scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

plugin/wif: support external plugins (#26384)

Browse Source 
* plugin/wif: support external plugins

* changelog
This commit is contained in:
John-Michael Faircloth
2024-04-12 16:16:26 -05:00
committed by GitHub
parent e4f9d024c8
commit 1ee302dfcd
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/26384.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
plugin/wif: fix a bug where the namespace was not set for external plugins using workload identity federation
```

2
sdk/plugin/grpc_system.go
View File

@@ -421,7 +421,7 @@ func (s *gRPCSystemViewServer) GenerateIdentityToken(ctx context.Context, req *p
}) })
if err != nil { if err != nil {
return &pb.GenerateIdentityTokenResponse{}, status.Errorf(codes.Internal, return &pb.GenerateIdentityTokenResponse{}, status.Errorf(codes.Internal,
"failed to generate plugin identity token") err.Error())
} }
return &pb.GenerateIdentityTokenResponse{ return &pb.GenerateIdentityTokenResponse{

9
vault/dynamic_system_view.go
View File

@@ -459,12 +459,17 @@ func (d dynamicSystemView) ClusterID(ctx context.Context) (string, error) {
} }
func (d dynamicSystemView) GenerateIdentityToken(ctx context.Context, req *pluginutil.IdentityTokenRequest) (*pluginutil.IdentityTokenResponse, error) { func (d dynamicSystemView) GenerateIdentityToken(ctx context.Context, req *pluginutil.IdentityTokenRequest) (*pluginutil.IdentityTokenResponse, error) {
storage := d.core.router.MatchingStorageByAPIPath(ctx, mountPathIdentity) mountEntry := d.mountEntry
if mountEntry == nil {
return nil, fmt.Errorf("no mount entry")
}
nsCtx := namespace.ContextWithNamespace(ctx, mountEntry.Namespace())
storage := d.core.router.MatchingStorageByAPIPath(nsCtx, mountPathIdentity)
if storage == nil { if storage == nil {
return nil, fmt.Errorf("failed to find storage entry for identity mount") return nil, fmt.Errorf("failed to find storage entry for identity mount")
} }
token, ttl, err := d.core.IdentityStore().generatePluginIdentityToken(ctx, storage, d.mountEntry, req.Audience, req.TTL) token, ttl, err := d.core.IdentityStore().generatePluginIdentityToken(nsCtx, storage, d.mountEntry, req.Audience, req.TTL)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to generate plugin identity token: %w", err) return nil, fmt.Errorf("failed to generate plugin identity token: %w", err)
} }