hashicorp-vault-plugin icon indicating copy to clipboard operation
hashicorp-vault-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Parameterized loginByJwt method

Open ns-jlizarraga opened this issue 1 year ago • 2 comments

What feature do you want to see added?

The loginByJwt method doesn't support a parameter to specify a different endpoint when sending the request to Vault after getting the JWT token, it always goes to a hardcoded endpoint:

"/v1/auth/" + provider + "/login")

https://github.com/BetterCloud/vault-java-driver/blob/900ffe9a47dced88484588b315803210e17b349a/src/main/java/com/bettercloud/vault/api/Auth.java#L1030-L1039

This means, that the plugin is expecting to have any Vault auth methods to be mounted or configured at the default location.

In our scenario, we use the GCP method, but the mount point is configured to auth/gcp/company_name/login, therefore when using the plugin we always get a 403 response from Vault, as the request goes to auth/gcp/login.

Upstream changes

No response

ns-jlizarraga avatar Mar 28 '23 18:03 ns-jlizarraga