Combined Database backend: remove create/delete support #6951
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After #6834 was merged we decided to remove the support for creating or deleting database users with the new Static Roles feature. Instead, Vault requires the database user already exist at the time the Static Role is created, and continue to exist for the duration that Vault will manage password rotation. When destroying the Static Role in Vault, we will no longer offer or attempt to also delete the database user. We felt that the core purpose / benefit of this feature is to automate password rotation, and as such we should not cross over the boundary into managing the existence of the database user as well.
This PR removes all database statement fields except
rotation_statements
, as well as the optional toggle to delete the database user, from the Static Role configuration.Misc. details:
pathRoleReadCommon
. Static Roles no longer have any statements other thanrotation_statements
, so the common methods seemed superfluous.