Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vault_generic_secret fails to read secrets (unexpected EOF) #1

Closed
hashibot opened this issue Jun 13, 2017 · 4 comments
Closed

vault_generic_secret fails to read secrets (unexpected EOF) #1

hashibot opened this issue Jun 13, 2017 · 4 comments

Comments

@hashibot
Copy link

This issue was originally opened by @IevgenKabanets as hashicorp/terraform#10999. It was migrated here as part of the provider split. The original body of the issue is below.


Terraform Version

Terraform v0.8.2

Affected Resource(s)

Please list the resources as a list, for example:

  • vault_generic_secret

Terraform Configuration Files

provider "vault" {
  address = "http://vault_server:8200"
  skip_tls_verify = true
}

data "vault_generic_secret" "docker" {
  path = "secret/docker"
}

output "secret" {
	value = "${data.vault_generic_secret.docker.data["docker_registry_pwd"]}"
}

Debug Output

https://gist.github.com/IevgenKabanets/c16d2e5ef4520921ba05e5a79ee11079

Panic Output

https://gist.github.com/IevgenKabanets/c16d2e5ef4520921ba05e5a79ee11079

Expected Behavior

The secret should be read, as it's present in Vault and accessible with curl.

Actual Behavior

Crashed with * data.vault_generic_secret.docker: unexpected EOF

Steps to Reproduce

  1. export VAULT_TOKEN=<root_token or any token>
  2. terraform plan or terraform apply

Important Factoids

This works fine

curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://vault_server:8200/v1/secret/docker/docker_registry_pwd

Also, the error is gone once I read full path to entry (secret/docker/docker_registry_pwd)

data "vault_generic_secret" "docker" {
  path = "secret/docker/docker_registry_pwd"
}

which seems to be wrong, as vault_generic_secret should return a map with possible keys/values.

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

@paddycarver
Copy link
Contributor

From what I can tell, this is no longer an issue. For example, running vault write secret/hello recipient=world, then running this terraform config:

data "vault_generic_secret" "test" {
  path = "secret/hello"
}

output "secret" {
  value = "${data.vault_generic_secret.test.data.recipient}"
}

outputs recipient = world. Similarly, the following config:

data "vault_generic_secret" "test" {
  path = "secret/hello"
}

output "secret" {
  value = "${data.vault_generic_secret.test.data}"
}

outputs

secret = {
  recipient = world
}

I'm going to close this issue out, but if this is not what people were expecting, or is still unclear, or I misunderstood the problem, please don't hesitate to comment on this issue or open a new one.

@rossedman
Copy link

@paddycarver I am running into this problem with 0.11.0. This has corrupted my state at this point as well. Any ideas on how to fix? Even the parallelism=1 trick doesn't work.

@paddycarver
Copy link
Contributor

Hey @rossedman, sorry to hear that. What version of the Vault provider are you using?

@paddycarver
Copy link
Contributor

Hi everyone, I'm going to close this out, as I can't seem to get a reproduction, and nobody's chimed in with details in some time. If you're still experiencing this issue, I'd love an issue opened containing the following:

  • A debug log for the crash, or the panic log.
  • The version of Terraform you're using.
  • The version of the Vault provider you're using.
  • The version of Vault you're using.

Thanks!

tyrannosaurus-becks pushed a commit that referenced this issue Dec 10, 2018
tyrannosaurus-becks pushed a commit that referenced this issue Mar 29, 2019
Added support for wrapped token creation.
tyrannosaurus-becks pushed a commit that referenced this issue Jun 3, 2019
aws_secret_backend_role: support role_arns argument
tyrannosaurus-becks pushed a commit that referenced this issue Jun 3, 2019
tyrannosaurus-becks pushed a commit that referenced this issue Aug 5, 2019
jasonodonnell pushed a commit that referenced this issue Jan 21, 2021
* Rush B!

* .

* Provider config (#1)

* Rush B!

* .

* added provider_config to the matchingJwtMountConfigOptions list
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this issue Jun 17, 2021
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this issue Jun 17, 2021
Added support for wrapped token creation.
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this issue Jun 17, 2021
aws_secret_backend_role: support role_arns argument
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this issue Jun 17, 2021
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this issue Jun 17, 2021
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this issue Jun 17, 2021
* Rush B!

* .

* Provider config (hashicorp#1)

* Rush B!

* .

* added provider_config to the matchingJwtMountConfigOptions list
greut pushed a commit to greut/terraform-provider-vault that referenced this issue Aug 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants