iam_server_id_header_value not persisted after updating AWS client config #3004
Comments
|
I looked at the code and it's actually if (almost) any other value is set that value will be saved as well. But there's a note in the code saying that this is specifically the intended behavior (https://github.com/hashicorp/vault/blob/master/builtin/credential/aws/path_config_client.go#L214) I'll need to reach out and figure out what the intention is there; maybe it's something we can issue a warning about. |
|
@joelthompson Looks like that block is your code, can you provide some insight? |
|
Yeah, saw this earlier, will submit a PR tonight to fix. Basically, in this case, we don't want to flush the cached AWS clients, but we do want to write the updated value back to the underlying storage. The existing code has a flag whose meaning is overloaded to both "flush the cached AWS clients" and "write the updated value back to the underlying storage." I was trying to avoid unnecessarily flushing the cached clients, but missed the part where that would also prevent it from getting written to the storage, and hence this bug. |
|
Gotcha. I guess it just means un-overloading the flag, either splitting it into a bit field or into two vars? |
|
Yeah, I think that's pretty much it. |
In auth/aws/config/client, when only the iam_server_id_header_value was being updated on an existing config, it wouldn't get stored because I was trying to avoid unnecessarily flushing the cache of AWS clients, and the flag to not flush the cache also meant that the updated entry didn't get written back to the storage. This now adds a new flag for when other changes occur that don't require flushing the cache but do require getting written to the storage. It also adds a test for this explicitly. Fixes hashicorp#3004
In auth/aws/config/client, when only the iam_server_id_header_value was being updated on an existing config, it wouldn't get stored because I was trying to avoid unnecessarily flushing the cache of AWS clients, and the flag to not flush the cache also meant that the updated entry didn't get written back to the storage. This now adds a new flag for when other changes occur that don't require flushing the cache but do require getting written to the storage. It also adds a test for this explicitly. Fixes #3004
AWS client config value
iam_server_id_header_valueis not persisted when updating the AWS client config.Vault version: Vault v0.7.3 ('0b20ae0b9b7a748d607082b1add3663a28e31b68')
The
iam_server_id_header_valuevalue gets updates as soon asiam_endpointgets included:The text was updated successfully, but these errors were encountered: