Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backport -> release/3.5.x] fix(vault): use global query when finding a vault by prefix #12575

Merged
merged 1 commit into from
Mar 13, 2024
Merged

[backport -> release/3.5.x] fix(vault): use global query when finding a vault by prefix #12575

merged 1 commit into from
Mar 13, 2024

Conversation

team-gateway-bot
Copy link
Collaborator

Automated backport to release/3.5.x, triggered by a label in #12572.

Original description

Summary

In FTI-5762 it was reported that there is a problem with secret rotation when vaults are stored inside a workspace. This commit will fix it by passing workspace = null aka making a call a global call which will not then use the possibly incorrect workspace (default) to find vault entity (the vault config). The vault entity prefix is unique across workspaces.

Checklist

  • The Pull Request has tests
  • A changelog file has been created under changelog/unreleased/kong or skip-changelog label added on PR if changelog is unnecessary. README.md
  • There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Issue reference

Fix FTI-5762

@team-gateway-bot team-gateway-bot added cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee core/pdk size/S labels Feb 16, 2024
@team-gateway-bot team-gateway-bot mentioned this pull request Feb 16, 2024
Merged
3 tasks
@github-actions github-actions bot added the core/wasm Everything relevant to [proxy-]wasm label Feb 16, 2024
@locao locao requested a review from brentos March 5, 2024 18:05
@bungle @locao
fix(vault): use global query when finding a vault by prefix (#12572)
0a643b1 
### Summary

In FTI-5762 it was reported that there is a problem with secret rotation when vaults are stored
inside a workspace. This commit will fix it by passing `workspace = null` aka making a call
a global call which will not then use the possibly incorrect workspace (default) to find vault
entity (the vault config). The vault entity prefix is unique across workspaces.

Signed-off-by: Aapo Talvensaari <[email protected]>
(cherry picked from commit 2fb898d)
@locao locao force-pushed the backport-12572-to-release/3.5.x branch from a4205c7 to 0a643b1 Compare March 6, 2024 13:33
@bungle bungle merged commit 226fd1b into release/3.5.x Mar 13, 2024
24 checks passed
@bungle bungle deleted the backport-12572-to-release/3.5.x branch March 13, 2024 20:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brentos brentos brentos approved these changes

@bungle bungle bungle approved these changes

Assignees

@bungle bungle

Labels
cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee core/pdk core/wasm Everything relevant to [proxy-]wasm size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@team-gateway-bot @bungle @brentos