mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-08 19:11:49 +01:00
Code Issues Projects Releases Wiki Activity

GCP Auth docs - Move iam_alias and gce_alias to config instead of role (#8862)

Browse Source 
Move `iam_alias` and `gce_alias` to config instead of role
This commit is contained in:
Michael Golowka 2020-04-28 13:55:07 -06:00 committed by GitHub
parent b63bb685dd
commit aa1764e470
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
website/pages/api-docs/auth/gcp/index.mdx
View File

@ -44,6 +44,16 @@ to confirm signed JWTs passed in during login.
The project must have the `iam.googleapis.com` API [enabled](https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com). The project must have the `iam.googleapis.com` API [enabled](https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com).
- `iam_alias` `(string: "unique_id")` - Must be either `unique_id` or `role_id`.
If `unique_id` is specified, the service account's unique ID will be used for
alias names during login. If `role_id` is specified, the ID of the Vault role
will be used. Only used if role `type` is `iam`.
- `gce_alias` `(string: "instance_id")` - Must be either `instance_id` or `role_id`.
If `instance_id` is specified, the GCE instance ID will be used for alias names
during login. If `role_id` is specified, the ID of the Vault role will be used.
Only used if role `type` is `gce`.
### Sample Payload ### Sample Payload
```json ```json
@ -142,11 +152,6 @@ The following parameters are only valid when the role is of type `"iam"`:
allow GCE instances to authenticate by inferring service accounts from the allow GCE instances to authenticate by inferring service accounts from the
GCE identity metadata token. GCE identity metadata token.
- `iam_alias` `(string: unique_id)` - Must be either `unique_id` or `role_id`.
If `unique_id` is specified, the service account's unique ID will be used for
alias names. If `role_id` is specified, the ID of the Vault role will be used.
Only used if `type` is `iam`.
#### `gce`-only Parameters #### `gce`-only Parameters
The following parameters are only valid when the role is of type `"gce"`: The following parameters are only valid when the role is of type `"gce"`:
@ -169,11 +174,6 @@ The following parameters are only valid when the role is of type `"gce"`:
GCP labels are not currently ACL'd, we recommend that this be used in GCP labels are not currently ACL'd, we recommend that this be used in
conjunction with other restrictions. conjunction with other restrictions.
- `gce_alias` `(string: instance_id)` - Must be either `instance_id` or `role_id`.
If `instance_id` is specified, the GCE instance ID will be used for alias names.
If `role_id` is specified, the ID of the Vault role will be used. Only used if
`type` is `gce`.
### Sample Payload ### Sample Payload
Example `iam` role: Example `iam` role: