vault

Overview

I think it's time to start iterating on hashicorp/consul#11536 . Since, I've gathered some feedback from folks that we can implement.

Suggestions

Let's look at an errored check:

PR seems to modify metrics behavior. It seems no tests or test behavior has been modified.
Please update the PR with any relevant updated testing or add a pr/no-m

i am trying to access tags from service information and perform some operation on tags strings.

{{ range $tag, $services := service "test-service" | byTag }}{{ if $tag | contains "contextPath" }}{{ $tag }}{{ end }}{{ end }}

if tags have contextPath=/service-info I need to just print service-info in the output I just found https://www.terraform.io/language/functions/trimprefix so if

Great new metric last_state, thanks!

We now have a monitoring rule is in place to watch for failed sync. A sync was failing so I deleted the ExternalSecret. However, last_state does not forget and continues to report -1 on the ExternalSecret that no longer exists. It continues to report success on deleted objects as well.

Clearly this is bad and last_state should stop reporting ExternalSecre

On lines
https://github.com/rochacbruno/dynaconf/blob/master/dynaconf/validator.py#L202-L205

validators.validate is calling from_env and it makes the variables to be reloaded from source files.

This is not good for testing.

Solution:

1. Check if validation is happening on the same current env, then don't reload
2. accept argument reload=False that will cause those lines to pass

Is your feature request related to a problem? Please describe.
Vault has backends for AWS like dynamo and s3. However to use them you should provide credentials. AWS support 2 solutions to eliminate this. IAM roles for Service Accounts and Instance profile roles.
Due to some unknown reason vault requires more time to start when using dynamic creds than explicit definition keys in s3 block o

So there is currently an hvac.v1.Client.sys.list_mounted_secrets_engines() method.

However, for obvious reasons this will fail as it will attempt to list all mounted secrets engines (as it calls /v1/sys/mounts).

The web UI, however, shows what mounts the current token has access to.

While poking around the live API documentation the other day (`VAULT_BASE_URI/ui/vault/api-explorer

Currently pressing ctrl+c while scans are going on we get a big traceback.
It would be nice if we can handle that traceback and print something nice like Canceled by the user or something similar.

Read this to understand how to do it properly.