open-vault/changelog/12151.txt at 4f40189d1a505ad4404b5ba51bae2cf51ccc41bb - luxolus/open-vault - Stateless Git Forge

luxolus/open-vault

John-Michael Faircloth 39c744ca4e

identity: do not allow a role's token_ttl to be longer than verification_ttl (#12151 )

* do not allow token_ttl to be longer than verification_ttl

* add verification when updating an existing key

When updating a key, ensure any roles referencing the key do not already
have a token_ttl greater than the key's verification_ttl

* add changelog

* remove unneeded UT check and comment

* refactor based on PR comments

- remove make slice in favor of var delcaration
- remove unneeded if check
- validate expiry value during token generation
- update changelog as bug

* refactor get roles referencing target key names logic

* add note about thread safety to helper func

* update func comment

* sort array and refactor func names

* add warning to return response

* remove unnecessary code from unit test

* Update vault/identity_store_oidc.go

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

2021-07-28 20:34:52 -05:00

4 lines

119 B

Plaintext

Raw Blame History

	```release-note:bug
	`identity: do not allow a role's token_ttl to be longer than the signing key's verification_ttl`
	```