In the current form WAL rollback leaves apps in soft-deleted state which makes them still count towards tenant AD resource limit. As WAL rollback is supposed to cleanup when role assignment fails during dynamic SP creation it's alway guaranteed to have the App completely unused. With that it makes more sense to always permanently delete those apps on rollback, which is easily configurable in the current implementation.
Design of Change
No real design, just changing to permanently delete apps during rollback instead of default soft-delete.
Test Output
go test -v -run TestRoleAssignmentWALRollback
=== RUN TestRoleAssignmentWALRollback
--- SKIP: TestRoleAssignmentWALRollback (0.00s)
PASS
ok github.com/hashicorp/vault-plugin-secrets-azure 0.198s
Overview
In the current form WAL rollback leaves apps in soft-deleted state which makes them still count towards tenant AD resource limit. As WAL rollback is supposed to cleanup when role assignment fails during dynamic SP creation it's alway guaranteed to have the App completely unused. With that it makes more sense to always permanently delete those apps on rollback, which is easily configurable in the current implementation.
Design of Change
No real design, just changing to permanently delete apps during rollback instead of default soft-delete.
Test Output
Related Issues/Pull Requests
https://github.com/hashicorp/vault-plugin-secrets-azure/pull/110 https://github.com/hashicorp/vault-plugin-secrets-azure/pull/104