Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Versioned KV support #1180

Merged
merged 7 commits into from
Feb 13, 2019
Merged

Versioned KV support #1180

merged 7 commits into from
Feb 13, 2019

Conversation

kyhavlov
Copy link
Contributor

@kyhavlov kyhavlov commented Feb 9, 2019

This PR adds support for reading secrets from the v2 KV secrets engine in Vault.

Fixes #1121
Fixes #1146

pearkes
pearkes reviewed Feb 13, 2019
View reviewed changes
Copy link
Contributor

@pearkes pearkes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor docs comments but otherwise LGTM!

README.md Show resolved Hide resolved
README.md Show resolved Hide resolved
pearkes
pearkes reviewed Feb 13, 2019
View reviewed changes
Copy link
Contributor

@pearkes pearkes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more small thought on the readme!

README.md Show resolved Hide resolved
pearkes
pearkes approved these changes Feb 13, 2019
View reviewed changes
Copy link
Contributor

@pearkes pearkes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! :shipit:

@pearkes pearkes added this to the v0.20.0 milestone Feb 13, 2019
@kyhavlov kyhavlov merged commit 944943e into master Feb 13, 2019
@kyhavlov kyhavlov deleted the versioned-secrets branch February 13, 2019 02:22
notnoop pushed a commit to notnoop/consul-template that referenced this pull request Jul 16, 2019
Ignore anonymous request failures checking kv status
64bbf6a 
When making unauthenticated secret lookup requests, ignore errors that
result from checking the secret mount type.  If it's a persistent error,
the error on the actual lookup.

This restores behavior to before
hashicorp#1180 .
A nomad enterprise customer hit this regression.
notnoop pushed a commit to notnoop/consul-template that referenced this pull request Jul 16, 2019
Ignore anonymous request failures checking kv status
ae80c54 
When making unauthenticated secret lookup requests, ignore errors that
result from checking the secret mount type.  If it's a persistent error,
the error on the actual lookup.

This restores behavior to before
hashicorp#1180 .
@notnoop notnoop mentioned this pull request Jul 16, 2019
Merged
notnoop pushed a commit to notnoop/consul-template that referenced this pull request Aug 9, 2019
Read paths unmodified if KVv2 status check fails
f5549c6 
When vault.read fails to determine whether a path is KVv2, assume it's
KVv1 and read from the path as passed from user.

Here we fallback to behavior prior to hashicorp#1180,
so KVv2 check is for enhancement only.  If user truely lacks access, the
secret lookup call would fail and we report error back.

A customer hit a regression after they upgraded nomad with updated
consul-template, where their templates failed to read approle info
because isKVv2 returned an error.  The case is reproduced in
`TestVaultReadQuery_Fetch_NonSecrets` test.
@notnoop notnoop mentioned this pull request Aug 9, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pearkes pearkes pearkes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.20.0
Development

Successfully merging this pull request may close these issues.
2 participants
@kyhavlov @pearkes