Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Support partial updates to database secret backend #3544

Closed
Xopherus opened this issue Nov 7, 2017 · 2 comments
Closed

[Feature Request] Support partial updates to database secret backend #3544

Xopherus opened this issue Nov 7, 2017 · 2 comments

Comments

@Xopherus
Copy link

Xopherus commented Nov 7, 2017

Feature Request:

For some context, I have a repo which codifies most of the mount configuration in my system - basically roles and secret backend configuration (minus the secrets themselves). That means when someone needs a new secret backend, we'll have to manually mount + configure it. After that if we have to add additional roles or make configuration changes (e.g., change a default_lease_ttl) we can do so via mount tuning or via the secret backend's API.

Per the docs, if I want to set up a database connection via the database secret backend, I must issue a write like so:

vault write database/config/connection plugin_name="mysql-database-plugin" connection_url="user:pass@tcp(host:port)/db"

So for example, if I want to add max_connection_lifetime=10m to the connection, I have to issue this:

vault write database/config/connection plugin_name="mysql-database-plugin" connection_url="user:pass@tcp(host:port)/db" max_connection_lifetime=10m

It would be nice to allow partial updates like this:
vault write database/config/connection max_connection_lifetime=10m
@james-lawrence
Copy link

duplicate of #1468

@rwiggins
Copy link
Contributor

Ran into this today. For instance, adding to allowed_roles requires issuing a write with a bunch of details in it. Pretty sure it requires more than just the connection_url and plugin_name to prevent clobbering.

Really frustrating.

jefferai added a commit that referenced this issue Jun 18, 2018
@jefferai
Database updates
341a5b7 
* Add create/update distinction for connection config
* Add create/update distinction for role config
* Add db name and revocation statements to leases to give revocation a
shot at working if the role has been deleted

Fixes #3544
Fixes #4782
@jefferai jefferai mentioned this issue Jun 18, 2018
Merged
jefferai added a commit that referenced this issue Jun 19, 2018
@jefferai
Database updates (#4787)
df00e62 
* Database updates

* Add create/update distinction for connection config
* Add create/update distinction for role config
* Add db name and revocation statements to leases to give revocation a
shot at working if the role has been deleted

Fixes #3544
Fixes #4782

* Add create/update info to docs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rwiggins @james-lawrence @Xopherus