scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

VAULT-24736 CE changes for static secret capability behaviour toggle (#26744)

Browse Source
This commit is contained in:
Violet Hynes
2024-05-03 14:12:19 -04:00
committed by GitHub
parent 2a99b3651f
commit f2b4ca4def
6 changed files with 149 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
command/proxy/config/config.go
View File

@@ -109,6 +109,7 @@ type Cache struct {
DisableCachingDynamicSecrets bool `hcl:"disable_caching_dynamic_secrets"`
StaticSecretTokenCapabilityRefreshIntervalRaw interface{} `hcl:"static_secret_token_capability_refresh_interval"`
StaticSecretTokenCapabilityRefreshInterval time.Duration `hcl:"-"`
StaticSecretTokenCapabilityRefreshBehaviour string `hcl:"static_secret_token_capability_refresh_behavior"`
}
// AutoAuth is the configured authentication method and sinks
@@ -271,6 +272,15 @@ func (c *Config) ValidateConfig() error {
return fmt.Errorf("no auto_auth, cache, or listener block found in config")
}
if c.Cache != nil && c.Cache.StaticSecretTokenCapabilityRefreshBehaviour != "" {
switch c.Cache.StaticSecretTokenCapabilityRefreshBehaviour {
case "pessimistic":
case "optimistic":
default:
return fmt.Errorf("cache.static_secret_token_capability_refresh_behavior must be either \"optimistic\" or \"pessimistic\"")
}
}
return nil
}