Combined Database backend: remove create/delete support #6951
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Do we need to worry about this test failure?
=== RUN TestPostgresSQL_SetCredentials
--- FAIL: TestPostgresSQL_SetCredentials (2.61s)
postgresql_test.go:356: err: empty rotation statements
FAIL plugins/database/postgresql.TestPostgresSQL_SetCredentials (2.61s)
FAIL plugins/database/postgresql
@tyrannosaurus-becks Yes, thanks for pointing that out 😄 I fixed that in 1367ae4 |
jefferai
approved these changes
Jun 21, 2019
catsby
added a commit
that referenced
this pull request
Jun 24, 2019
* master: (47 commits) Add the ability to use a dev Consul node for dev storage (#6965) Update CHANGELOG.md Correct API docs examples (#6963) Fix test changelog++ Allow turning on client auth in test clusters (#6958) Update vendoring Update SDK version Make CA certificate optional in ClientTLSConfig Update vendor Combined Database backend: remove create/delete support (#6951) Bump sdk Move tls config creation to tlsutil (#6956) Update JWT tips (#6955) raft join tls (#6932) changelog++ UI - add kmip engine (#6936) Pass context to Cassandra queries (#6954) Minor clean up JWT provider docs (#6952) update azure instructions (#6858) ...
This was referenced Jun 24, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After #6834 was merged we decided to remove the support for creating or deleting database users with the new Static Roles feature. Instead, Vault requires the database user already exist at the time the Static Role is created, and continue to exist for the duration that Vault will manage password rotation. When destroying the Static Role in Vault, we will no longer offer or attempt to also delete the database user. We felt that the core purpose / benefit of this feature is to automate password rotation, and as such we should not cross over the boundary into managing the existence of the database user as well.
This PR removes all database statement fields except
rotation_statements, as well as the optional toggle to delete the database user, from the Static Role configuration.Misc. details:
pathRoleReadCommon. Static Roles no longer have any statements other thanrotation_statements, so the common methods seemed superfluous.