dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix nintend in oidc-job

Browse Source
This commit is contained in:
dvirlabs 2025-10-06 04:24:56 +03:00
parent 51ede03d17
commit bca20ad827
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/vault/oidc-job.yaml
View File

@ -29,7 +29,7 @@ spec:
fi fi
echo "🔐 Enabling OIDC auth method..." echo "🔐 Enabling OIDC auth method..."
vault auth enable oidc || true vault auth enable oidc || true # ok if already enabled
echo "🔧 Configuring OIDC connection to Keycloak..." echo "🔧 Configuring OIDC connection to Keycloak..."
vault write auth/oidc/config \ vault write auth/oidc/config \
@ -56,17 +56,22 @@ spec:
vault policy write vault-admin /tmp/vault-admin.hcl vault policy write vault-admin /tmp/vault-admin.hcl
echo "🎯 Creating OIDC role named 'vault-admins'..." echo "🎯 Creating OIDC role named 'vault-admins'..."
cat >/tmp/bound_claims.json <<'JSON'
{"groups": ["vault-admins"]}
JSON
vault write auth/oidc/role/vault-admins \ vault write auth/oidc/role/vault-admins \
bound_audiences="vault" \ bound_audiences="vault" \
allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \ allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
user_claim="sub" \ user_claim="sub" \
groups_claim="groups" \ groups_claim="groups" \
bound_claims='{"groups": "vault-admins"}' \ bound_claims=@/tmp/bound_claims.json \
oidc_scopes="profile email groups" \ oidc_scopes="profile email groups" \
policies="vault-admin" \ policies="vault-admin" \
ttl="1h" ttl="1h"
echo "✅ All OIDC setup completed successfully." echo "✅ All OIDC setup completed successfully."
volumeMounts: volumeMounts:
- name: vault-token - name: vault-token
mountPath: /vault/secrets mountPath: /vault/secrets