New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support of App ID and User ID management #1320
Comments
Also, I frequently pair multiple App IDs with a single User ID, ie:
It would be great to be able to easily add, list, and remove User ID pairings without manually maintaining this comma separated value list and firing the |
Closed, "on the roadmap", or closed, "not under consideration at this time"? |
@consultantRR Some of the Vault issues were closed by mistake from a syncing software. We apologize for the confusion caused. We have reopened the issues that were closed and are investigating the problem that caused this. We are very sorry for the inconvenience. |
Out of curiosity, is the use case that you have multiple services (app-ids) running on the same host? |
@kunickiaj Yes, this ( Currently, pairing multiple app-ids with one user-id is possible in Vault, but as I note above, this is currently a bit cumbersome to maintain. (See: #486.) To take it one step further: In an ideal world, it would additionally be possible to not only pair multiple app-ids to each user-id, but also to pair multiple user-ids to each app-id. This would make it possible, for example, for one app-id to have different policies based on the environment in which it is running. Consider this use case: 3 multi-service hosts ( 2 services running on each host ( (1) When, for example, (2) When, for example, Case (1) is already possible today, although it would be very nice for the pairings to be easier to maintain, as per my earlier comment. Case (2) is not possible today without the services using different app-ids in each environment. |
Yeah, I understand what you're saying. But given that app-id is typically deployed by your config management, I could also argue that since config management usually has its own variables for deploying to dev, test, prod it would be responsible for deploying the appropriate app-id for that environment (which is then tied to the appropriate policy). user-id just represents a particular piece of hardware in most cases. Either way this discussion is probably off-topic for this particular ticket ^^ |
I agree that the latter half of the discussion warrants conversation in an alternate channel, but I stand by my request for better management of one-to-many app-id to user-id pairings as on-topic to this ticket. |
Hi, I'm used to config management doing declarative management of resources. I'd like to be able to model app-ids and user-ids and the association between them as resources, so that config management can add, remove, and update them as appropriate. In order for this to work, I am starting with the following workflow:
At present, I can do most of this - I can correctly model secrets and policies and the relationship between them. If I start with a known user-id, I can traverse the list to ensure coherency of the relations to app-ids, and their relations. I can not enumerate either unknown user-ids or unknown app-ids, so I can not model the system as a whole. Being able to list these maps does not seem like it is structurally difficult. Is there a reason beyond effort that this has not been implemented? Cheers, |
@sgran It's actually much more difficult than you think because of the way the backend was built. Partially because of this, and to solve various other issues with it, AppID is going to be deprecated and replaced with #1426. Please note that the code there is very early and will definitely be changing in various ways, but if you like you can peruse it and see how it's different. There's nothing you can do with AppID that you can't do with the replacement, but the new one will enable much better workflows and management. |
Closing since AppRole implements this, App-ID can't, and App-ID is now deprecated. |
Currently I feel a lack of functionality in App ID and User ID authentication method in order to use it. What can be improved:
The text was updated successfully, but these errors were encountered: