Identity: Allow specifying a custom OIDC client_id field (#8165)

2020-02-13 23:15:35 -08:00 · 2020-02-13 23:15:35 -08:00 · d74463bbcc
parent 2b78d6ca9d
commit d74463bbcc
2 changed files with 12 additions and 3 deletions
--- a/vault/identity_store_oidc.go
+++ b/vault/identity_store_oidc.go
@ -251,6 +251,10 @@ func oidcPaths(i *IdentityStore) []*framework.Path {
 					Description: "TTL of the tokens generated against the role.",
 					Default:     "24h",
 				},
+				"client_id": {
+					Type:        framework.TypeString,
+					Description: "Optional client_id",
+				},
 			},
 			Callbacks: map[logical.Operation]framework.OperationFunc{
 				logical.UpdateOperation: i.pathOIDCCreateUpdateRole,
@ -931,6 +935,10 @@ func (i *IdentityStore) pathOIDCCreateUpdateRole(ctx context.Context, req *logic
 		role.TokenTTL = time.Duration(d.Get("ttl").(int)) * time.Second
 	}

+	if clientID, ok := d.GetOk("client_id"); ok {
+		role.ClientID = clientID.(string)
+	}
+
 	// create role path
 	if role.ClientID == "" {
 		clientID, err := base62.Random(26)
--- a/vault/identity_store_oidc_test.go
+++ b/vault/identity_store_oidc_test.go
@ -65,8 +65,9 @@ func TestOIDC_Path_OIDCRoleRole(t *testing.T) {
 		Path:      "oidc/role/test-role1",
 		Operation: logical.UpdateOperation,
 		Data: map[string]interface{}{
-			"template": "{\"some-key\":\"some-value\"}",
-			"ttl":      "2h",
+			"template":  "{\"some-key\":\"some-value\"}",
+			"ttl":       "2h",
+			"client_id": "my_custom_id",
 		},
 		Storage: storage,
 	})
@ -83,7 +84,7 @@ func TestOIDC_Path_OIDCRoleRole(t *testing.T) {
 		"key":       "test-key",
 		"ttl":       int64(7200),
 		"template":  "{\"some-key\":\"some-value\"}",
-		"client_id": resp.Data["client_id"],
+		"client_id": "my_custom_id",
 	}
 	if diff := deep.Equal(expected, resp.Data); diff != nil {
 		t.Fatal(diff)