AWS.GenerateSTSCredentialsAsync() is ignoring TTL parameter #288
Assignees
Milestone
Comments
|
@chiguire Can you please verify with 1.7.2.2 version and let me know? The Vault team changed the http method to POST from GET, so I made those changes and also added support for role arn, role session name etc. Let me know if any issues. |
|
I can confirm it works just fine, thanks for the prompt resolution. |
|
Fantastic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The generate AWS STS credentials function is ignoring the TTL parameter. Passing a "3600s" ttl will generate a credential with a lease time of 1800 seconds.
VaultSharp Version
1.7.1
Vault Version
1.8.9
Does this work with Vault CLI?
Yes
Sample Code Snippet
var response = vaultClient.V1.Secrets.AWS.GenerateSTSCredentialsAsync(role, $"{ttlSeconds}s");
Console.log($"Lease duration: {response.LeaseDurationSeconds}"); // will log "Lease duration: 1800"
Any additional info
In https://github.com/rajanadar/VaultSharp/blob/master/src/VaultSharp/V1/SecretsEngines/AWS/AWSSecretsEngineProvider.cs the timeToLive parameter is passed to MakeVaultApiRequest() in https://github.com/rajanadar/VaultSharp/blob/master/src/VaultSharp/Core/Polymath.cs as part of the requestData object.
It then passes requestData to
MakeRequestAsync(), where it is converted to requestContent and that variable is only used for POST and PUT requests but this call is a GET. These parameters should be passed as URL parameters in the GET request.
The text was updated successfully, but these errors were encountered: