dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix string

Browse Source
This commit is contained in:
dvirlabs 2025-05-18 23:37:39 +03:00
parent 18dbeac028
commit e57b323bb2
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
manifests/vault/oidc-job.yaml
View File

@ -47,14 +47,13 @@ spec:
echo 'path "*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] }' > /tmp/vault-admin.hcl && echo 'path "*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] }' > /tmp/vault-admin.hcl &&
vault policy write vault-admin /tmp/vault-admin.hcl && vault policy write vault-admin /tmp/vault-admin.hcl &&
echo '{"groups": "vault-admins"}' > /tmp/bound-claims.json &&
echo "🎯 Creating OIDC role named 'vault-admins'..." && echo "🎯 Creating OIDC role named 'vault-admins'..." &&
vault write auth/oidc/role/vault-admins \ vault write auth/oidc/role/vault-admins \
bound_audiences="vault" \ bound_audiences="vault" \
allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \ allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
user_claim="sub" \ user_claim="sub" \
groups_claim="groups" \ groups_claim="groups" \
bound_claims=@/tmp/bound-claims.json \ bound_claims='{"groups":["vault-admins"]}' \
oidc_scopes="profile email groups" \ oidc_scopes="profile email groups" \
policies="vault-admin" \ policies="vault-admin" \
ttl="1h" && ttl="1h" &&