Conversation
github-actions
bot
added
the
hashicorp-contributed-pr
|
Build Results: |
|
CI Results: |
| editType: 'ttl', | ||
| helperTextDisabled: | ||
| 'Specifies how long the root password is valid for in Azure when rotate-root generates a new client secret. Defaults to 182 days or 6 months, 1 day and 13 hours.', | ||
| // default is 15768000 sec. The api docs say 182 days, but this should be updated to 182.5 days. |
There was a problem hiding this comment.
I'm going to ask the backend about this, but for now I wanted to leave the note in the code because it's confusing when we formate the returned default to 6 months 1 day 13 hours but if you pass in 182 days this is formatted to 6 months 1 day 1 hour.
| client_id: 'client-id', | ||
| root_password_ttl: '20 days 20 hours', | ||
| environment: 'AZUREPUBLICCLOUD', | ||
| root_password_ttl: '1800000s', |
There was a problem hiding this comment.
should have passed in seconds originally as that's what the api does.
| module('create', function () { | ||
| test('it should save azure account accessType options', async function (assert) { | ||
| test('it should save azure account options', async function (assert) { | ||
| // there are no azure specific options that can be returned from the API so confirm the generic options are saved. |
There was a problem hiding this comment.
Very similar acceptance tests that we do for GCP as it too cannot check if GCP specific options where set.
|
|
||
| @attr('string', { | ||
| subText: | ||
| 'This value can also be provided with the AZURE_ENVIRONMENT environment variable. If not specified, Vault will use Azure Public Cloud.', |
There was a problem hiding this comment.
This text was in the full Azure build out designs, and it seemed helpful so I added.
| assert | ||
| .dom(GENERAL.infoRowValue('Root password TTL')) | ||
| .hasText( | ||
| '1 hour 26 minutes 40 seconds', |
There was a problem hiding this comment.
I messed around some with the secret-engine-helper.js method fillInAzureConfig so this value changed.
| await click(SES.configTab); | ||
| await click(SES.configure); | ||
| await fillInAzureConfig('withWif'); | ||
| await fillInAzureConfig(true); |
There was a problem hiding this comment.
changed this method to match the feedback on similar method with fillInGcpConfig see here.
2 participants
Description
TLDR:
Root password TTLhas to be moved from an Azure account access type to a generic one that can bet set be set alongside wif and non-wif attributes. See original PR #29047 description's, this change addsRoot password TTLto both columns, likeEnvironment.Context:
Root password TTLis only ever used when the user rotates their root credentials (not currently supported in this work), and is used to set an expiration date on the newly created credential. So a user could theoretically use WIF to set up Azure first (thereby using a zero-secret configuration for Vault), and then rotate root credentials to then start leveraging theRoot password TTLto generate a new Client Secret value for future use.Note: I updated the Azure Config form to match the newer designs proposed in the full Azure secret engine build out. Confirmed with Design this is this look is desired. This meant:
EnvironmentandRoot password TTLunder it.Environment's helper text.WITH UPDATES
(toggle to wif)
BEFORE
(toggle to wif)