Closed fairclothjm closed 5 months ago
This PR adds hierarchical path handling to the following APIs:
This allows creating a static role name with an arbitrary number of forward slashes. For example,
$ vault write ldap/static-role/org/platform/dev \ username="user3" \ rotation_period="5m"
Where org/platform/dev is the role name. Creds can be read and rotated using the same role name and the respective API's. For example,
org/platform/dev
$ vault read ldap/static-cred/org/secure Key Value --- ----- dn n/a last_password a3sQ6OkmXKt2dtx22kAt36YLkkxLsg4RmhMZCLYCBCbvvv67ILROaOokdCaGPEAE last_vault_rotation 2024-05-03T16:39:27.174164-05:00 password ECf7ZoxfDxGuJEYZrzgzTffSIDI4tx5TojBR9wuEGp8bqUXbl4Kr9eAgPjmizcvg rotation_period 5m ttl 4m58s username user2 $ vault write -f ldap/rotate-role/org/secure
Most importantly, this allows us to perform LIST operations to query the available roles. For example,
$ vault list ldap/static-role/org/ Keys ---- platform/ secure $ vault list ldap/static-role/org/platform Keys ---- dev
@benashz @vinay-gopalan I have addressed the bulk of your comments. Any remaining test improvements I will do once we get past feature freeze.
This PR adds hierarchical path handling to the following APIs:
This allows creating a static role name with an arbitrary number of forward slashes. For example,
Where
org/platform/dev
is the role name. Creds can be read and rotated using the same role name and the respective API's. For example,Most importantly, this allows us to perform LIST operations to query the available roles. For example,