-
Notifications
You must be signed in to change notification settings - Fork 467
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
purgeUnmanagedConfig does not purge secrets engines' configuration #1843
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Projects
Comments
Hey @aabdala, thanks for using bank-vaults, also sorry for the delay. This sounds more like a feature request for me! 🙂 If you find time to implement it, we would be happy to review and include this feature, i.e. purging unmanaged roles, but even it not, I think this has a place on the roadmap! |
This would be a great feature for declaratively managing vault! Plus one |
github-actions
bot
added
the
lifecycle/stale
Denotes an issue or PR that has become stale and will be auto-closed.
label
Jan 28, 2024
Bump |
ramizpolic
removed
the
lifecycle/stale
Denotes an issue or PR that has become stale and will be auto-closed.
label
Jan 30, 2024
ramizpolic
added
the
kind/feature
Categorizes issue or PR as related to a new feature.
label
Jan 30, 2024
github-actions
bot
added
the
lifecycle/stale
Denotes an issue or PR that has become stale and will be auto-closed.
label
Mar 31, 2024
csatib02
removed
the
lifecycle/stale
Denotes an issue or PR that has become stale and will be auto-closed.
label
Mar 31, 2024
github-actions
bot
added
the
lifecycle/stale
Denotes an issue or PR that has become stale and will be auto-closed.
label
Jun 2, 2024
csatib02
removed
the
lifecycle/stale
Denotes an issue or PR that has become stale and will be auto-closed.
label
Jun 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using for example the aws secrets engine, deleting configuration entries for that secrets engine when enabling
purgeUnmanagedConfig
does not seem to be deleting them from vault.From what I've seen in this code it seems to me that either the whole secrets engine is removed if it is not present in the config, or it is left/tuned and existing and new configuration entries are upserted, but the diffing to remove the ones not present in the config anymore does not seem to be implemented.
As an example, having configured the following (trimmed down for brevity)
After deleting the item for
role-2
from the Vault CR configuration, avault read aws/roles/role-2
would still return successfully.This was tested with bank-vaults version 1.15.8 and vault version 1.10.4
/kind bug
The text was updated successfully, but these errors were encountered: