-
Notifications
You must be signed in to change notification settings - Fork 781
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vault token management moved into separate watcher #1645
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eikenb
added
bug
hashicat-update-required
Changes that need to be ported to hashicat
labels
Sep 22, 2022
eikenb
added
vault
Related to the Vault integration
nomad
Related to ingetration in Nomad
labels
Sep 26, 2022
schmichael
added a commit
to hashicorp/nomad
that referenced
this pull request
Sep 27, 2022
eikenb
force-pushed
the
vault-token-file-refactor
branch
from
September 28, 2022 23:54
12ca39c
to
eaa3945
Compare
I think I'm finally done with this if you want to give it a whirl @drawks. If you don't have time I'll probably merge it soon and you can let me know if you get time. Thanks. |
eikenb
force-pushed
the
vault-token-file-refactor
branch
from
September 29, 2022 21:53
eaa3945
to
6334a1a
Compare
Refactor the vault token management (renewing, tokenfile watching, unwrapping, etc) into a dedicated watcher that is only responsible for that. Done to encapsulate the vault management token into one place where it can be more easily understood and tested. It was scattered about and inconsistent (eg. it only tried to unwrap the first token). Strips the vault token code out of current watcher and client_set. Most of this commit is the new test suite for this code as it wasn't really tested before.
The runner is the external API and adding the clients to the parameters breaks that 1 API. This moves the code to create the clients and start the vault token watcher inside the runner which preserves the API while still keeping the desired encapsulation.
eikenb
force-pushed
the
vault-token-file-refactor
branch
from
September 29, 2022 22:59
6334a1a
to
938aed7
Compare
Awesome, I'm a bit buried in other things at the moment, but I'll give this a good shake down soon. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
enhancement
hashicat-update-required
Changes that need to be ported to hashicat
nomad
Related to ingetration in Nomad
vault
Related to the Vault integration
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refactor the vault token management (renewing, tokenfile watching, unwrapping, etc) into a dedicated watcher that is only responsible for that.
Done to encapsulate the vault management token into one place where it can be more easily understood and tested. It was scattered about and inconsistent (eg. it only tried to unwrap the first token).
Strips the vault token code out of current watcher and client_set.
Most of this commit is the new test suite for this code as it wasn't really tested before.
Fixes #1498