luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Correct GCE Token Parameter (#5667) 

As written the GCE token curl results in an error: "non-empty audience parameter required".

Google's docs (https://cloud.google.com/compute/docs/instances/verifying-instance-identity) confirm that the parameter is 'audience' not 'aud'.
This commit is contained in:
Tommy Murphy 2018-12-07 18:10:30 -05:00 committed by Jim Kalafut
parent 37683e234d
commit d3774e6aaa
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
website/source/docs/auth/gcp.html.md
View File

@ -276,14 +276,13 @@ commands from the GCE instance.** The JWT token can be obtained from the
```text
ROLE="my-gce-role"
SERVICE_ACCOUNT="service-account@my-project.iam.gserviceaccount.com"
curl \
--header "Metadata-Flavor: Google" \
--get \
--data-urlencode "aud=http://vault/${ROLE}" \
--data-urlencode "audience=http://vault/${ROLE}" \
--data-urlencode "format=full" \
"http://metadata/computeMetadata/v1/instance/service-accounts/${SERVICE_ACCOUNT}/identity"
"http://metadata/computeMetadata/v1/instance/service-accounts/default/identity"
```
## API