Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS upgrade role entries #7025

Merged
merged 58 commits into from
Jul 5, 2019
Merged

AWS upgrade role entries #7025

merged 58 commits into from
Jul 5, 2019

Conversation

mjarmy
Copy link
Contributor

@mjarmy mjarmy commented Jun 30, 2019
edited
Loading

AWS Roles are now upgraded and saved to the latest version just after the AWS
credential plugin is mounted. If the upgrade has already been run, it is not
run again.

The upgrade only happens if either:

  • The vault server is a local mount.
  • The vault server is not a performance replicated standby cluster.

This change is implemented by adding an Initialize() method to
sdk.logical.Backend, that any sdk.framework.Backend plugin can choose to
implement, to allow it to handle any initialization tasks that need to be
performed.

Initialize() is called from four different places:

  • after mounting secrets backends during post-unseal,
  • after mounting credentials backends during post-unseal,
  • after explicitly mounting a secrets backend
  • after explicitly mounting a credentials backend

mjarmy added 21 commits June 30, 2019 07:59
@mjarmy
upgrade aws roles
981f708
@mjarmy
test upgrade aws roles
1ead348
@mjarmy
Initialize aws credential backend at mount time
cccb56e
@mjarmy
add a TODO
ce1dbe0
@mjarmy
create end-to-end test for builtin/credential/aws
593048f
@mjarmy
fix bug in initializer
7e900b6
@mjarmy
improve comments
add4b06
@mjarmy
add Initialize() to logical.Backend
24a10f5
@mjarmy
use Initialize() in Core.enableCredentialInternal()
6abe0ee
@mjarmy
use InitializeRequest to call Initialize()
a3d10a5
@mjarmy
improve unit testing for framework.Backend
ae25817
@mjarmy
call logical.Backend.Initialize() from all of the places that it need…
274ed9d 
…s to be called.
@mjarmy
implement backend.proto changes for logical.Backend.Initialize()
397dd6f
@mjarmy
persist current role storage version when upgrading aws roles
e38ffab
@mjarmy
format comments correctly
f68254b
@mjarmy
improve comments
07e4722
@mjarmy
use postUnseal funcs to initialize backends
7bca471
@mjarmy
simplify test suite
bffa3f5
@mjarmy
improve test suite
851610c
@mjarmy
merge from master
67ac41c
@mjarmy
simplify logic in aws role upgrade
4f36e95
@mjarmy mjarmy changed the title [DRAFT] Aws upgrade role entries AWS upgrade role entries Jul 2, 2019
@mjarmy mjarmy marked this pull request as ready for review July 2, 2019 12:50
@mjarmy mjarmy requested a review from jefferai July 2, 2019 13:32
@mjarmy
Copy link
Contributor Author

mjarmy commented Jul 4, 2019

I've added an end-to-end test that verifies that the initialization happens when a cluster is created, and when the cluster is sealed and then unsealed.

briankassouf pushed a commit that referenced this pull request Jul 5, 2019
Fix a few lifecycle related issues in #7025
0acbf33
@briankassouf briankassouf merged commit c48159e into master Jul 5, 2019
@briankassouf briankassouf deleted the aws-upgrade-role-entries-v2 branch July 5, 2019 23:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@briankassouf briankassouf briankassouf left review comments

@jefferai jefferai jefferai approved these changes

Assignees
No one assigned
Labels
beta
Projects
None yet
Milestone
1.2
Development

Successfully merging this pull request may close these issues.
3 participants
@mjarmy @jefferai @briankassouf