Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 1.8.1: identity: do not allow a role's token_ttl to be longer than verificat… #12213

Merged
merged 2 commits into from Jul 30, 2021
Merged

Backport 1.8.1: identity: do not allow a role's token_ttl to be longer than verificat… #12213

merged 2 commits into from Jul 30, 2021

Conversation

calvn
Copy link
Member

@calvn calvn commented Jul 29, 2021

…ion_ttl (#12151)

  • do not allow token_ttl to be longer than verification_ttl

  • add verification when updating an existing key

When updating a key, ensure any roles referencing the key do not already
have a token_ttl greater than the key's verification_ttl

  • add changelog

  • remove unneeded UT check and comment

  • refactor based on PR comments

  • remove make slice in favor of var delcaration
  • remove unneeded if check
  • validate expiry value during token generation
  • update changelog as bug

  • refactor get roles referencing target key names logic

  • add note about thread safety to helper func

  • update func comment

  • sort array and refactor func names

  • add warning to return response

  • remove unnecessary code from unit test

  • Update vault/identity_store_oidc.go

Co-authored-by: Austin Gebauer 34121980+austingebauer@users.noreply.github.com

Co-authored-by: Austin Gebauer 34121980+austingebauer@users.noreply.github.com

@fairclothjm @austingebauer @calvn
identity: do not allow a role's token_ttl to be longer than verificat…
024ec5e 
…ion_ttl (#12151)

* do not allow token_ttl to be longer than verification_ttl

* add verification when updating an existing key

When updating a key, ensure any roles referencing the key do not already
have a token_ttl greater than the key's verification_ttl

* add changelog

* remove unneeded UT check and comment

* refactor based on PR comments

- remove make slice in favor of var delcaration
- remove unneeded if check
- validate expiry value during token generation
- update changelog as bug

* refactor get roles referencing target key names logic

* add note about thread safety to helper func

* update func comment

* sort array and refactor func names

* add warning to return response

* remove unnecessary code from unit test

* Update vault/identity_store_oidc.go

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
@calvn calvn added this to the 1.8.1 milestone Jul 29, 2021
@calvn calvn requested a review from a team July 29, 2021 23:28
@vercel vercel bot temporarily deployed to Preview – vault July 30, 2021 00:20 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook July 30, 2021 00:20 Inactive
@calvn calvn merged commit f882564 into release/1.8.x Jul 30, 2021
@calvn calvn deleted the backport-pr-12151-1.8.x branch July 30, 2021 01:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@austingebauer austingebauer austingebauer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.8.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@calvn @austingebauer @fairclothjm