search

hashicorp / vault-plugin-auth-kubernetes

Vault authentication plugin for Kubernetes Service Accounts
https://www.vaultproject.io/docs/auth/kubernetes.html
Mozilla Public License 2.0
206 stars 62 forks source link

Remove cert and pem enforcement #150

Open imthaghost opened 2 years ago

imthaghost commented 2 years ago

Overview

Some users didn't find it necessary for Vault to enforce the CA cert or PEM keys. Examples can be found in the related issues.

Design of Change

We add false booleans to the kubernetes_ca_cert and pem_keys fields. While the required field on the FieldSchema struct are deprecated we added this just for future reference and documentation. We also remove checks that enforced kubernetes_ca_cert to be present instead we just default to the local CA cert if kubernetes_ca_cert is not set which will return an error of x509: certificate signed by unknown authority if the user did supply an appropriate CA cert.

Related Issues

Issue #62 Issue #88

Docs

I don't believe docs need to be added since this is implied in the example below.

Screen Shot 2022-04-21 at 4 11 55 PM

rinormaloku commented 2 years ago

@imthaghost and @tomhjp can we merge this?