Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add dedicated schema parameters to tune auth mounts #2338

Open
wants to merge 4 commits into
base: VAULT-29403/mount-parity
Choose a base branch
from

Conversation

vinay-gopalan
Copy link
Contributor

Description

Tuning auth mounts is currently managed by a resource block, which:

  • manages durations using strings and
  • relies on sys/auth/<path>/tune as the source of truth instead of sys/mounts/auth/<path> (there is a mismatch is the data returned by the two endpoints)

Both of these above make it hard to fix tune block configurations and states without potentially breaking users/causing drifts, hence this PR adds dedicated schema params for the fields previously managed by the tune block, and adds methods to easily manage them and add/tweak things in the future.

Relates OR Closes #2234

Checklist

  • Added CHANGELOG entry (only for user-facing changes)
  • Acceptance tests where run against all supported Vault Versions

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestJWTAuthBackend_authMountSchema'
=== RUN   TestJWTAuthBackend_authMountSchema
=== PAUSE TestJWTAuthBackend_authMountSchema
=== CONT  TestJWTAuthBackend_authMountSchema
--- PASS: TestJWTAuthBackend_authMountSchema (1.57s)
PASS

@vinay-gopalan vinay-gopalan changed the base branch from main to VAULT-29403/mount-parity October 7, 2024 19:58
@vinay-gopalan vinay-gopalan changed the base branch from VAULT-29403/mount-parity to main December 4, 2024 17:56
@vinay-gopalan vinay-gopalan requested a review from a team as a code owner December 4, 2024 17:56
@vinay-gopalan vinay-gopalan changed the base branch from main to VAULT-29403/mount-parity December 4, 2024 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: vault_jwt_auth_backend tune block always updates unless config matches Vault server defaults
1 participant