From 9137b06f83f7369528773ba1d0485a445fa8e04f Mon Sep 17 00:00:00 2001 From: Zlaticanin Date: Mon, 30 Oct 2023 14:26:25 -0700 Subject: [PATCH] add instructions in the test --- azure_test.go | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/azure_test.go b/azure_test.go index cd58ad12..2217e213 100644 --- a/azure_test.go +++ b/azure_test.go @@ -20,6 +20,43 @@ import ( "testing" ) +// Steps to reproduce the error for Azure eventual consistency issue: +// 1. Enable the Azure secrets engine +// $ vault secrets enable azure +// +// 2. Configure the secrets engine with account creds (these creds can be found by +// logging in to Azure portal (1password) and searching for Team Vault subscription. +// $ vault write azure/config \ +// subscription_id=$AZURE_SUBSCRIPTION_ID \ +// tenant_id=$AZURE_TENANT_ID \ +// client_id=$AZURE_CLIENT_ID \ +// client_secret=$AZURE_CLIENT_SECRET +// +// 3. To run this test with an app id, you need to register an application in the Azure portal. +// App registrations → New registration → Register +// You will need to add following API permissions to your application: +// - Application.ReadWrite.All +// - GroupMember.ReadWrite.All +// Make sure to Grant admin consent for Default Directory. +// Go to Team Vault Subscription → Access control (IAM) → Add role assignment → Privileged administrator roles → +// Select Owner → Go to Members → Select Members → Add the application you just registered → +// Not constrained Delegation type → Review and assign +// +// Create a role with an already existing application id +// $ vault write azure/roles/test-role \ +// application_object_id= \ +// ttl=10h +// +// 4. To configure a role to create a new sp with Azure roles: +// $ vault write azure/roles/test-role ttl=10h azure_roles=-<" +// } +// ] +// EOF + type VaultCredResponse struct { Data struct { ClientId string `json:"client_id"`