search

hashicorp / vault-secrets-operator

The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.
https://hashicorp.com
Other
436 stars 89 forks source link

Call VDS callbacks on VaultAuth and VaultConnection changes #739

Closed benashz closed 2 months ago

benashz commented 2 months ago

During some internal work we discovered that when updating a VaultAuth instance, any associated Vault Clients are pruned from the cache without notifying the VaultDynamicSecrets controller. This could potentially lead to premature revocation of secret leases, causing service disruptions for applications that rely on valid secret data.

Upon update to a VaultAuth or VaultClient instance, the CachingClientFactory will send any pruned Clients to its callbackHandler channel. Upon deletion of either resource, the Client will be removed from the cache and no callbacks will be called.

thyton commented 2 months ago

LGTM. Let me know when the update for integration tests is in. I can continue the review then.

benashz commented 2 months ago

LGTM. Let me know when the update for integration tests is in. I can continue the review then.

Updated with bb331e3023f62abe04b33ef43c99277e83814311