Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vault token management moved into separate watcher #1645

Merged
merged 2 commits into from
Sep 29, 2022

Conversation

eikenb
Copy link
Contributor

@eikenb eikenb commented Sep 22, 2022

Refactor the vault token management (renewing, tokenfile watching, unwrapping, etc) into a dedicated watcher that is only responsible for that.

Done to encapsulate the vault management token into one place where it can be more easily understood and tested. It was scattered about and inconsistent (eg. it only tried to unwrap the first token).

Strips the vault token code out of current watcher and client_set.

Most of this commit is the new test suite for this code as it wasn't really tested before.

Fixes #1498

@eikenb eikenb added bug hashicat-update-required Changes that need to be ported to hashicat labels Sep 22, 2022
@eikenb eikenb added this to the v0.30.0 milestone Sep 22, 2022
@eikenb eikenb requested a review from a team September 22, 2022 22:13
@eikenb eikenb added vault Related to the Vault integration nomad Related to ingetration in Nomad labels Sep 26, 2022
schmichael added a commit to hashicorp/nomad that referenced this pull request Sep 27, 2022
@eikenb eikenb force-pushed the vault-token-file-refactor branch from 12ca39c to eaa3945 Compare September 28, 2022 23:54
@eikenb
Copy link
Contributor Author

eikenb commented Sep 29, 2022

I think I'm finally done with this if you want to give it a whirl @drawks. If you don't have time I'll probably merge it soon and you can let me know if you get time. Thanks.

@eikenb eikenb modified the milestones: v0.30.0, v0.29.3 Sep 29, 2022
@eikenb eikenb force-pushed the vault-token-file-refactor branch from eaa3945 to 6334a1a Compare September 29, 2022 21:53
Refactor the vault token management (renewing, tokenfile watching,
unwrapping, etc) into a dedicated watcher that is only responsible for
that.

Done to encapsulate the vault management token into one place where it
can be more easily understood and tested. It was scattered about and
inconsistent (eg. it only tried to unwrap the first token).

Strips the vault token code out of current watcher and client_set.

Most of this commit is the new test suite for this code as it wasn't
really tested before.
The runner is the external API and adding the clients to the parameters
breaks that 1 API. This moves the code to create the clients and start
the vault token watcher inside the runner which preserves the API while
still keeping the desired encapsulation.
@eikenb eikenb force-pushed the vault-token-file-refactor branch from 6334a1a to 938aed7 Compare September 29, 2022 22:59
@eikenb eikenb merged commit 3c60253 into main Sep 29, 2022
@eikenb eikenb deleted the vault-token-file-refactor branch September 29, 2022 23:10
@drawks
Copy link

drawks commented Sep 29, 2022

Awesome, I'm a bit buried in other things at the moment, but I'll give this a good shake down soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug enhancement hashicat-update-required Changes that need to be ported to hashicat nomad Related to ingetration in Nomad vault Related to the Vault integration
Projects
None yet
Development

Successfully merging this pull request may close these issues.

consul-template "vault_agent_token_file" should support wrapped format from vault agent
2 participants