Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allows emails@sign to be within the aws secrets engine path #7553

Merged
merged 3 commits into from
Oct 25, 2019

Conversation

will-quan-bird
Copy link
Contributor

allows the at sign to allow emails for the aws secrets engine path.

@hashicorp-cla
Copy link

hashicorp-cla commented Oct 2, 2019

CLA assistant check
All committers have signed the CLA.

@will-quan-bird
Copy link
Contributor Author

@jefferai Hi is it possible to glance over this small pr? Thanks! :)

@will-quan-bird
Copy link
Contributor Author

Just realized that this allows to write to the role path with the @ sign. After more testing, I found that I couldn't pull aws credentials from this. Would you know off the top of your head why vault read aws/creds/rolename@gmail.com would return no values nor any errors?

@michelvocks
Copy link
Contributor

Hi @will-quan-bird!

If no value or error is returned that usually means that you got an empty response.
I recommend sending a manual HTTP request (e.g. via cURL) with verbose mode enabled to see what is returned.

I also think that you need to change API Pattern for the creds/sts API endpoint here: https://github.com/hashicorp/vault/blob/master/builtin/logical/aws/path_user.go#L21

Cheers,
Michel

@will-quan-bird
Copy link
Contributor Author

That did the trick! Thanks!

@kalafut kalafut merged commit b16087c into hashicorp:master Oct 25, 2019
@kalafut
Copy link
Contributor

kalafut commented Oct 25, 2019

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants