You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I'm trying to deploy a ssh role per identity. It turns out my identifier is an email.
When creating a role with the '@' symbol in it, Vault complains about the path.
Error: error writing role "user@domain.com" for backend "ssh-client-signer": Error making API request.
URL: PUT https://vault.internal.domain.com/v1/ssh-client-signer/roles/user@domain.com
Code: 404. Errors:
* 1 error occurred:
* unsupported path
Describe the solution you'd like
I'd like Vault to accept the @ character
Describe alternatives you've considered
I could try to replace the character and use a different id across my Vault config, but it's an additional step to take into account.
Explain any additional use-cases
If there are any use-cases that would help us understand the use/need/value please share them as they can help us decide on acceptance and prioritization.
Additional context
I'm logging in through oidc with GSuite SSO and the only ids in the response are a user id (bunch of numbers) or the email. User ids, while immutable, are one more step to correlate to trace back to a user.
This has already been done in the following issue: #5645
The text was updated successfully, but these errors were encountered:
This will not work, since @ is not accepted. Furthermore, since templating does not support calling functions (such as replace), I cannot find an easy way to allow a specific user to a list of roles using templates.
Is your feature request related to a problem? Please describe.
I'm trying to deploy a ssh role per identity. It turns out my identifier is an email.
When creating a role with the '@' symbol in it, Vault complains about the path.
Describe the solution you'd like
I'd like Vault to accept the @ character
Describe alternatives you've considered
I could try to replace the character and use a different id across my Vault config, but it's an additional step to take into account.
Explain any additional use-cases
If there are any use-cases that would help us understand the use/need/value please share them as they can help us decide on acceptance and prioritization.
Additional context
I'm logging in through oidc with GSuite SSO and the only ids in the response are a user id (bunch of numbers) or the email. User ids, while immutable, are one more step to correlate to trace back to a user.
This has already been done in the following issue:
#5645
The text was updated successfully, but these errors were encountered: