Skip to content

Commit

Permalink
add check for ErrPluginWorkloadIdentityUnsupported
Browse files Browse the repository at this point in the history
  • Loading branch information
@fairclothjm
fairclothjm committed Apr 22, 2024
1 parent 5c1d85a commit 6ac5468
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions path_config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/pluginidentityutil"
"github.com/hashicorp/vault/sdk/helper/pluginutil"
"github.com/hashicorp/vault/sdk/logical"
)

Expand Down Expand Up @@ -170,6 +171,19 @@ func (b *azureSecretBackend) pathConfigWrite(ctx context.Context, req *logical.R
return logical.ErrorResponse("only one of 'client_secret' or 'identity_token_audience' can be set"), nil
}

// generate token to check if WIF is enabled on this edition of Vault
if config.IdentityTokenAudience != "" {
_, err := b.System().GenerateIdentityToken(ctx, &pluginutil.IdentityTokenRequest{
Audience: config.IdentityTokenAudience,
})
if err != nil {
if errors.Is(err, pluginidentityutil.ErrPluginWorkloadIdentityUnsupported) {
return logical.ErrorResponse(err.Error()), nil
}
return nil, err
}
}

if merr.ErrorOrNil() != nil {
return logical.ErrorResponse(merr.Error()), nil
}
Expand Down

0 comments on commit 6ac5468

Please sign in to comment.