kaxil commented on a change in pull request #8974: URL: https://github.com/apache/airflow/pull/8974#discussion_r435586505
########## File path: UPDATING.md ########## @@ -62,6 +62,25 @@ https://developers.google.com/style/inclusive-documentation --> +### Hashicorp Vault Secret Backend mount_points + +In Vault Secret Backend mount_point could be passed as parameter of the backend. It impacted only +secret retrieval but not authentication. The documentation mistakenly stated that the +mount_point parameter defaults to 'secret' when not specified, but it only defaulted to "secret" +for secret retrieval. For authentication the mount_point defaulted to the mount_point specific for +each authentication method (for example "kubernetes" for "kubernetes" authentication, "github" for +"github" authentication etc.). Only for "token" authentication default authetnication mount_point +was "secret". + +The behaviour in 2.0 changed: + +- when you create a backend without the mount_point, the client uses default mount_point specific + for each method in both: authentication and retrieval +- when you create a backend with the mount_point, the client uses the mount point in both - + authentication and retrieval + +Same behavior applies for the newly created VaultHook. Review comment: We may want to reword this once. Currently, in 1.10.10 we kept all the defaults as it was in Vault. The default for KeyVale Secret Engine is "secret" and it was the only supported version for Secret retrieval. This is still true in this PR. Once we decide on what we call the auth mount_point. I like `auth_mount_point`, WDYT? If so, we can note here that we now support overriding the default mount points for any Authentication method ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
