New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use path-based lease revocation #480
Comments
There is probably an issue with dangling |
See also: https://www.vaultproject.io/api/system/leases.html#revoke-lease Did you experience an issue or did you go over the code? Care to explain what NPA is? |
Indeed, the leaseId is not put into the path, as it will be if you reserve something in the path for it. (i.e. "/../{leaseId}") It is indeed put in the body, but I have no idea why vault would need that. (maybe for legacy endpoints) Because as long as it's posting it on a very generic path (/sys/leases/revoke), i'm getting a 403 unless I give my service admin/god-mode. To clarify with an example
It returns a 403 permission denied. A proper vault policy would be to give it [update] rights on the path: Therefore, I believe that the SecretLeaseContainer + LeaseEndpoints should do a PUT on
would be changed to this:
|
The documentation lists only the body-based API as official API and we had several cases where we relied on undocumented API that broke functionality. Also, constraining your policy to Is there a reason why there's no policy setting to allow revocation of own leases? |
Oops, alll the I agree that it isn't completely clear from vault API documentation, but this was what we've discovered by testing against vault. |
Before we attempt addressing that issue in Spring Vault, please file an issue in the Vault project issue tracker to discuss it with the Vault folks. |
We're not going to implement this enhancement as per comment in the linked Vault ticket. |
Sorry for bringing this back from the dead but is there a reason we can't use the |
[Problem]
I'm using the SecretLeaseContainer to manage a secret that rotates. On shutdown of the application SecretLeaseContainer .destroy() is called. Destroying it will revoke all leases.
I'm using LeaseEndpoints.SysLeases.
I think there is a bug in the following code in LeaseEndpoints.SysLeases
operations.exchange("sys/leases/revoke", HttpMethod.PUT, LeaseEndpoints.getLeaseRevocationBody(lease), Map.class, lease.getLeaseId());
Eventhough the leaseId is passed as uriVariables, it is not expanded as such, because that would require "sys/leases/revoke/{leaseId}"
The problem with calling the "sys/lease/revoke" endpoint, is that (my assumption/lack of vault knowledge) my NPA should not have the rights to have update permissions on this path.
This would make my NPA be able to revoke all leases that are handed out for different purposes to different NPAs.
[Expectation]
Revoking a lease on a new endpoint will do a PUT to:
"sys/leases/revoke/{leaseId}", as this complete path will be a path that can be modified by the NPA that also requested/read the lease.
The text was updated successfully, but these errors were encountered: