search

jenkinsci / hashicorp-vault-plugin

Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault.
https://plugins.jenkins.io/hashicorp-vault-plugin/
MIT License
217 stars 143 forks source link

Parameterized loginByJwt method #304

Open ns-jlizarraga opened 1 year ago

ns-jlizarraga commented 1 year ago

What feature do you want to see added?

The loginByJwt method doesn't support a parameter to specify a different endpoint when sending the request to Vault after getting the JWT token, it always goes to a hardcoded endpoint:

"/v1/auth/" + provider + "/login")

https://github.com/BetterCloud/vault-java-driver/blob/900ffe9a47dced88484588b315803210e17b349a/src/main/java/com/bettercloud/vault/api/Auth.java#L1030-L1039

This means, that the plugin is expecting to have any Vault auth methods to be mounted or configured at the default location.

In our scenario, we use the GCP method, but the mount point is configured to auth/gcp/company_name/login, therefore when using the plugin we always get a 403 response from Vault, as the request goes to auth/gcp/login.

Upstream changes

No response

gfdsa commented 6 months ago

some people forked the abandoned original and implemented this there https://github.com/jopenlibs/vault-java-driver/pull/27/files

jetersen commented 6 months ago

Would welcome a PR that uses https://github.com/jopenlibs/vault-java-driver at least is seems well maintain 👏