adv ttl mgmt: consider rotation window #22448
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ensure rotations only occur within a rotation window for schedule-based rotations
github-actions
bot
added
the
hashicorp-contributed-pr
|
Build Results: |
|
CI Results: |
vinay-gopalan
approved these changes
Aug 18, 2023
fairclothjm
deleted the
VAULT-18915/adv-ttl-mgmt/consider-rotation-window
branch
Zlaticanin
pushed a commit
that referenced
this pull request
Aug 22, 2023
* consider rotation window ensure rotations only occur within a rotation window for schedule-based rotations * use helper method to set priority in rotateCredential * fix bug with priority check * remove test for now * add and remove comments
fairclothjm
added a commit
that referenced
this pull request
Aug 24, 2023
* add rotation_schedule field to db backend * add cron schedule field * use priority queue with scheduled rotation types * allow marshalling of cron schedule type * return warning on use of mutually exclusive fields * handle mutual exclusion of rotation fields (#22306) * handle mutual exclusion of rotation fields * fix import * adv ttl mgmt: add rotation_window field (#22303) * adv ttl mgmt: add rotation_window field * do some rotation_window validation and add unit tests * adv ttl mgmt: Ensure initialization sets appropriate rotation schedule (#22341) * general cleanup and refactor rotation type checks * make NextRotationTime account for the rotation type * add comments * add unit tests to handle mutual exclusion (#22352) * add unit tests to handle mutual exclusion * revert rotation_test.go and add missing test case to path_roles_test.go * adv ttl mgmt: add tests for init queue (#22376) * Vault 18908/handle manual rotation (#22389) * support manual rotation for schedule based roles * update description and naming * adv ttl mgmt: consider rotation window (#22448) * consider rotation window ensure rotations only occur within a rotation window for schedule-based rotations * use helper method to set priority in rotateCredential * fix bug with priority check * remove test for now * add and remove comments * add unit tests for manual rotation (#22453) * adv ttl mgmt: add tests for rotation_window * adv ttl mgmt: refactor window tests (#22472) * Handle GET static-creds endpoint (#22476) * update read static-creds endpoint to include correct resp data * return rotation_window if set * update * add changelog * add unit test for static-creds read endpoint (#22505) --------- Co-authored-by: Milena Zlaticanin <60530402+Zlaticanin@users.noreply.github.com>
Zlaticanin
added a commit
that referenced
this pull request
Aug 25, 2023
…22531) * add rotation_schedule field to db backend * add cron schedule field * use priority queue with scheduled rotation types * allow marshalling of cron schedule type * return warning on use of mutually exclusive fields * handle mutual exclusion of rotation fields (#22306) * handle mutual exclusion of rotation fields * fix import * adv ttl mgmt: add rotation_window field (#22303) * adv ttl mgmt: add rotation_window field * do some rotation_window validation and add unit tests * adv ttl mgmt: Ensure initialization sets appropriate rotation schedule (#22341) * general cleanup and refactor rotation type checks * make NextRotationTime account for the rotation type * add comments * add unit tests to handle mutual exclusion (#22352) * add unit tests to handle mutual exclusion * revert rotation_test.go and add missing test case to path_roles_test.go * adv ttl mgmt: add tests for init queue (#22376) * Vault 18908/handle manual rotation (#22389) * support manual rotation for schedule based roles * update description and naming * adv ttl mgmt: consider rotation window (#22448) * consider rotation window ensure rotations only occur within a rotation window for schedule-based rotations * use helper method to set priority in rotateCredential * fix bug with priority check * remove test for now * add and remove comments * add unit tests for manual rotation (#22453) * adv ttl mgmt: add tests for rotation_window * adv ttl mgmt: refactor window tests (#22472) * Handle GET static-creds endpoint (#22476) * update read static-creds endpoint to include correct resp data * return rotation_window if set * update * add changelog * add unit test for static-creds read endpoint (#22505) * Add the ability to set seconds in cron schedule for testing purposes * update test so we don't use global var * update with suggestions --------- Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com> Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds support for the rotation window. The
rotation_windowwill define the window of time in which rotations are allowed to occur starting from a givenrotation_schedule. Any static role credentials that are not rotated during this window, due to a failure or otherwise, must wait to be rotated until the next rotation schedule.