Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add back support for deriving the provider namespace from the Vault token's #1841

Merged
merged 7 commits into from
Jun 5, 2023
Merged

Add back support for deriving the provider namespace from the Vault token's #1841

merged 7 commits into from
Jun 5, 2023

Conversation

benashz
Copy link
Contributor

@benashz benashz commented May 4, 2023
edited
Loading

This PR reverts the revert PR #1840, and adds back support for deriving the provider namespace from the Vault token.

It supports the following configurations:

  • namespace set in the token and not set on the provider: use the token's namespace for provisioning
  • namespace set on the provider: use that for provisioning
  • namespace set on an auth_login* and not set on the provider: use the auth_login* namespace for provisioning (essentially point 1 above)

Other fixes:

  • log a warning if the token TTL is below a certain value e.g 10m
  • document Token TTL best practices

Closes #602

@benashz
Ensure that the auth_login honours the provider's namespace (#1830)
32398d9 
Previously, when any auth_login was configured with provider.namespace,
the login would not be done in the correct namespace. This was a big
problem for HCP Vault users, since the default namespace for on an HCP
Vault cluster is admin.

* Only set the parent client's namespace once.
@benashz
Copy link
Contributor Author

benashz commented May 4, 2023

Going to add some tests.

@benashz benashz force-pushed the VAULT-15937/ensure-auth-login-honours-the-provider-namespace-2 branch from 96f4c39 to 22da685 Compare May 4, 2023 14:49
@benashz benashz marked this pull request as draft May 4, 2023 14:56
@browley86 browley86 mentioned this pull request May 11, 2023
Closed
@benashz benashz added this to the 3.16.0 milestone Jun 1, 2023
@github-actions github-actions bot added size/XL and removed size/L labels Jun 5, 2023
@benashz benashz marked this pull request as ready for review June 5, 2023 15:42
@benashz benashz merged commit be43cea into main Jun 5, 2023
7 checks passed
@benashz benashz deleted the VAULT-15937/ensure-auth-login-honours-the-provider-namespace-2 branch June 5, 2023 21:02
@Xavier59 Xavier59 mentioned this pull request Jun 21, 2023
Open
@aayeni1 aayeni1 modified the milestones: 3.16.0, 3.17.0 Jul 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncabatoff ncabatoff ncabatoff left review comments

@fairclothjm fairclothjm fairclothjm approved these changes

@vinay-gopalan vinay-gopalan vinay-gopalan approved these changes

Assignees
No one assigned
Labels
dependencies documentation size/XL
Projects
None yet
Milestone
3.16.0
Development

Successfully merging this pull request may close these issues.

vault provider does not use namespace creating child token
5 participants
@benashz @ncabatoff @fairclothjm @vinay-gopalan @aayeni1