dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix string

Browse Source
This commit is contained in:
dvirlabs 2025-05-18 23:32:22 +03:00
parent a8b86da9c5
commit 18dbeac028
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
manifests/vault/oidc-job.yaml
View File

@ -47,13 +47,14 @@ spec:
echo 'path "*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] }' > /tmp/vault-admin.hcl && echo 'path "*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] }' > /tmp/vault-admin.hcl &&
vault policy write vault-admin /tmp/vault-admin.hcl && vault policy write vault-admin /tmp/vault-admin.hcl &&
echo '{"groups": "vault-admins"}' > /tmp/bound-claims.json &&
echo "🎯 Creating OIDC role named 'vault-admins'..." && echo "🎯 Creating OIDC role named 'vault-admins'..." &&
vault write auth/oidc/role/vault-admins \ vault write auth/oidc/role/vault-admins \
bound_audiences="vault" \ bound_audiences="vault" \
allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \ allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
user_claim="sub" \ user_claim="sub" \
groups_claim="groups" \ groups_claim="groups" \
bound_claims=groups:vault-admins \ bound_claims=@/tmp/bound-claims.json \
oidc_scopes="profile email groups" \ oidc_scopes="profile email groups" \
policies="vault-admin" \ policies="vault-admin" \
ttl="1h" && ttl="1h" &&