Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport #122 to vault 1.9 #131

Merged
merged 1 commit into from
Jan 19, 2022
Merged

Backport #122 to vault 1.9 #131

merged 1 commit into from
Jan 19, 2022

Conversation

tvoran
Copy link
Member

@tvoran tvoran commented Jan 18, 2022

Overview

Backporting #122 to release/vault-1.9.x

Design of Change

git checkout release/vault-1.9.x
git pull
git checkout -b backport-1.9-pr122
git cherry-pick d289258274b7eab9b0eda679ab996c0c91403e78

Related Issues/Pull Requests

PR #122

@tsaarni @tvoran
Do not store local service account token and CA to config. (#122)
90a3bd1 
When defaulting to local JWT token and CA certificate in a pod, always read
them from local filesystem and do not store them persistently with the config.

Token will be re-read periodically to avoid using expired token.

The change allows running Vault on Kubernetes 1.21 and newer, which switched
to ID token that is bound to the pod and will expire.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* review comment fix: load only token or ca cert if other is given in config

* changed the reload period to 1 minute

* fixed review comments

* take lock also on alias lookahead path

* more review fixes

* proposal to fix the read/write lock issue

* fixed typo

* cachedFile by value to avoid mutation while not holding log

* acquire lock in same place as in pathLogin

* added debug log entry when local token is not found and falling back to client token
@tvoran tvoran mentioned this pull request Jan 19, 2022
Merged
@tvoran tvoran merged commit e2ded2a into release/vault-1.9.x Jan 19, 2022
@tvoran tvoran deleted the backport-1.9-pr122 branch January 19, 2022 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomhjp tomhjp tomhjp approved these changes

@imthaghost imthaghost Awaiting requested review from imthaghost

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tvoran @tomhjp @tsaarni