Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consul acl role support #14014

Merged
merged 12 commits into from
Feb 17, 2022
Merged

Consul acl role support #14014

merged 12 commits into from
Feb 17, 2022

Conversation

robmonte
Copy link
Member

@robmonte robmonte commented Feb 11, 2022
edited
Loading

This is a refresh of the PR submitted by @BrandonIngalls here: #11025 which adds support for Consul ACL roles. This simplifies management of Vault tokens that use multiple Consul policies. Previously, you needed to replicate the work of assigning multiple Consul policies to a role in both Vault and Consul.

For example, let's say you work on assigning 20 different ACL policies into a single Consul role named "admin-access". With current Vault, you'd need to assign all 20 polices again to a Vault role like this:

❯ vault write consul/roles/my-role policies="policy1,policy2,policy3,...,policy20"

With Consul role support, it changes to this:

❯ vault write consul/roles/my-role roles="admin-access"

Additionally, if you want to assign multiple Consul roles to a Vault role, you can:

❯ vault write consul/roles/my-role roles="admin-access,role2,role3,...,etc"

 

The original author's commits are retained to preserve credit for the work generously provided, save for merge conflicts, and the CLA was previously signed here: #11025 (comment)

Closes #10752, #11025

@robmonte robmonte added this to the 1.10 milestone Feb 11, 2022
@robmonte robmonte requested a review from a team February 11, 2022 07:35
@vercel vercel bot temporarily deployed to Preview – vault February 11, 2022 07:41 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 11, 2022 07:41 Inactive
@robmonte robmonte mentioned this pull request Feb 11, 2022
Closed
calvn
calvn reviewed Feb 12, 2022
View reviewed changes
builtin/logical/consul/path_token.go Show resolved Hide resolved
website/content/api-docs/secret/consul.mdx Show resolved Hide resolved
website/content/api-docs/secret/consul.mdx Show resolved Hide resolved
builtin/logical/consul/path_roles.go Outdated Show resolved Hide resolved
builtin/logical/consul/path_roles.go Outdated Show resolved Hide resolved
austingebauer
austingebauer reviewed Feb 14, 2022
View reviewed changes
Copy link
Contributor

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One comment, otherwise LGTM along with Calvin's suggestions. Great level of detail with the description and documentation 👍

@vercel vercel bot temporarily deployed to Preview – vault February 16, 2022 15:20 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 16, 2022 15:20 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 16, 2022 21:12 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 16, 2022 21:12 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 16, 2022 21:52 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 16, 2022 22:11 Inactive
calvn
calvn approved these changes Feb 17, 2022
View reviewed changes
Copy link
Contributor

@calvn calvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

austingebauer
austingebauer approved these changes Feb 17, 2022
View reviewed changes
Copy link
Contributor

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@robmonte robmonte merged commit 8b36f65 into main Feb 17, 2022
@robmonte robmonte deleted the update-consul-acl-role-support branch February 17, 2022 01:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benashz benashz benashz left review comments

@austingebauer austingebauer austingebauer approved these changes

@calvn calvn calvn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.10
Development

Successfully merging this pull request may close these issues.

Consul Secrets Engine - Support Consul ACL Roles
5 participants
@robmonte @calvn @benashz @austingebauer @thiskevinwang