Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add canonicalArn as a entity alias name #22460

Conversation

thegatsbylofiexperience
Copy link
Contributor

Hi,

This is another quality of life change. Using the assumed-role arn as the full_arn option has issues,
if you want predictable entity alias names -> in the case of EC2 and Code Build this is not the case.

This change adds canonical_arn as another option for identity configuration in addition to the others for IAM alias.

Thanks

@kpcraig
Copy link
Contributor

kpcraig commented Apr 24, 2024

Hello! I know this has been sitting for a while, and for that I apologize. This looks pretty good so far, although my understanding is there is a potential concern regarding the possibility that a future entity could be created with the same canonical ARN, and inherit access unexpectedly. As a result we'd like some documentation added to vault/website/api-docs and vault/website/docs where appropriate, similar to the warnings at auth/kubernetes.

Unfortunately I don't think I can make change suggestions on unchanged files, or I would offer one directly.

@thegatsbylofiexperience thegatsbylofiexperience force-pushed the add_aws_canonical_arn_as_entity_alias_name branch from ef6aa74 to d81f6bf Compare April 26, 2024 04:45
@thegatsbylofiexperience thegatsbylofiexperience requested a review from a team as a code owner April 26, 2024 04:45
@thegatsbylofiexperience
Copy link
Contributor Author

Hi @kpcraig,

I have added the docs as requested. Please let me know if any more changes are needed.

Regards,
:)

Copy link
Contributor

@kpcraig kpcraig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates; again, sorry for the delay!

@kpcraig
Copy link
Contributor

kpcraig commented Apr 29, 2024

this probably wants a changelog but i'll put it in separately.

@kpcraig kpcraig merged commit 5b845c8 into hashicorp:main Apr 29, 2024
69 of 71 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ecosystem needs-eng-review Community PR waiting for ENG review pr/no-changelog
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants