Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Missing a way to attach access policy to LDAP user, like k8s_auth_role #492

Open
cthenb opened this issue Nov 14, 2024 · 1 comment
Open

Comments

@cthenb
Copy link

cthenb commented Nov 14, 2024

The below is what I'm currently doing to assign an access policy I created in Vault directly to certain LDAP users:

  • ansible.builtin.uri:
    url: "{{ hashivault_url }}/v1/auth/ldap/users/{{ item.key }}"
    method: POST
    headers:
    X-Vault-Token: "{{ }}"
    body:
    groups: ""
    policies: "{{ item.value.policies }}"
    body_format: json
    status_code: [204]
    loop: "{{ hv_ad_users | dict2items }}"
    loop_control:
    label: "{{ item.key }}"

Looking at the docs, there's only ldap_group to connect policies to groups, not directly to users:
https://terryhowe.github.io/ansible-modules-hashivault/modules/hashivault_ldap_group_module.html#hashivault-ldap-group-module

Am I missing something, or is this missing? If so, can it be added?
I'm aware this is an atypical situation, but we create service accounts in our LDAP for legacy reasons and don't do group management there. Only in our AD's.

@TerryHowe
Copy link
Owner

Sounds like it could be done by making a copy of https://github.com/TerryHowe/ansible-modules-hashivault/blob/main/ansible/modules/hashivault/hashivault_ldap_group.py for users.

Feel free to open a pull request, thanks!

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants