Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for multiple keysets configured #277

Merged
merged 7 commits into from
Feb 8, 2024
Merged

Allow for multiple keysets configured #277

merged 7 commits into from
Feb 8, 2024

Conversation

johnlanda
Copy link
Contributor

Overview

This change allows for the JWT auth backend to be configured with multiple JWKS URLs as the result of a customer request.

This change should allow for current configuration using jwks_url and jwks_ca_pem to work as normal. Users may optionally choose to instead specify sets of jwks_pairs. If jwks_pairs are specified then the underlying Validator from the cap library will loop over the available jwks_pairs in order to attempt to validate the JWT.

Design of Change

This change updates the config for the jwtAuthBackend in the path_config.go file. It also updates the backend.go file to ensure that when using jwks_pairs we iterate over the JWKS uris and CA PEMs to initialize all key sets.

Related Issues/Pull Requests

[ ] Cap PR #128

Contributor Checklist

[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
My Docs PR Link
Example
[ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
[x] Backwards compatible

@johnlanda
Allow for multiple keysets configured
4a87f0b 
Remove extra error variable

Add jwks pairs tests
johnlanda
johnlanda commented Feb 3, 2024
View reviewed changes
@austingebauer austingebauer requested a review from a team February 6, 2024 18:09
@johnlanda johnlanda marked this pull request as ready for review February 6, 2024 19:18
austingebauer
austingebauer reviewed Feb 7, 2024
View reviewed changes
Copy link
Contributor

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving a couple of small comments as I'm looking through this. Looking good!

austingebauer
austingebauer reviewed Feb 7, 2024
View reviewed changes
austingebauer
austingebauer approved these changes Feb 8, 2024
View reviewed changes
Copy link
Contributor

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again for this contribution, @johnlanda! LGTM

@johnlanda johnlanda merged commit 882a9b7 into main Feb 8, 2024
4 checks passed
@johnlanda johnlanda deleted the johnlanda/vault-22973 branch February 8, 2024 01:46
@austingebauer austingebauer mentioned this pull request Feb 16, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkirschner-hashicorp jkirschner-hashicorp jkirschner-hashicorp left review comments

@austingebauer austingebauer austingebauer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johnlanda @austingebauer @jkirschner-hashicorp