Database Role creation_statements not updating

[pat]

I'm finding that database roles (in the database auth engine) aren't updating the creation_statements value for existing roles.

I've tested this locally with 0.10.4, on our server with 0.10.3, and with the latest in the master branch. To reproduce:

# Start a dev vault server:
vault server -dev -dev-root-token-id="test"

And in another terminal:

export VAULT_ADDR="http://127.0.0.1:8200" VAULT_TOKEN=test
vault secrets enable database
vault write database/roles/mydb db_name=mysql creation_statements="foo"
vault read -field=creation_statements database/roles/mydb
vault write database/roles/mydb db_name=mysql creation_statements="bar"
vault read -field=creation_statements database/roles/mydb

I'm finding the creation_statements value remains set to [foo] in the second read call, when it should now be [bar].

Deleting the role and recreating with the new value is fine, of course, but that doesn't feel ideal.

Vault server configuration files on the server (if it's relevant? Given I can reproduce on a dev server locally, I doubt it):

listener "tcp" {
  address     = "0.0.0.0:80"
  tls_disable = 1
}

pid_file = "/var/local/vault.pid"

storage "s3" {
  bucket = "our-bucket"
  region = "our-region"
}

[kalafut]

@pat Thanks for reporting this. It was very recently noticed by us as well and is currently being worked on in PR #5058.

[pat]

Great to know a fix is on the way :) Thanks @kalafut!