New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
identity: allow creating a role with a non-existent key #12251
Conversation
@@ -0,0 +1,3 @@ | |||
```release-note:bug | |||
identity: allow creating a role with a non-existent key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was always the case, up until #12151 was introduced right? Since this is a bug fix for a PR within 1.8.1 and results in no behavioral change from the user, I wonder if we can just pr/no-changelog
this one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct, thanks
* identity: allow creating a role with a non-existent key * remove whitespace * add changelog
…ey (#12251) (#12257) * identity: allow creating a role with a non-existent key (#12251) * identity: allow creating a role with a non-existent key * remove whitespace * add changelog * changelog: remove 12251 entry (#12256) Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
This PR maintains the current behavior in 1.8 by ensuring that a role can be created with a non-existent key. Any change to this behavior would be a breaking change for those dependent on it.
Background
#12151 fixed a bug that allowed a role's token_ttl to be longer than the verification_ttl of the key it references. However that PR introduced a bug that would cause the creation of a role with a non-existent key to fail with the error:
Since the current plan is to ship #12151 in 1.8.1 then we need to make sure this PR is also shipped in 1.8.1 to maintain backward compatibility with existing behavior.
Additionally, #12208 is planned to be shipped in 1.9 and will enforce the key param and key existence on role creation.