New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support VMSS Flex Authentications #63

Merged

austingebauer merged 5 commits into hashicorp:main from zmyzheng:vmssflex-auth

Oct 12, 2022

Contributor

zmyzheng commented Oct 3, 2022 •

edited

Loading

Overview

Support VMSS Flex Authentications

Design of Change

How was this change implemented?
When using VMSS Flex with user assigned identity, the service principle Id cannot be dirrectly retrieved from Get-VMSS call. In this PR, we get the user assigned managed identity id and use MSI client to retrieve the service principle info. This change can be applied to both VMSS Uniform and VMSS Flex

Related Issues/Pull Requests

Contributor Checklist

[-] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
My Docs PR Link
Example
[-] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
[-] Backwards compatible


          Support VMSS Flex Authentications

e219368

hashicorp-cla commented Oct 3, 2022 •

edited

Loading

All committers have signed the CLA.

austingebauer self-requested a review

October 11, 2022 00:17

austingebauer reviewed

View reviewed changes

Member

austingebauer left a comment

Thanks for opening this PR, @zmyzheng. I've left some initial feedback and questions.

path_login.go Show resolved Hide resolved

path_login.go Outdated Show resolved Hide resolved

path_login.go Outdated Show resolved Hide resolved

path_login.go Outdated Show resolved Hide resolved

azure.go Outdated Show resolved Hide resolved

path_login.go Outdated Show resolved Hide resolved


          Support VMSS Flex Authentications

496b8b2

austingebauer reviewed

View reviewed changes

path_login.go Outdated Show resolved Hide resolved

austingebauer reviewed

View reviewed changes

path_login.go Outdated Show resolved Hide resolved


          fallback to use msi to query principleID only if the Get-VMSS does no…

ebef554

…t return principleID

austingebauer reviewed

View reviewed changes

path_login.go Show resolved Hide resolved


          add comments when the logic fallback to use msi

811abaa

austingebauer reviewed

View reviewed changes

azure_test.go Outdated Show resolved Hide resolved

austingebauer reviewed

View reviewed changes

path_login.go Outdated Show resolved Hide resolved


          update the dependency and remove the variable forom error message

758c572

austingebauer approved these changes

View reviewed changes

Member

austingebauer left a comment

LGTM. Thanks again for this contribution, @zmyzheng.

I'm happy to contribute the Vault documentation for this if you haven't started on it already. Let me know.

Contributor Author

zmyzheng commented Oct 11, 2022 •

edited

Loading

LGTM. Thanks again for this contribution, @zmyzheng.

I'm happy to contribute the Vault documentation for this if you haven't started on it already. Let me know.

Thanks @austingebauer so much for reviewing the PR. It will be great if you can update the Vault document.

austingebauer merged commit f7a9c89 into hashicorp:main

Member

austingebauer commented Oct 12, 2022

@zmyzheng - Happy to help. I will update the Vault documentation 👍

austingebauer mentioned this pull request

auth/azure: documents auth support for VMSS flexible orchestration hashicorp/vault#17540

Merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet