Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "secret/data" to my "objectPath" HashiCorp Vault #91

Closed
carnei-ro opened this issue Oct 16, 2019 · 2 comments · Fixed by hashicorp/vault-csi-provider#8
Closed

Add "secret/data" to my "objectPath" HashiCorp Vault #91

carnei-ro opened this issue Oct 16, 2019 · 2 comments · Fixed by hashicorp/vault-csi-provider#8
Assignees
@anubhavmishra
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@carnei-ro
Copy link

Just tried to run the example with CS In Line Volume, but my secret path in HashiCorp Vault is "sandbox/k8s_infra/marketplace/account/my-new-app/db"
I spected that driver requests the path "/sandbox/data/k8s_infra/marketplace/account/my-new-app/db" instead its try to request "secret/data/sandbox/k8s_infra/marketplace/account/my-new-app/db".

Here my pod spec:

kind: Pod
apiVersion: v1
metadata:
  name: nginx-secrets-store-inline
  namespace: my-new-app
spec:
  containers:
  - image: nginx
    name: nginx
    volumeMounts:
    - name: secrets-store-inline
      mountPath: "/mnt/secrets-store"
      readOnly: true
  volumes:
    - name: secrets-store-inline
      csi:
        driver: secrets-store.csi.k8s.com
        readOnly: true
        volumeAttributes:
          providerName: "vault" # Vault ou azure
          roleName: "k8s_sre_infra_sandbox_own_namespace_role"
          vaultAddress: "https://vault.dc.infra.ifood-sandbox.com.br"
          objects:  |
            array:
              - |
                objectPath: "sandbox/k8s_infra/marketplace/account/my-new-app/db"
                objectName: "db_password"
              - |
                objectPath: "sandbox/k8s_infra/marketplace/account/my-new-app/app"
                objectName: "bla"
@ritazh
Copy link
Member

ritazh commented Oct 16, 2019

Hi @carnei-ro thanks for reporting this issue. I think there's probably a hard coded value somewhere in the vault provider. Adding @malnick and @anubhavmishra

By the way we have moved all the provider-specific stuff out of tree. So this issue might be better tracked if you close this here and open it in https://github.com/hashicorp/secrets-store-csi-driver-provider-vault/issues

Hope this help!

@ritazh ritazh added the kind/bug Categorizes issue or PR as related to a bug. label Oct 16, 2019
@ritazh ritazh mentioned this issue Oct 16, 2019
Closed
carnei-ro added a commit to carnei-ro/secrets-store-csi-driver-provider-vault that referenced this issue Oct 17, 2019
@carnei-ro @leandro-carneiro-ifood
Support KV/1 and KV/2
4f3c831 
Dynamic creates secret endpoint based on "objectPath".
Needs "read" permission on "/sys/mounts" to discovery secret mount
 type and version.
Writes to objectName instead of concatenate path to support nested
 secret path.

Fixes kubernetes-sigs/secrets-store-csi-driver#91
@carnei-ro carnei-ro mentioned this issue Oct 17, 2019
Merged
@ritazh ritazh mentioned this issue Nov 27, 2019
Closed
@ritazh
Copy link
Member

ritazh commented Nov 27, 2019

Closing in favor of hashicorp/vault-csi-provider#17

@ritazh ritazh closed this as completed Nov 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anubhavmishra anubhavmishra

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support KV/1, KV/2 carnei-ro/secrets-store-csi-driver-provider-vault
3 participants
@ritazh @anubhavmishra @carnei-ro