Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add allowed_organizational_units parameter to cert credential backend #5252

Merged
merged 2 commits into from
Sep 28, 2018
Merged

add allowed_organizational_units parameter to cert credential backend #5252

merged 2 commits into from
Sep 28, 2018

Conversation

joemiller
Copy link
Contributor

@joemiller joemiller commented Sep 3, 2018
edited
Loading

Specifying the allowed_organizational_units parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization's hierarchy by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organizational_units_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organizational_units=engineering,support

Related:

@joemiller
add allowed_organiztaional_units parameter to cert credential backend
07cf8b9 
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

```
$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering,support
```
@joemiller
Merge branch 'master' into pki-auth-ou
93afa04
@jefferai jefferai added this to the 0.11.2 milestone Sep 5, 2018
@joemiller joemiller changed the title add allowed_organiztaional_units parameter to cert credential backend add allowed_organizational_units parameter to cert credential backend Sep 17, 2018
tyrannosaurus-becks
tyrannosaurus-becks approved these changes Sep 27, 2018
View reviewed changes
Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joemiller this looks fantastic. Thank you for contributing it.

jefferai
jefferai approved these changes Sep 27, 2018
View reviewed changes
Copy link
Member

@jefferai jefferai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 it looks really great, thanks!

@chrishoffman chrishoffman merged commit f2b685e into hashicorp:master Sep 28, 2018
@palsaurabh2005 palsaurabh2005 mentioned this pull request Oct 16, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jefferai jefferai jefferai approved these changes

@tyrannosaurus-becks tyrannosaurus-becks tyrannosaurus-becks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.11.2
Development

Successfully merging this pull request may close these issues.
4 participants
@joemiller @jefferai @tyrannosaurus-becks @chrishoffman