Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

add allowed_organizational_units parameter to cert credential backend #5252

Merged
merged 2 commits into from
Sep 28, 2018
Merged

add allowed_organizational_units parameter to cert credential backend #5252

merged 2 commits into from
Sep 28, 2018

Conversation

joemiller
Copy link
Contributor

@joemiller joemiller commented Sep 3, 2018
edited
Loading

Specifying the allowed_organizational_units parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization's hierarchy by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organizational_units_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organizational_units=engineering,support

Related:

@joemiller
add allowed_organiztaional_units parameter to cert credential backend
07cf8b9 
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

```
$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering,support
```
@joemiller
Merge branch 'master' into pki-auth-ou
93afa04
@jefferai jefferai added this to the 0.11.2 milestone Sep 5, 2018
@joemiller joemiller changed the title add allowed_organiztaional_units parameter to cert credential backend add allowed_organizational_units parameter to cert credential backend Sep 17, 2018
tyrannosaurus-becks
tyrannosaurus-becks approved these changes Sep 27, 2018
View reviewed changes
Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joemiller this looks fantastic. Thank you for contributing it.

jefferai
jefferai approved these changes Sep 27, 2018
View reviewed changes
Copy link
Member

@jefferai jefferai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 it looks really great, thanks!

@chrishoffman chrishoffman merged commit f2b685e into hashicorp:master Sep 28, 2018
@palsaurabh2005 palsaurabh2005 mentioned this pull request Oct 16, 2018
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@tyrannosaurus-becks tyrannosaurus-becks tyrannosaurus-becks approved these changes

@jefferai jefferai jefferai approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.11.2
Development

Successfully merging this pull request may close these issues.
4 participants
@joemiller @jefferai @tyrannosaurus-becks @chrishoffman