Make reception of an empty valid principals configurable based on a role flag. (#28466)

* Make reception of an empty valid principals configurable based on a role flag. Adds allow_empty_principals, which if true allows valid_principals on credential generation calls to be empty. * changelog * Allow empty principals on unrelated unit test * whitespace
2025-11-02 03:27:54 +00:00 · 2024-09-23 17:20:11 -05:00
parent 2e6ba29f5b
commit 12f03b073a
7 changed files with 133 additions and 15 deletions
--- a/builtin/logical/ssh/path_config_ca_test.go
+++ b/builtin/logical/ssh/path_config_ca_test.go
@@ -259,6 +259,7 @@ func TestSSH_ConfigCAKeyTypes(t *testing.T) {
 		"key_type":                "ca",
 		"ttl":                     "30s",
 		"not_before_duration":     "2h",
+		"allow_empty_principals":  true,
 	}
 	roleReq := &logical.Request{
 		Operation: logical.UpdateOperation,