search

mongodb / vault-plugin-secrets-mongodbatlas

ARCHIVED - Hashicorp Vault MongoDB Atlas Secrets Engine - Now hosted at https://github.com/hashicorp/vault-plugin-secrets-mongodbatlas/
Mozilla Public License 2.0
15 stars 11 forks source link

Inconsistent lease renewal as compared to the vault's database backend. #12

Closed heprotecbuthealsoattac closed 5 years ago

heprotecbuthealsoattac commented 5 years ago

My backend configuration role is as follows:

prompt> vault read atlas/roles/machine
Key                       Value
---                       -----
cidr_blocks               <nil>
credential_type           database_user
database_name             admin
ip_addresses              <nil>
max_ttl                   4h0m0s
organization_id           n/a
programmatic_key_roles    <nil>
project_id                <myid>
roles                     [{"databaseName":"admin","roleName":"readWriteAnyDatabase"}]
ttl                       4h0m0s

When I renew the lease like so:

vault write sys/leases/renew lease_id=atlas/creds/machine/CRcZm6yB2kZ3mb54ocpHdWFp
---                -----
lease_id           atlas/creds/machine/CRcZm6yB2kZ3mb54ocpHdWFp
lease_duration     5m
lease_renewable    true

I'm getting 5m which is the system wide default ttl and not role's maximum ttl as is the case with the database backend's leases.

So expected behaviour would be to get the lease prolonged by 4 hours and not 5 minutes.

themantissa commented 5 years ago

It looks like this may be a older build as we just redid the backend a bit in this area - we are still in development so bear with us. @thetonymaster please check this out as well. thank you!