search

opentelekomcloud / vault-plugin-secrets-openstack

Create OpenStack tokens using HashiCorp Vault
Apache License 2.0
23 stars 6 forks source link

Breaking change: clouds - autorotation implementation via periodicfunc #128

Closed artem-lifshits closed 1 year ago

artem-lifshits commented 1 year ago

PR implements autorotation for clouds root passwords via periodicfunc which happens every 1h. All root passwords for all clouds will be rotated, if root_password_ttl was not set on creation - a default 60 days rotation duration will be used.

Acceptance tests

vault-plugin-secrets-openstack % make functional Running acceptance tests... === RUN TestPlugin === RUN TestPlugin/TestCloudLifecycle === RUN TestPlugin/TestCloudLifecycle/WriteCloud === RUN TestPlugin/TestCloudLifecycle/ReadCloud === RUN TestPlugin/TestCloudLifecycle/ListClouds === RUN TestPlugin/TestCloudLifecycle/ListClouds/method-LIST === PAUSE TestPlugin/TestCloudLifecycle/ListClouds/method-LIST === RUN TestPlugin/TestCloudLifecycle/ListClouds/method-GET === PAUSE TestPlugin/TestCloudLifecycle/ListClouds/method-GET === CONT TestPlugin/TestCloudLifecycle/ListClouds/method-LIST === CONT TestPlugin/TestCloudLifecycle/ListClouds/method-GET === RUN TestPlugin/TestCloudLifecycle/DeleteCloud === RUN TestPlugin/TestCredsLifecycle === RUN TestPlugin/TestCredsLifecycle/user_password === RUN TestPlugin/TestCredsLifecycle/user_domain_id_token === RUN TestPlugin/TestCredsLifecycle/root_token === RUN TestPlugin/TestCredsLifecycle/user_token === RUN TestPlugin/TestInfo === RUN TestPlugin/TestRoleLifecycle === RUN TestPlugin/TestRoleLifecycle/WriteRole === RUN TestPlugin/TestRoleLifecycle/ReadRole === RUN TestPlugin/TestRoleLifecycle/ListRoles === RUN TestPlugin/TestRoleLifecycle/ListRoles/method-LIST === PAUSE TestPlugin/TestRoleLifecycle/ListRoles/method-LIST === RUN TestPlugin/TestRoleLifecycle/ListRoles/method-GET === PAUSE TestPlugin/TestRoleLifecycle/ListRoles/method-GET === CONT TestPlugin/TestRoleLifecycle/ListRoles/method-LIST === CONT TestPlugin/TestRoleLifecycle/ListRoles/method-GET === RUN TestPlugin/TestRoleLifecycle/DeleteRole === RUN TestPlugin/TestRootRotate rotate_test.go:65: Cloud with name default1 was created rotate_test.go:68: Cloud with name xe9o was created plugin_test.go:337: Cloud with name xe9o has been removed plugin_test.go:337: Cloud with name default1 has been removed === RUN TestPlugin/TestStaticCredsLifecycle === RUN TestPlugin/TestStaticCredsLifecycle/user_password === RUN TestPlugin/TestStaticCredsLifecycle/user_token_project_id === RUN TestPlugin/TestStaticCredsLifecycle/user_token_project_name === RUN TestPlugin/TestStaticCredsLifecycle/user_domain_id_token === RUN TestPlugin/TestStaticRoleLifecycle === RUN TestPlugin/TestStaticRoleLifecycle/WriteRole === RUN TestPlugin/TestStaticRoleLifecycle/ReadRole === RUN TestPlugin/TestStaticRoleLifecycle/ListRoles === RUN TestPlugin/TestStaticRoleLifecycle/ListRoles/method-LIST === PAUSE TestPlugin/TestStaticRoleLifecycle/ListRoles/method-LIST === RUN TestPlugin/TestStaticRoleLifecycle/ListRoles/method-GET === PAUSE TestPlugin/TestStaticRoleLifecycle/ListRoles/method-GET === CONT TestPlugin/TestStaticRoleLifecycle/ListRoles/method-LIST === CONT TestPlugin/TestStaticRoleLifecycle/ListRoles/method-GET === RUN TestPlugin/TestStaticRoleLifecycle/DeleteRole --- PASS: TestPlugin (31.87s) --- PASS: TestPlugin/TestCloudLifecycle (0.05s) --- PASS: TestPlugin/TestCloudLifecycle/WriteCloud (0.04s) --- PASS: TestPlugin/TestCloudLifecycle/ReadCloud (0.00s) --- PASS: TestPlugin/TestCloudLifecycle/ListClouds (0.00s) --- PASS: TestPlugin/TestCloudLifecycle/ListClouds/method-LIST (0.00s) --- PASS: TestPlugin/TestCloudLifecycle/ListClouds/method-GET (0.00s) --- PASS: TestPlugin/TestCloudLifecycle/DeleteCloud (0.00s) --- PASS: TestPlugin/TestCredsLifecycle (7.94s) --- PASS: TestPlugin/TestCredsLifecycle/user_password (1.89s) --- PASS: TestPlugin/TestCredsLifecycle/user_domain_id_token (1.98s) --- PASS: TestPlugin/TestCredsLifecycle/root_token (0.82s) --- PASS: TestPlugin/TestCredsLifecycle/user_token (2.35s) --- PASS: TestPlugin/TestInfo (0.00s) --- PASS: TestPlugin/TestRoleLifecycle (0.59s) --- PASS: TestPlugin/TestRoleLifecycle/WriteRole (0.58s) --- PASS: TestPlugin/TestRoleLifecycle/ReadRole (0.00s) --- PASS: TestPlugin/TestRoleLifecycle/ListRoles (0.00s) --- PASS: TestPlugin/TestRoleLifecycle/ListRoles/method-GET (0.00s) --- PASS: TestPlugin/TestRoleLifecycle/ListRoles/method-LIST (0.00s) --- PASS: TestPlugin/TestRoleLifecycle/DeleteRole (0.00s) --- PASS: TestPlugin/TestRootRotate (4.56s) --- PASS: TestPlugin/TestStaticCredsLifecycle (15.54s) --- PASS: TestPlugin/TestStaticCredsLifecycle/user_password (3.26s) --- PASS: TestPlugin/TestStaticCredsLifecycle/user_token_project_id (3.70s) --- PASS: TestPlugin/TestStaticCredsLifecycle/user_token_project_name (3.76s) --- PASS: TestPlugin/TestStaticCredsLifecycle/user_domain_id_token (3.77s) --- PASS: TestPlugin/TestStaticRoleLifecycle (2.72s) --- PASS: TestPlugin/TestStaticRoleLifecycle/WriteRole (1.01s) --- PASS: TestPlugin/TestStaticRoleLifecycle/ReadRole (0.00s) --- PASS: TestPlugin/TestStaticRoleLifecycle/ListRoles (0.00s) --- PASS: TestPlugin/TestStaticRoleLifecycle/ListRoles/method-LIST (0.00s) --- PASS: TestPlugin/TestStaticRoleLifecycle/ListRoles/method-GET (0.00s) --- PASS: TestPlugin/TestStaticRoleLifecycle/DeleteRole (0.00s) PASS ok github.com/opentelekomcloud/vault-plugin-secrets-openstack/acceptance 32.365s

artem-lifshits commented 1 year ago

Recheck

otc-zuul[bot] commented 1 year ago

Build succeeded. https://zuul.otc-service.com/t/eco/buildset/312d4242a39c4788b8036fe64e6c017c

:heavy_check_mark: build-sphinx-docs SUCCESS in 3m 28s :heavy_check_mark: otc-golangci-lint SUCCESS in 1m 50s :heavy_check_mark: golang-make-vet SUCCESS in 1m 55s :heavy_check_mark: golang-make-test SUCCESS in 1m 52s :heavy_check_mark: goreleaser-build SUCCESS in 3m 58s