Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forward service principal creation #54

Merged
merged 1 commit into from
Feb 10, 2021
Merged

Forward service principal creation #54

merged 1 commit into from
Feb 10, 2021

Conversation

catsby
Copy link
Contributor

@catsby catsby commented Feb 3, 2021
edited
Loading

Avoids side-effect of registering Azure Applications as part of creating service principals, which later fail to complete because secondaries can't write to state.

Overview

  • Creating dynamic credentials is a multi-step process where an application is first registered in Azure, and then service principals assigned to it. These steps can succeed in Azure but their information fail to save to state, triggering logical.ErrReadOnly and forwarding the request to the primary.
  • The primary then performs the request, resulting in duplicate app registrations that are orphaned

A high level description of the contribution, including:

  • The GET /creds/:rolename path will now explicitly forward to the primary, instead of waiting for the implicitly triggered forwarding when the logical.ErrReadOnly error is hit

Contributor Checklist

  • Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet - N/A
  • Add output for any tests not ran in CI to the PR description (eg, acceptance tests) - N/A
  • Backwards compatible

@catsby
Forward service principal creation
5a71ef9 
Avoids side-effect of creating app registration on secondaries that
can't write to state
@catsby catsby marked this pull request as ready for review February 3, 2021 15:48
@catsby catsby requested review from kalafut and a team February 4, 2021 20:31
@catsby catsby merged commit ac95810 into master Feb 10, 2021
catsby added a commit that referenced this pull request Feb 10, 2021
@catsby
Forward service principal creation (#54)
3d2bc22 
Avoids side-effect of creating app registration on secondaries that
can't write to state
@catsby catsby mentioned this pull request Feb 10, 2021
Merged
catsby added a commit that referenced this pull request Feb 11, 2021
@catsby
Forward service principal creation (#54) (#56)
4b1c43a 
Avoids side-effect of creating app registration on secondaries that
can't write to state
@catsby catsby mentioned this pull request Feb 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

@kalafut kalafut Awaiting requested review from kalafut

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catsby @calvn