Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert changes to STS leases but keep the ttl field #20034

Merged
merged 6 commits into from
Apr 13, 2023
Merged

Revert changes to STS leases but keep the ttl field #20034

merged 6 commits into from
Apr 13, 2023

Conversation

kschoche
Copy link
Contributor

@kschoche kschoche commented Apr 6, 2023
edited

@kschoche kschoche changed the title [wip] revert changes, create a lease for STS credentials but keep the ttl [wip] reverting changes, create a lease for STS credentials but keep the ttl Apr 6, 2023
@kschoche kschoche added this to the 1.13.2 milestone Apr 7, 2023
@kschoche kschoche added the backport/1.13.x Backport changes to `release/1.13.x` label Apr 12, 2023
@kschoche kschoche changed the title [wip] reverting changes, create a lease for STS credentials but keep the ttl Revert changes to STS leases but keep the ttl field Apr 12, 2023
@kschoche kschoche self-assigned this Apr 12, 2023
@kschoche kschoche marked this pull request as ready for review April 12, 2023 18:50
@kschoche kschoche requested review from a team, robmonte and austingebauer April 12, 2023 18:50
calvn
calvn reviewed Apr 12, 2023
View reviewed changes
changelog/20034.txt Outdated Show resolved Hide resolved
@kschoche @calvn
Update changelog/20034.txt
532a012 
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
austingebauer
austingebauer approved these changes Apr 12, 2023
View reviewed changes
Copy link
Member

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alex-ikse
Copy link

Will fix: hashicorp/terraform-provider-vault#1805

@maxb
Copy link
Contributor

maxb commented Apr 13, 2023

But this is going to revert the efficiency optimization which was the original purpose of removing the leases too...

Wouldn't it be better to aim for a solution that gave clients the necessary compatible feedback in responses, but also retained the optimization?

@Shocktrooper Shocktrooper mentioned this pull request Apr 13, 2023
Open
robmonte
robmonte approved these changes Apr 13, 2023
View reviewed changes
Copy link
Member

@robmonte robmonte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@alex-ikse
Copy link

Wouldn't it be better to aim for a solution that gave clients the necessary compatible feedback in responses, but also retained the optimization?

Terraform Vault provider must be updated before doing this kind of change. See: hashicorp/terraform-provider-vault#1805

@kschoche kschoche merged commit 8fa5605 into main Apr 13, 2023
85 checks passed
@kschoche
Copy link
Contributor Author

But this is going to revert the efficiency optimization which was the original purpose of removing the leases too...

Wouldn't it be better to aim for a solution that gave clients the necessary compatible feedback in responses, but also retained the optimization?

Hi @maxb - Thanks for pointing this out. Right now, it’s our first priority to fix the broken clients. We can circle back and introduce a no_lease option in the future for those who are concerned about the cost of the lease.

Merged
@robmonte robmonte deleted the VAULT-15280/revert_STS_lease_duration_changes branch November 1, 2023 19:20
@VioletHynes VioletHynes mentioned this pull request May 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn left review comments

@robmonte robmonte robmonte approved these changes

@austingebauer austingebauer austingebauer approved these changes

Assignees

@kschoche kschoche

Labels
backport/1.13.x Backport changes to `release/1.13.x` bug Used to indicate a potential bug secret/aws
Projects
None yet
Milestone
1.13.2
Development

Successfully merging this pull request may close these issues.

AWS secrets engine no longer returns lease_duration for STS credentials
6 participants
@kschoche @alex-ikse @maxb @calvn @robmonte @austingebauer