Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docs for authorization principal in webhooks. #257

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

joshdrake
Copy link
Contributor

Name of feature:

Pain or issue this feature alleviates:

Why is this important to the project (if not answered above):

Is there documentation on how to use this feature? If so, where?

In what environments or workflows is this feature supported?

In what environments or workflows is this feature explicitly NOT supported (if any)?

Supporting links/other PRs/issues:

💔Thank you!

@joshdrake joshdrake requested a review from a team as a code owner July 24, 2023 20:07
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@@ -164,6 +164,12 @@ The request will contain the `scepChallenge` provided by the client and the `sce
Unlike webhooks configured on other provisioners, when a single SCEP provisioner is configured with multiple `SCEPCHALLENGE` webhooks,
only a single one of the `SCEPCHALLENGE` webhooks needs to indicate the request is allowed for the certificate to be issued.

### Webhooks for Cloud (AWS, Azure, GCP) and X5C Provisioners
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this. I think, for completeness, people should know which attributes to expect in the webhook request. We should show an example request, or at least the names of attributes for the IID instance ID and the certificate subject.

### Webhooks for Cloud (AWS, Azure, GCP) and X5C Provisioners

When signing requests are authorized by one of these provisioners, the request body will also contain the authorizing principal(s)
from the request. For cloud provisioners, this will be the instance identifier from the [Instance Identity Document](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may need a link for the other cloud provisioners too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants