Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add canonicalArn as a entity alias name #22460

Merged
merged 3 commits into from
Apr 29, 2024
Merged

Add canonicalArn as a entity alias name #22460

merged 3 commits into from
Apr 29, 2024

Conversation

thegatsbylofiexperience
Copy link
Contributor

Hi,

This is another quality of life change. Using the assumed-role arn as the full_arn option has issues,
if you want predictable entity alias names -> in the case of EC2 and Code Build this is not the case.

This change adds canonical_arn as another option for identity configuration in addition to the others for IAM alias.

Thanks

@thegatsbylofiexperience thegatsbylofiexperience requested a review from a team as a code owner August 19, 2023 04:26
@thegatsbylofiexperience thegatsbylofiexperience mentioned this pull request Aug 19, 2023
Open
@schavis schavis added the needs-eng-review Community PR waiting for ENG review label Aug 31, 2023
@kpcraig
Copy link
Contributor

kpcraig commented Apr 24, 2024
edited
Loading

Hello! I know this has been sitting for a while, and for that I apologize. This looks pretty good so far, although my understanding is there is a potential concern regarding the possibility that a future entity could be created with the same canonical ARN, and inherit access unexpectedly. As a result we'd like some documentation added to vault/website/api-docs and vault/website/docs where appropriate, similar to the warnings at auth/kubernetes.

Unfortunately I don't think I can make change suggestions on unchanged files, or I would offer one directly.

@thegatsbylofiexperience thegatsbylofiexperience force-pushed the add_aws_canonical_arn_as_entity_alias_name branch from ef6aa74 to d81f6bf Compare April 26, 2024 04:45
@thegatsbylofiexperience thegatsbylofiexperience requested a review from a team as a code owner April 26, 2024 04:45
@thegatsbylofiexperience
Copy link
Contributor Author

Hi @kpcraig,

I have added the docs as requested. Please let me know if any more changes are needed.

Regards,
:)

kpcraig
kpcraig approved these changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@kpcraig kpcraig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates; again, sorry for the delay!

@kpcraig
Copy link
Contributor

kpcraig commented Apr 29, 2024

this probably wants a changelog but i'll put it in separately.

@kpcraig kpcraig merged commit 5b845c8 into hashicorp:main Apr 29, 2024
69 of 71 checks passed
@kpcraig kpcraig mentioned this pull request Apr 30, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kpcraig kpcraig kpcraig approved these changes

Assignees
No one assigned
Labels
ecosystem needs-eng-review Community PR waiting for ENG review pr/no-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@thegatsbylofiexperience @kpcraig @biazmoreira @schavis