-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support "user_claim_json_pointer" in create_role() for JWT auth method #998
Conversation
Codecov Report
@@ Coverage Diff @@
## main #998 +/- ##
==========================================
+ Coverage 81.98% 82.08% +0.09%
==========================================
Files 65 65
Lines 3019 3019
==========================================
+ Hits 2475 2478 +3
+ Misses 544 541 -3
|
Hi @ferenc-hechler ! Welcome and thanks for submitting this. I hope to look this over a more thoroughly as soon as I get a little time. In the meantime, please ensure you set up your local environment and run the lint/format before pushing:
Let me know if you need a hand with that. I am curious, why make the parameter accept strings in addition to bool? The API documentation seems to expect a bool only, and since we are passing through the value directly, we aren't doing any conversion or checking of it. My instinct is to make this bool only. If the API is documented as accepting a string, then I could see us accepting either, though I might still lean toward it being bool only in I don't use this API currently so if I'm missing something please let me know. Thanks again! |
Hi @briantist , I formatted the code as you proposed. About the additional "str" type: |
Thank you @ferenc-hechler that makes sense. The Since your PR was opened before this change, I have:
|
looks like my idea to switch the branch names from main and develop was not successful. |
When creating a role for the JWT auth method, the optional parameter "user_claim_json_pointer" is missing.
See documentation here:
https://developer.hashicorp.com/vault/api-docs/auth/jwt#user_claim_json_pointer
The parameter is a bool value which defaults to false.
This pull request adds the missing parameter. I tested it for JWT auth and it works.
The parameter can be bool or a str containing "true" or "false".
If a wrong parameter is given, the server returns a corresponding error message.
The OIDC auth mehod inherits create_role() from JWT.
So, I also added this parameter to ODIC.create_role().
The OIDC use case was not tested.
Documentation was updated.