mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-29 06:31:10 +01:00
Code Issues Projects Releases Wiki Activity

Document adding metadata to entity alias within cert auth (#18308)

Browse Source 
* Document adding metadata to entity alias within cert auth

* Update website/content/api-docs/auth/cert.mdx

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>
This commit is contained in:
Steven Clark 2022-12-12 13:08:00 -05:00 committed by GitHub
parent 8ea899588a
commit 6795afe14d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
builtin/credential/cert/path_certs.go
View File

@ -143,7 +143,7 @@ All values much match. Supports globbing on "value".`,
"allowed_metadata_extensions": { "allowed_metadata_extensions": {
Type: framework.TypeCommaStringSlice, Type: framework.TypeCommaStringSlice,
Description: `A comma-separated string or array of oid extensions. Description: `A comma-separated string or array of oid extensions.
Upon successfull authentication, these extensions will be added as metadata if they are present Upon successful authentication, these extensions will be added as metadata if they are present
in the certificate. The metadata key will be the string consisting of the oid numbers in the certificate. The metadata key will be the string consisting of the oid numbers
separated by a dash (-) instead of a dot (.) to allow usage in ACL templates.`, separated by a dash (-) instead of a dot (.) to allow usage in ACL templates.`,
}, },

8
website/content/api-docs/auth/cert.mdx
View File

@ -61,6 +61,11 @@ Sets a CA cert and associated parameters in a role name.
string or array of `oid:value`. Expects the extension value to be some type string or array of `oid:value`. Expects the extension value to be some type
of ASN1 encoded string. All conditions _must_ be met. Supports globbing on of ASN1 encoded string. All conditions _must_ be met. Supports globbing on
`value`. `value`.
- `allowed_metadata_extensions` `(array:[])` - A comma separated string or
array of oid extensions. Upon successful authentication, these extensions
will be added as metadata if they are present in the certificate. The
metadata key will be the string consisting of the oid numbers separated
by a dash (-) instead of a dot (.) to allow usage in ACL templates.
- `display_name` `(string: "")` - The `display_name` to set on tokens issued - `display_name` `(string: "")` - The `display_name` to set on tokens issued
when authenticating against this CA certificate. If not set, defaults to the when authenticating against this CA certificate. If not set, defaults to the
name of the role. name of the role.
@ -328,6 +333,9 @@ Configuration options for the method.
- `disable_binding` `(boolean: false)` - If set, during renewal, skips the - `disable_binding` `(boolean: false)` - If set, during renewal, skips the
matching of presented client identity with the client identity used during matching of presented client identity with the client identity used during
login. login.
- `enable_identity_alias_metadata` `(boolean: false)` - If set, metadata of
the certificate including the metadata corresponding to
`allowed_metadata_extensions` will be stored in the alias
### Sample Payload ### Sample Payload