* docs: adds documentation for JWT/OIDC google provider specific handling
* use may instead of will for identity group alias association
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
* adds missed parentheses
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
* adds missed parentheses
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
* reword sentence referring to key file for Google service account
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* add styles to emphasize security step
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Add specification about AWS IAM Unique Identifiers
We experienced an issue where IAM roles resources were re-provisioned with the same ARNs and no change had been made to our vault role configuration but users lost access with `-method=aws`. It wasn't immediately clear to us how IAM Unique Identifiers where being used to avoid the same situations outlined in the AWS documentation. We eventually concluded that re-provisioning the roles in our auth/aws/auth would fetch the new IAM Unique Identifiers.
I hope that this small amendment helps people avoid this problem in the future.
Upgrade to new official Okta sdk lib. Since it requires an API token, use old unofficial okta lib for no-apitoken case.
Update test to use newer field names. Remove obsolete test invalidated by #4798. Properly handle case where an error was expected and didn't occur.
