openstack-charmers / charm-interface-vault-kv Goto Github PK
View Code? Open in Web Editor NEWVault interface for simple KV secrets management
License: Other
Vault interface for simple KV secrets management
License: Other
I think there's a conflict in the key the interface layer is choosing to identify the secrets backend for the requester. If you have one app related and working, then via CMR relate another app with the same name, the second one goes to working but with has the secrets from the first app and the first app subsequently breaks with:
Traceback (most recent call last):
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/charms/reactive/__init__.py", line 73, in main
hookenv._run_atstart()
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/charmhelpers/core/hookenv.py", line 1334, in _run_atstart
callback(*args, **kwargs)
File "/var/lib/juju/agents/unit-vk-test-0/charm/reactive/vault_kv.py", line 48, in manage_app_kv_flags
app_kv = vault_kv.VaultAppKV()
File "lib/charms/layer/vault_kv.py", line 30, in __call__
cls._singleton_instance = super().__call__(*args, **kwargs)
File "lib/charms/layer/vault_kv.py", line 117, in __init__
super().__init__()
File "lib/charms/layer/vault_kv.py", line 38, in __init__
response = self._client.read(self._path)
File "lib/charms/layer/vault_kv.py", line 54, in _client
client.auth_approle(self._config['role_id'], self._config['secret_id'])
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/hvac/v1/__init__.py", line 1523, in auth_approle
return self.login('/v1/auth/{0}/login'.format(mount_point), json=params, use_token=use_token)
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/hvac/v1/__init__.py", line 1276, in login
return self._adapter.login(
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/hvac/adapters.py", line 178, in login
response = self.post(url, **kwargs)
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/hvac/adapters.py", line 107, in post
return self.request('post', url, **kwargs)
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/hvac/adapters.py", line 342, in request
response = super(JSONAdapter, self).request(*args, **kwargs)
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/hvac/adapters.py", line 304, in request
utils.raise_for_error(
File "/var/lib/juju/agents/unit-vk-test-0/.venv/lib/python3.8/site-packages/hvac/utils.py", line 47, in raise_for_error
raise exceptions.InternalServerError(message, errors=errors, method=method, url=url)
hvac.exceptions.InternalServerError: failed to verify subset relationship between CIDR blocks on the role ["10.146.199.80/32"] and CIDR blocks on the secret ID ["10.146.199.221/32"]: <nil>, on post http://10.146.199.125:8200/v1/auth/approle/login
There appears to be a typo in the requires part of this interface:
2018-10-16 13:30:14 ERROR juju-log secrets-storage:11: Hook error:
Traceback (most recent call last):
File "/var/lib/juju/agents/unit-barbican-vault-0/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 73, in main
bus.dispatch(restricted=restricted_mode)
File "/var/lib/juju/agents/unit-barbican-vault-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 390, in dispatch
_invoke(other_handlers)
File "/var/lib/juju/agents/unit-barbican-vault-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 359, in _invoke
handler.invoke()
File "/var/lib/juju/agents/unit-barbican-vault-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 181, in invoke
self._action(*args)
File "/var/lib/juju/agents/unit-barbican-vault-0/charm/reactive/barbican_vault_handlers.py", line 38, in ssc
secrets_storage.request_secret_backend('charm-barbican-vault')
File "/var/lib/juju/agents/unit-barbican-vault-0/charm/hooks/relations/vault-kv/requires.py", line 59, in request_secret_backend
relation.to_publish['access_address'] = self.endpoint_address
File "/var/lib/juju/agents/unit-barbican-vault-0/charm/hooks/relations/vault-kv/requires.py", line 45, in endpoint_address
self.expand_name({'endpoint_name'})
File "/var/lib/juju/agents/unit-barbican-vault-0/.venv/lib/python3.6/site-packages/charms/reactive/endpoints.py", line 190, in expand_name
flag = 'endpoint.{endpoint_name}.' + flag
TypeError: must be str, not set
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.