Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nested secrets handling fix for zookeeper and file based backend. #1964

Merged
merged 3 commits into from Oct 5, 2016
Merged

Nested secrets handling fix for zookeeper and file based backend. #1964

merged 3 commits into from Oct 5, 2016

Commits on Oct 4, 2016

  1. Add tests for nested/prefixed secrets removal. 

    Current tests were not checking if backends are properly removing
nested secrets. We follow here the behaviour of Consul backend, where
empty "directories/prefixes" are automatically removed by Consul itself.
    @vespian
    vespian committed Oct 4, 2016
    Copy the full SHA
    7b5f467 View commit details
    Browse the repository at this point in the history

  2. Fix zookeeper backend so that properly deletes/lists secrets. 

    This patch fixes two bugs in Zookeeper backends:
 * backend was determining if the node is a leaf or not basing on the number
   of the childer given node has. This is incorrect if you consider the fact
   that deleteing nested node can leave empty prefixes/dirs behind which have
   neither children nor data inside. The fix changes this situation by testing
   if the node has any data set - if not then it is not a leaf.
 * zookeeper does not delete nodes that do not have childern just like consul
   does and this leads to leaving empty nodes behind. In order to fix it, we
   scan the logical path of a secret being deleted for empty dirs/prefixes and
   remove them up until first non-empty one.
    @vespian
    vespian committed Oct 4, 2016
    Copy the full SHA
    d13c10f View commit details
    Browse the repository at this point in the history

  3. Fix file backend so that it properly removes nested secrets. 

    This patch makes file backend properly remove nested secrets, without leaving
empty directory artifacts, no matter how nested directories were.
    @vespian
    vespian committed Oct 4, 2016
    Copy the full SHA
    3156098 View commit details
    Browse the repository at this point in the history