add plugin identity token params

2025-11-02 03:27:54 +00:00 · 2024-01-03 16:35:44 -08:00
parent de8c8d86f8
commit 80b52313fe
3 changed files with 25 additions and 14 deletions
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ replace github.com/hashicorp/vault/api/auth/userpass => ./api/auth/userpass

 replace github.com/hashicorp/vault/sdk => ./sdk

-// replace github.com/hashicorp/vault-plugin-secrets-azure => /Users/agebauer/Workspace/hashicorp/plugins/vault-plugin-secrets-azure
+replace github.com/hashicorp/vault-plugin-secrets-azure => /Users/agebauer/Workspace/hashicorp/plugins/vault-plugin-secrets-azure

 require (
 	cloud.google.com/go/cloudsqlconn v1.4.3
@@ -158,7 +158,7 @@ require (
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/hashicorp/vault/api/auth/approle v0.1.0
 	github.com/hashicorp/vault/api/auth/userpass v0.1.0
-	github.com/hashicorp/vault/sdk v0.10.0
+	github.com/hashicorp/vault/sdk v0.10.2-0.20240103225259-de8c8d86f886
 	github.com/hashicorp/vault/vault/hcp_link/proto v0.0.0-20230201201504-b741fa893d77
 	github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab
 	github.com/jackc/pgx/v4 v4.18.1
@@ -247,6 +247,7 @@ require (
 	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 // indirect
--- a/go.sum
+++ b/go.sum
@@ -777,6 +777,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2/go.mod h1:eWRD7oawr1Mu1sLC
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 h1:6A4M8smF+y8nM/DYsLNQz9n7n2ZGaEVqfz8ZWQirQkI=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1/go.mod h1:WqyxV5S0VtXD2+2d6oPqOvyhGubCvzLCKSAKgQ004Uk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1 h1:UPeCRD+XY7QlaGQte2EVI2iOcWvUYA2XY8w5T/8v0NQ=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1/go.mod h1:oGV6NlB0cvi1ZbYRR2UN44QHxWFyGk+iylgD0qaMXjA=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNLjCUeKhgnAJWAKhEUQM+RJQo2H1fuGSw1Ky1E=
@@ -2158,8 +2160,6 @@ github.com/hashicorp/vault-plugin-secrets-ad v0.16.1 h1:Ns0/JcpOrC3+yCYcV9+Sbehf
 github.com/hashicorp/vault-plugin-secrets-ad v0.16.1/go.mod h1:WeR9mm1FT3jmuf0SDJmqy7N/9Y34Qv8elt43/k/oaW0=
 github.com/hashicorp/vault-plugin-secrets-alicloud v0.15.1 h1:LrcvOhx1hy8NvENdORrJUcpuY4JHDD5NvDILdlOgefw=
 github.com/hashicorp/vault-plugin-secrets-alicloud v0.15.1/go.mod h1:YKoctp9/8VkjIx827IrNCqSow/Z88wCz3Qb/sAFLe6o=
-github.com/hashicorp/vault-plugin-secrets-azure v0.16.3 h1:XqVsmkGK5szTZe3YpMlHB5v+QceujZDR7ghY/YOg7jk=
-github.com/hashicorp/vault-plugin-secrets-azure v0.16.3/go.mod h1:VuFiqDd4xvBxpb/F/QEeHE7wXgqqbPYIV61COLvY0tY=
 github.com/hashicorp/vault-plugin-secrets-gcp v0.17.0 h1:Z7IqtShXD8uDzLfKskk8rt84hZbXMHCtJT4YQrUigPs=
 github.com/hashicorp/vault-plugin-secrets-gcp v0.17.0/go.mod h1:VRSCqW/rYThWK/bmBiBKI1dKOg383xnedA/G9ghJrug=
 github.com/hashicorp/vault-plugin-secrets-gcpkms v0.15.1 h1:qUFOjiz5+wgZsRpOF0hCFeot9vZEyhqfJ4w/UFJAjfc=
--- a/sdk/helper/pluginidentityutil/fields.go
+++ b/sdk/helper/pluginidentityutil/fields.go
@@ -9,18 +9,21 @@ import (
 	"github.com/hashicorp/vault/sdk/framework"
 )

-func AddPluginIdentityTokenFields(m map[string]*framework.FieldSchema) {
-	f := PluginIdentityTokenFields()
-	for k, v := range f {
-		if _, ok := m[k]; ok {
-			panic(fmt.Sprintf("adding field %q would overwrite existing field", k))
-		}
-		m[k] = v
-	}
+// PluginIdentityTokenParams contains a set of common parameters that plugins
+// can use for setting plugin identity token behavior
+type PluginIdentityTokenParams struct {
+	// IdentityTokenKey is the named key used to sign tokens
+	IdentityTokenKey string `json:"identity_token_key"`
+	// IdentityTokenTTLSeconds is the duration that tokens will be valid for
+	IdentityTokenTTLSeconds int `json:"identity_token_ttl_seconds"`
+	// IdentityTokenAudience identifies the recipient of the token
+	IdentityTokenAudience string `json:"identity_token_audience"`
 }

-func PluginIdentityTokenFields() map[string]*framework.FieldSchema {
-	return map[string]*framework.FieldSchema{
+// AddPluginIdentityTokenFields adds plugin identity token fields to the given
+// field schema map.
+func AddPluginIdentityTokenFields(m map[string]*framework.FieldSchema) {
+	fields := map[string]*framework.FieldSchema{
 		"identity_token_audience": {
 			Type:        framework.TypeString,
 			Description: "",
@@ -46,4 +49,11 @@ func PluginIdentityTokenFields() map[string]*framework.FieldSchema {
 			Default: 3600,
 		},
 	}
+
+	for name, schema := range fields {
+		if _, ok := m[name]; ok {
+			panic(fmt.Sprintf("adding field %q would overwrite existing field", name))
+		}
+		m[name] = schema
+	}
 }