Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(pdk/db) kong.vault.try function and automatic secret rotation of postgres credentials #8967

Merged
merged 3 commits into from Jul 7, 2022
Merged

feat(pdk/db) kong.vault.try function and automatic secret rotation of postgres credentials #8967

merged 3 commits into from Jul 7, 2022

Conversation

bungle
Copy link
Member

@bungle bungle commented Jun 16, 2022
edited

Summary

This PR contains three commits on top of #8966 (which is now merged):

  1. feat(pdk) add kong.vault.try helper function for secret rotation: Adds experimental (for now) kong.vault.try function that can be used to implement automatic secret rotation.
  2. feat(db) add automatic secret rotation of postgres username and password: Adds automatic secret rotation of postgres username and password.
  3. feat(pdk) add rate-limiting to kong.vault.try function

@bungle bungle force-pushed the feat/vault-rotation branch 5 times, most recently from b528d6f to cc82cf4 Compare June 27, 2022 20:34
@bungle bungle force-pushed the feat/vault-rotation branch 5 times, most recently from 7913666 to d2262da Compare June 29, 2022 10:28
@bungle bungle marked this pull request as ready for review June 29, 2022 10:30
@bungle bungle requested a review from a team as a code owner June 29, 2022 10:30
@bungle bungle force-pushed the feat/vault-rotation branch 2 times, most recently from 05c5738 to 4c1cfd3 Compare June 29, 2022 11:35
@bungle bungle requested a review from jschmid1 June 29, 2022 20:00
@bungle bungle force-pushed the feat/vault-rotation branch 2 times, most recently from 9052c64 to f18559a Compare July 7, 2022 09:22
jschmid1
jschmid1 reviewed Jul 7, 2022
View reviewed changes
kong/pdk/vault.lua Outdated Show resolved Hide resolved
kong/pdk/vault.lua Show resolved Hide resolved
@bungle
feat(pdk) add kong.vault.try helper function for secret rotation
3cb7b7b 
### Summary

Adds experimental (for now) kong.vault.try function that can be used to implement
automatic secret rotation.
@bungle
feat(db) add automatic secret rotation of postgres username and password
6bfb80d 
### Summary

Adds automatic secret rotation of postgres username and password.
@bungle
feat(pdk) add rate-limiting to kong.vault.try function
123551b 
### Summary

Adds rate-limiting so that `kong.vault.try` will not call the vault apis
everytime it fails with a callback. This will limit concurrency on vault
credentials update. The waiting threads wait at maximum 1 second.
@jschmid1
Copy link
Contributor

jschmid1 commented Jul 7, 2022

Note: we may want to change the way the options table is used. Instead of changing the content during runtime, we should think about using separate args that are generated from the refs lookup

@bungle bungle merged commit 5d721ac into master Jul 7, 2022
@bungle bungle deleted the feat/vault-rotation branch July 7, 2022 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschmid1 jschmid1 jschmid1 approved these changes

Assignees
No one assigned
Labels
changelog core/db core/pdk size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bungle @jschmid1