You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
The new vault module has a bug in unwrap function.
While other calls are respecting if verify option is set to False or CA file by utilizing self.request, unwrap is doing call on it's own, which results in missing verify option.
However, since in the init, there is check if verify is set to exact certificate and verify is set on requests Session this will work.
Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Please be as specific as possible and give set-up details.
on-prem machine
VM (Virtualbox, KVM, etc. please specify)
VM running on a cloud service, please be explicit and add details
container (Kubernetes, Docker, containerd, etc. please specify)
or a combination, please be explicit --> Any kind of machines
jails if it is FreeBSD
classic packaging
onedir packaging
used bootstrap to install
Steps to Reproduce the behavior
Setup Vault server or cluster with self-signed certificate.
Point Salt master to that cluster and set server.verify option to CA file, e.g.
Description
The new vault module has a bug in unwrap function.
While other calls are respecting if
verify
option is set toFalse
or CA file by utilizingself.request
,unwrap
is doing call on it's own, which results in missing verify option.However, since in the init, there is check if verify is set to exact certificate and verify is set on requests Session this will work.
Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Please be as specific as possible and give set-up details.
Steps to Reproduce the behavior
Setup Vault server or cluster with self-signed certificate.
Point Salt master to that cluster and set
server.verify
option to CA file, e.g.Try to issue any of the vault actions via
salt-call
Expected behavior
Salt master and minions should respect
verify
option as documented.Screenshots
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: