Vault version: 1.3.2
Underlying OS: Oracle Linux 7.9
I am able to authenticate against Vault from an OCI VM with use of Instance Principle. my setup follows this guideline and it works:
Then I changed my Dynamic Group definition to an OCI resource like this:
Any {resource.compartment.id = 'ocid1.compartment.oc1..aaaaaaaarqa72sgaavyXXXXXXXXXXXX7kdlg2t6a'}
and I started exactly the same Python code previously working on a VM with Instance Principal as a ML Job having a Resource Principle:
#signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner()
signer = oci.auth.signers.get_resource_principals_signer()
endpoint = "http://hostname:8200/v1/auth/oci/login/devrole"
response = requests.get(endpoint, auth=signer)
date = response.request.headers['date']
authorization = response.request.headers['authorization']
body = {
"request_headers":{
"Date":[date],
"(request-target)":["get /v1/auth/oci/login/devrole"],
"host":["hostname:8200"],
"Content-Type":["application/json"],
"Authorization":[authorization]
}
}
response = requests.put(endpoint, json=body) # fails with 401the first GET request delivers signature like this:
Signature algorithm=\"rsa-sha256\",headers=\"date (request-target) host\",keyId=\"ST$eyJraWQiOiJhc3d...SHORTENED...96lXYVCf+qAvHkFJw23JYovm6w==\",version=\"1\"
and in the PUT request I get 401 Unauthorized.
Does the plugin work also with Resource Principal?
Vault version: 1.3.2
Underlying OS: Oracle Linux 7.9
I am able to authenticate against Vault from an OCI VM with use of Instance Principle. my setup follows this guideline and it works:
Then I changed my Dynamic Group definition to an OCI resource like this:
and I started exactly the same Python code previously working on a VM with Instance Principal as a ML Job having a Resource Principle:
the first GET request delivers signature like this:
and in the PUT request I get 401 Unauthorized.
Does the plugin work also with Resource Principal?