vault: fix oidc scopes parsing

2026-01-14 02:52:51 -03:00 · 2026-01-14 02:52:51 -03:00 · 8a358832f3
commit 8a358832f3
parent c3541b72c3
1 changed files with 2 additions and 1 deletions
--- a/services/vault/scripts/vault_oidc_configure.sh
+++ b/services/vault/scripts/vault_oidc_configure.sh
@ -84,7 +84,8 @@ configure_role() {
    return
  fi
  claims="$(build_bound_claims "${groups_claim}" "${role_groups}")"
-  role_args="user_claim=${user_claim} oidc_scopes=${scopes} token_policies=${role_policies} bound_audiences=${bound_audiences} bound_claims=${claims} bound_claims_type=${bound_claims_type}"
+  scopes_csv="$(printf '%s' "${scopes}" | tr ' ' ',' | tr -s ',' | sed 's/^,//;s/,$//')"
+  role_args="user_claim=${user_claim} oidc_scopes=${scopes_csv} token_policies=${role_policies} bound_audiences=${bound_audiences} bound_claims=${claims} bound_claims_type=${bound_claims_type}"
  if [ -n "${groups_claim}" ]; then
    role_args="${role_args} groups_claim=${groups_claim}"
  fi