-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fields 'ttl' and 'num_uses' to SecretID generation. #14474
Add fields 'ttl' and 'num_uses' to SecretID generation. #14474
Conversation
thanks! it appears we have some formatting issues |
@swayne275 This is correct! I looked at them before and they seem to not originate from my code. |
sure, give it a shot and we can take a deeper look |
7854530
to
215f35d
Compare
Add fields 'ttl' and 'num_uses' when generating/obtaining a SecretID. Rather than just being able to use the Role's SecretID ttl and num uses. hashicorp#14390
Add the response field secret_id_num_uses to the endpoints for generating SecretIDs. Used in testing but also to supply the vendor with this variable.
Add tests to assert the new TTL and NumUses option in the SecretID entry. Separate test for testing with just parameters vs a -force example.
215f35d
to
0f1c941
Compare
The test seem to be passing now! |
Hi everyone, Just want to keep the conversation moving on this feature. I see Vault 1.10 just rolled out, any idea when these changes might be generally released? |
Change the error message produced when a test fails due to a missing field. Previous values did not map to correct fields.
Unnecessary cast to int where type already is int.
Remove metadata entry in sample payload for custom-secret-id. The metadata was not changed in the features pull request.
Rather than implicitly overriding, error when the ttl is lower than and the num uses higher than the role's configuration. hashicorp#14390
More elaborate description for the changelog. Specifying the per-request based fields.
900e726
to
772adde
Compare
Specify in both the api-docs and the CLI the limits of the fields. Specify that the role's configuration is still the leading factor.
Upper bound ttl with role secret id ttl when creating a secret id Adding test cases for infinite ttl and num uses Adding test cases for negative ttl and num uses Validation on infinite ttl and num uses
1875e77
to
cba46ac
Compare
Changed that TTL is not allowed to be shorter to longer
Define ttl and num_uses in every test despite them not being tested. This is to ensure that no unexpected behaviour comes to mind.
Hello all! I was hoping to bump up this PR to get this looked at and possibly merged. Thank you! 😄 |
Hi everyone, also bumping this PR. Would love to see this feature merged. |
Test secret id generation defaults to Role's configuration entries.
Co-authored-by: Josh Black <[email protected]>
Hi everyone, are there still more discussions to be resolved on this feature? |
Hello everyone, periodic bump up of the PR to see if it can get merged. Thank you! |
Periodic PR bump, this is still a feature I'm very interested in! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm
Add the fields 'ttl' and 'num_uses' to the endpoints
/auth/approle/role/<role_name>/secret-id
and/auth/approle/role/<role_name>/custom-secret-id
.Edited the help synopsis and description to refer to these fields. Both for the endpoints respectively but also for the
secret-id-num-uses
andsecret-id-ttl
endpoints.Fixes #14390