mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-07 18:41:30 +01:00
Code Issues Projects Releases Wiki Activity

GCP Auth docs - Move iam_alias and gce_alias to config instead of role (#8862)

Browse Source 
Move `iam_alias` and `gce_alias` to config instead of role
This commit is contained in:
Michael Golowka 2020-04-28 13:55:07 -06:00 committed by GitHub
parent b63bb685dd
commit aa1764e470
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
website/pages/api-docs/auth/gcp/index.mdx
View File

@ -44,6 +44,16 @@ to confirm signed JWTs passed in during login.
The project must have the `iam.googleapis.com` API [enabled](https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com).
- `iam_alias` `(string: "unique_id")` - Must be either `unique_id` or `role_id`.
If `unique_id` is specified, the service account's unique ID will be used for
alias names during login. If `role_id` is specified, the ID of the Vault role
will be used. Only used if role `type` is `iam`.
- `gce_alias` `(string: "instance_id")` - Must be either `instance_id` or `role_id`.
If `instance_id` is specified, the GCE instance ID will be used for alias names
during login. If `role_id` is specified, the ID of the Vault role will be used.
Only used if role `type` is `gce`.
### Sample Payload
```json
@ -142,11 +152,6 @@ The following parameters are only valid when the role is of type `"iam"`:
allow GCE instances to authenticate by inferring service accounts from the
GCE identity metadata token.
- `iam_alias` `(string: unique_id)` - Must be either `unique_id` or `role_id`.
If `unique_id` is specified, the service account's unique ID will be used for
alias names. If `role_id` is specified, the ID of the Vault role will be used.
Only used if `type` is `iam`.
#### `gce`-only Parameters
The following parameters are only valid when the role is of type `"gce"`:
@ -169,11 +174,6 @@ The following parameters are only valid when the role is of type `"gce"`:
GCP labels are not currently ACL'd, we recommend that this be used in
conjunction with other restrictions.
- `gce_alias` `(string: instance_id)` - Must be either `instance_id` or `role_id`.
If `instance_id` is specified, the GCE instance ID will be used for alias names.
If `role_id` is specified, the ID of the Vault role will be used. Only used if
`type` is `gce`.
### Sample Payload
Example `iam` role: