Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(vault): vault secret without TTL configuration should not be refreshed #12877

Merged
merged 1 commit into from
Apr 23, 2024
Merged

fix(vault): vault secret without TTL configuration should not be refreshed #12877

merged 1 commit into from
Apr 23, 2024

Conversation

windmgc
Copy link
Member

@windmgc windmgc commented Apr 18, 2024
edited
Loading

Summary

This PR fixes a bug that a vault secret could be refreshed by rotation timer after a rotation interval, even if it has no TTL configuration(which means the secret will expire after DAO_MAX_TTL instead of a rotation interval)

Checklist

Issue reference

FTI-5906
FTI-5916

@windmgc windmgc requested a review from bungle April 18, 2024 07:05
@github-actions github-actions bot added core/pdk cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee labels Apr 18, 2024
@windmgc windmgc requested a review from jschmid1 April 18, 2024 07:07
jschmid1
jschmid1 requested changes Apr 18, 2024
View reviewed changes
Copy link
Contributor

@jschmid1 jschmid1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please elaborate on the effect of this fix.

changelog/unreleased/kong/fix-vault-secret-update-without-ttl.yml Outdated Show resolved Hide resolved
kong/pdk/vault.lua Outdated Show resolved Hide resolved
bungle
bungle approved these changes Apr 19, 2024
View reviewed changes
Copy link
Member

@bungle bungle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am approving this, but check @jschmid1’s comments.

@windmgc windmgc force-pushed the prevent-vault-reference-refresh-when-no-ttl-configured branch from 4796861 to 82dbedb Compare April 23, 2024 06:46
@windmgc windmgc requested a review from jschmid1 April 23, 2024 08:12
@jschmid1 jschmid1 merged commit 0d81517 into master Apr 23, 2024
25 checks passed
@jschmid1 jschmid1 deleted the prevent-vault-reference-refresh-when-no-ttl-configured branch April 23, 2024 09:21
@team-gateway-bot
Copy link
Collaborator

Successfully created cherry-pick PR for master:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschmid1 jschmid1 jschmid1 approved these changes

@bungle bungle bungle approved these changes

Assignees

@windmgc windmgc

Labels
cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee core/pdk size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@windmgc @team-gateway-bot @bungle @jschmid1