Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue #391: fix idempotency issues with ttls in approle_role #459

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Issue #391: fix idempotency issues with ttls in approle_role #459

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions ansible/modules/hashivault/hashivault_approle_role.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,16 @@
- Number of times any particular SecretID can be used.
secret_id_ttl:
description:
- Duration after which any SecretID expires.
- Duration after which any SecretID expires, in seconds
enable_local_secret_ids:
description:
- If set, the secret IDs generated using this role will be cluster local.
token_ttl:
description:
- Duration to set as the TTL for issued tokens and at renewal time.
- Duration to set as the TTL for issued tokens and at renewal time, in seconds.
token_max_ttl:
description:
- Duration after which the issued token can no longer be renewed.
- Duration after which the issued token can no longer be renewed, in seconds.
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There was some code I thought to convert times to an idempotent value. I'm not sure if that would help here. This is a change to the API which would trigger a new major release since it is breaking.

policies:
description:
- Policies for the role.
Expand All @@ -60,7 +60,7 @@
- Comma-separated string or list of CIDR blocks.
token_explicit_max_ttl:
description:
- Encode this value onto the token.
- Encode this value onto the token, in seconds..
token_no_default_policy:
description:
- Default policy will not be set on generated tokens.
Expand Down Expand Up @@ -102,19 +102,19 @@ def main():
argspec['bind_secret_id'] = dict(required=False, type='bool', no_log=True)
argspec['secret_id_bound_cidrs'] = dict(required=False, type='list')
argspec['secret_id_num_uses'] = dict(required=False, type='str')
argspec['secret_id_ttl'] = dict(required=False, type='str')
argspec['secret_id_ttl'] = dict(required=False, type='int')
argspec['enable_local_secret_ids'] = dict(required=False, type='bool')
argspec['token_ttl'] = dict(required=False, type='str')
argspec['token_max_ttl'] = dict(required=False, type='str')
argspec['token_ttl'] = dict(required=False, type='int')
argspec['token_max_ttl'] = dict(required=False, type='int')
argspec['policies'] = dict(required=False, type='list')
argspec['token_policies'] = dict(required=False, type='list', default=[])
argspec['token_bound_cidrs'] = dict(required=False, type='list')
argspec['bound_cidr_list'] = dict(required=False, type='list')
argspec['token_explicit_max_ttl'] = dict(required=False, type='str')
argspec['token_no_default_policy'] = dict(required=False, type='bool')
argspec['token_num_uses'] = dict(required=False, type='int')
argspec['period'] = dict(required=False, type='str')
argspec['token_period'] = dict(required=False, type='str')
argspec['period'] = dict(required=False, type='int')
argspec['token_period'] = dict(required=False, type='int')
argspec['token_type'] = dict(required=False, type='str')
module = hashivault_init(argspec, supports_check_mode=True)
result = hashivault_approle_role(module)
Expand Down