Skip to content
This repository was archived by the owner on May 15, 2025. It is now read-only.

feat(vault-jwt): Add Vault JWT/OIDC module #297

Merged
merged 9 commits into from
Sep 27, 2024
Merged

feat(vault-jwt): Add Vault JWT/OIDC module #297

merged 9 commits into from
Sep 27, 2024

Conversation

matifali
Copy link
Member

@matifali matifali commented Sep 23, 2024
edited
Loading

This module makes use of existing OIDC access token to authenticate with Vault. It requires setting up a Vault JWT/OIDC auth with the same OIDC provider used with Coder.

This module should let users get non interactive authentication with vault.

I tested this with Okta.

@matifali matifali self-assigned this Sep 23, 2024
@matifali
Fix variable names in Vault JWT module scripts
d3a796e 
- Correct the variable name in `main.tf` and `run.sh` to ensure they are consistent and match expected inputs for Vault CLI interactions.
@matifali matifali marked this pull request as ready for review September 25, 2024 14:38
Parkreiner
Parkreiner reviewed Sep 27, 2024
View reviewed changes
Copy link
Member

@Parkreiner Parkreiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked through the files, and I think they look good. The only thing I'm not sure about is the run.sh file, because I'm definitely not a Bash expert

Don't feel comfortable approving yet, since the Bash script seems to be where the most logic lives. Could we tag in someone like @mafredri to look things over?

vault-jwt/README.md Outdated
curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"
```

![Vault login](#)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this supposed to be an image URL?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I will take care of this.

mafredri
mafredri approved these changes Sep 27, 2024
View reviewed changes
Copy link
Member

@mafredri mafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This, and our scripts in general, could use a bit of an overhaul to be consistent with bash and non-bash features, but other than that, LGTM.

@matifali matifali enabled auto-merge (squash) September 27, 2024 17:46
@matifali matifali disabled auto-merge September 27, 2024 17:47
@matifali
Clarify Hashicorp Vault Integration setup instructions
1dc0256 
- Simplified explanation of using OIDC access token.
- Made language around configuration more direct.
- Enhanced section titles for improved clarity.
@matifali
Bump Vault JWT module version to 1.0.19 in README
864ff24
@matifali matifali enabled auto-merge (squash) September 27, 2024 18:20
@matifali matifali merged commit fb81c89 into main Sep 27, 2024
2 checks passed
@matifali matifali deleted the maa/vault-okta-jwt branch September 27, 2024 18:20
@mafredri mafredri mentioned this pull request Sep 27, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mafredri mafredri mafredri approved these changes

@Parkreiner Parkreiner Parkreiner left review comments

@bcpeinhardt bcpeinhardt Awaiting requested review from bcpeinhardt

Assignees

@matifali matifali

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@matifali @mafredri @Parkreiner