Skip to content

Fix pam rotation edit --schedule-config and scripts_only setup (KC-1331)#2182

Open
idimov-keeper wants to merge 2 commits into
releasefrom
KC-1331-unexpected-behavior-from-flag-schedule-config-in-pam-rotation-edit-command
Open

Fix pam rotation edit --schedule-config and scripts_only setup (KC-1331)#2182
idimov-keeper wants to merge 2 commits into
releasefrom
KC-1331-unexpected-behavior-from-flag-schedule-config-in-pam-rotation-edit-command

Conversation

@idimov-keeper

Copy link
Copy Markdown
Contributor
  • Wire --schedule-config (-sf) through all pam rotation edit code paths (general, IAM, SaaS, schedule-only) via shared schedule resolution helpers, matching Web Vault “use default rotation schedule” behavior.
  • Add a dedicated scripts_only rotation setup path with config-rooted noop DAG linking and server-assigned rotation revision handling (fixes Resource "None" and invalid revision errors).
  • Sync vault at command start when -sf is used so defaultRotationSchedule is read from a current PAM configuration record (fixes on-demand → config-default transitions without manual sync-down).

Honor --schedule-config across rotation profiles, add a dedicated scripts_only
path with correct noop DAG linking and rotation revision handling, and sync
vault before --schedule-config so PAM config defaultRotationSchedule is current.

Co-authored-by: Cursor <cursoragent@cursor.com>
Expose Web Vault default-schedule state by comparing stored rotation
schedule JSON to the PAM configuration defaultRotationSchedule field.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant