-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add parameter to support X-Vault-AWS-IAM-Server-ID #27
Add parameter to support X-Vault-AWS-IAM-Server-ID #27
Conversation
Codecov Report
@@ Coverage Diff @@
## main #27 +/- ##
==========================================
- Coverage 64.86% 64.28% -0.58%
==========================================
Files 1 1
Lines 222 224 +2
Branches 43 44 +1
==========================================
Hits 144 144
- Misses 62 64 +2
Partials 16 16
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggesting a slightly even more specific parameter name, other than that just small nits.
Otherwise looks great, looking forward to the change.
Since we aren't currently testing the AWS components in CI, can you tell me a little about local testing you've done with the change?
Thanks and welcome!
Hi @briantist , Thanks for the welcome and making my first PR to any project a nice experience! I did notice that it would be hard to add a test case for this. What I did locally was:
|
Very happy to hear that, thank you! In any case welcome again and thanks for the contribution.
I would like us to get there. The tests shouldn't be that hard to write, it's more an issue of having an AWS account we can use and coordinating that, especially since we need more than just an instance to run tests on (the easy part), we need a login we use to set up Vault as well. It might be something we can coordinate with RedHat on (and the AWS collections), but I haven't pursued it yet.
👌 perfect, that's great |
SUMMARY
Add support for the optional parameter iam_server_id. The value is used for the X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity request.
ISSUE TYPE
COMPONENT NAME
hashi_vault
ADDITIONAL INFORMATION
Without this feature the following would fail when the Hashi Vault policy requires the X-Vault-AWS-IAM-Server-ID header.
Including the parameter header_value will pass the value along to the HVAC library, which then sends it along as the header. This would return the secret.