Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport release/3.4.x] fix(vault): fix several issues in vault and refactor the vault code base #11521

Merged
merged 1 commit into from
Sep 20, 2023
Merged

[Backport release/3.4.x] fix(vault): fix several issues in vault and refactor the vault code base #11521

merged 1 commit into from
Sep 20, 2023

Conversation

team-gateway-bot
Copy link
Collaborator

Backport fd64029 from #11402.

@bungle @github-actions
fix(vault): fix several issues in vault and refactor the vault code b…
e61bba4 
…ase (#11402)

### Summary

- Make DAOs to fallback to empty string when resolving Vault references fail
- Use node level mutex when rotation references
- Refresh references on config changes
- Update plugin referenced values only once per request
- Pass only the valid config options to vault implementations
- Resolve multi-value secrets only once when rotating them
- Do not start vault secrets rotation timer on control planes
- Re-enable negative caching
- Reimplement the kong.vault.try function
- Remove references from rotation in case their configuration has changed

#### Commits before squashing them (it turned out difficult to split last refactoring commit)

- tests(vault): should be able to detect new references when plugin config changes
- fix(schema): process auto fields to default to empty string on resolve failures
- fix(schema): use pairs to adjust_field_for_context with arrays and sets
- perf(plugin-iterator): vault.update only once per request on global iterator
- docs(vault): mark local functions with local-attribute
- fix(vault): use node level mutex instead of a thread level semaphore
- fix(vault): add validation back as the yielding is fixed
- refactor(vault): move parse_reference close to is_reference
- fix(vault): refresh secrets on flush in timer
- refactor(vault): refactor the vault local update function
- chore(vault): add cooperative yielding on secret rotation
- fix(vault): no event handlers or rotation timer on control planes
- refactor(vault): cache key generation and parsing
- chore(vault): rename get_subfield to extract_key_from_json_string
- chore(vault): rename flush_and_refresh to handle_vault_crud_event
- refactor(vault): refactor vault code base

Signed-off-by: Aapo Talvensaari <[email protected]>
(cherry picked from commit fd64029)
@kikito kikito requested a review from hanshuebner September 19, 2023 08:27
@hanshuebner
Copy link
Contributor

@bungle Why is this going onto release/3.4.x and not next/3.4.x.x?

@github-actions github-actions bot added the author/community PRs from the open-source community (not Kong Inc) label Sep 19, 2023
@hanshuebner hanshuebner merged commit 38f2c25 into release/3.4.x Sep 20, 2023
25 checks passed
@hanshuebner hanshuebner deleted the backport-11402-to-release/3.4.x branch September 20, 2023 08:59
@kikito kikito mentioned this pull request Oct 3, 2023
Merged
@kikito kikito mentioned this pull request Jan 24, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hanshuebner hanshuebner hanshuebner approved these changes

Assignees

@team-gateway-bot team-gateway-bot

Labels
author/community PRs from the open-source community (not Kong Inc) core/db core/pdk core/proxy schema-change-noteworthy size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@team-gateway-bot @hanshuebner @bungle