(maint) Make auth key optional when configuring plugin
#8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lucywyman
force-pushed
the
maint-make-vault-optional
branch
3 times, most recently
from
4d5666c to
3c560ce
Compare
When this plugin was baked in to Bolt, the `auth` key was optional because we also accepted the value as an environment variable. So we didn't check if `auth` was set, then read the environment variable, and did nothing if neither was set. When I moved this out to be a standalone plugin I changed this to merge the user-set options over the ENV var defaults, and then check that required keys were required, namely `server-url` and `auth` which were not previously checked. However if you're using an agent to connect to vault, you can connect Bolt directly to the agent which authenticates with the vault server using it's own certs, which doesn't require Bolt to authenticate with Vault. This means the `auth` option is, in fact, optional. This PR removes it from required key validation.
lucywyman
force-pushed
the
maint-make-vault-optional
branch
from
3c560ce to
46448bc
Compare
Adding assignment to carry merged env_opts forward.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When this plugin was baked in to Bolt, the
authkey was optionalbecause we also accepted the value as an environment variable. So we
didn't check if
authwas set, then read the environment variable, anddid nothing if neither was set. When I moved this out to be a standalone
plugin I changed this to merge the user-set options over the ENV var
defaults, and then check that required keys were required, namely
server-urlandauthwhich were not previously checked. However ifyou're using an agent to connect to vault, you can connect Bolt directly
to the agent which authenticates with the vault server using it's own
certs, which doesn't require Bolt to authenticate with Vault. This means
the
authoption is, in fact, optional. This PR removes it fromrequired key validation.