feat: add principals flag to cli for ssh dynamic secrets#238
Conversation
|
💬 Discussion in Slack: #pr-review-cli-238-feat-add-principals-flag-to-cli-for-ssh-dynamic-secrets Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel. |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| dynamicSecretManager.RegisterTemplateUnsafe(projectSlug, envSlug, secretPath, slug, templateId, ttl, principals) | ||
|
|
||
| etagData := fmt.Sprintf("%s-%s-%s-%s-%s", projectSlug, envSlug, secretPath, slug, ttl) | ||
| etagData := fmt.Sprintf("%s-%s-%s-%s-%s-%s", projectSlug, envSlug, secretPath, slug, ttl, principals) |
There was a problem hiding this comment.
I think for the cache we won't have a problem if the principals are different, but can't this be a problem on the etag as well? if they change the order of the principals, this would cause a difference an we would write on disk the change (which in case wouldn't really be a change, since only the order was changed)
Not sure if this is a problem, I just wanted to raise this so we can discuss.
There was a problem hiding this comment.
I think it should be fine because if a new lease was issued, then we should probably put that in the file rather than having the old one. The old one would expire on its own by the TTL.
And this should only happen if somebody is manually updating the template and the principal order, so it looks like they deliberately want that.
2 participants
Description 📣
Adds a
--principalsflag to infisical dynamic-secrets lease create so users can specify which principals to include in SSH dynamic secret leases. Also adds principals support to the agent dynamicSecret template function as an optional 6th argument.Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets