Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the role name in the db username #2812

Merged
merged 6 commits into from
Jun 6, 2017
Merged

Use the role name in the db username #2812

merged 6 commits into from
Jun 6, 2017

Conversation

briankassouf
Copy link
Contributor

No description provided.

@briankassouf briankassouf changed the title Pass the role name into the username created by the database backend Use the role name in the db username Jun 5, 2017
@briankassouf briankassouf requested review from calvn and jefferai June 5, 2017 21:28
briankassouf
briankassouf commented Jun 5, 2017
View reviewed changes
builtin/logical/database/dbplugin/plugin.go
@@ -89,7 +96,7 @@ func PluginFactory(pluginName string, sys pluginutil.LookRunnerUtil, logger log.
// This prevents users from executing bad plugins or executing a plugin
// directory. It is a UX feature, not a security feature.
var handshakeConfig = plugin.HandshakeConfig{
ProtocolVersion: 1,
ProtocolVersion: 2,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumping this means all existing plugins will need to recompile and probably update their code.

@briankassouf briankassouf mentioned this pull request Jun 5, 2017
Merged
calvn
calvn reviewed Jun 6, 2017
View reviewed changes
builtin/logical/database/dbplugin/plugin.go
@@ -29,6 +29,13 @@ type Statements struct {
RenewStatements string `json:"renew_statements" mapstructure:"renew_statements" structs:"renew_statements"`
}

// UsernameConfig is used to configure prefixes for the username to be
// generated.
type UsernameConfig struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What would be a case where DisplayName and RoleName are different?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Display names are tied to tokens- the vault user who created the cred. Role name is the name of the database role that created the cred

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, so the role name (and unix timestamp) is now included as part of the username for more verbosity as to who and when the token was created?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct!

calvn
calvn approved these changes Jun 6, 2017
View reviewed changes
Copy link
Contributor

@calvn calvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jefferai jefferai merged commit abc9001 into master Jun 6, 2017
@jefferai jefferai deleted the db-plugin-usernames branch June 6, 2017 13:49
@jefferai jefferai added this to the 0.7.3 milestone Jun 6, 2017
@jefferai jefferai mentioned this pull request Aug 10, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

@jefferai jefferai jefferai approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.7.3
Development

Successfully merging this pull request may close these issues.
3 participants
@briankassouf @jefferai @calvn