay-gopalan @jasonodonnell @fairclothjm @austingebauer