leseb
commented
3 years ago One maintainer must "approve and run" the action I believe. @adityadani maybe? Thanks!
Closed leseb closed 3 years ago
leseb
commented
3 years ago One maintainer must "approve and run" the action I believe. @adityadani maybe? Thanks!
leseb
commented
3 years ago @saheienko PATL.
leseb
commented
3 years ago @leseb The changes look good. Apologies for the delay in reviewing this.
No worries! Thanks for the review. Can you create a "vault" label for the GitHub action to run?
leseb
commented
3 years ago @adityadani @saheienko thanks for the label but I think it still needs your permission to run the job for the first time. Thanks
lpabon
commented
3 years ago @leseb Great to see you again. Thanks for the PR!
leseb
commented
3 years ago @leseb Great to see you again. Thanks for the PR!
💪🏻 😄
This commit introduces a way to hard-delete all versioned key from a Vault Secret Engine configured with version 2. By default keys are soft-deleted, so the delete can be undone and any version/revision of the key can be recovered. However, there are scenarios where we want to remove everthing.
This commit expands the keyContext by adding
DestroySecretwhich ones set to any value will destroy the key. This effectively impplement this API spec: https://www.vaultproject.io/api/secret/kv/kv-v2#delete-metadata-and-all-versionsAlso, integration tests have been added to run through github actions. I've notificed the existence of
vault/vault_ci_integration_test.gobut I suspect it's used by another CI elsewhere so I didn't touch it. I've tried to integrate with it at first, but couldn't find any ways to not edit it so I prefered to leave it this way and add another detected file for the upstream CI. The new action will only run if the vault label is applied to the PR so this won't disturb any other PRs.This can be easily changed though.
Signed-off-by: Sébastien Han seb@redhat.com
What this PR does / why we need it:
Which issue(s) this PR fixes (optional) Closes #
Special notes for your reviewer: