You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to README.md the construct config.ssl_pem_file should work by providing the path to the pem file, yet I got only:
Running handlers:
[2022-08-31T11:21:05+03:00] ERROR: Running exception handlers
Running handlers complete
[2022-08-31T11:21:05+03:00] ERROR: Exception handlers complete
Infra Phase failed. 0 resources updated in 04 seconds
[2022-08-31T11:21:05+03:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2022-08-31T11:21:05+03:00] FATAL: ---------------------------------------------------------------------------------------
[2022-08-31T11:21:05+03:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
[2022-08-31T11:21:05+03:00] FATAL: ---------------------------------------------------------------------------------------
[2022-08-31T11:21:05+03:00] FATAL: OpenSSL::PKey::RSAError: read_vault[Read secret at secret/my-app] (secret::create_secret line 38) had an error: OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: nested asn1 error
Maybe I'm missing something but so far I managed to make it work with ENV['SSL_CERT_FILE'].
NOT WORKING:
# Needed due to https://github.com/hashicorp/vault-ruby/issues/273
require 'tempfile'
temp_cert_file = Tempfile.new('tempfile')
Dir.glob(['/etc/ssl/certs/*.crt',
'/etc/ssl/certs/*.pem',
'/etc/chef/trusted_certs/*.crt',
'/etc/chef/trusted_certs/*.pem']).each do |ca_cert|
IO.copy_stream(ca_cert, temp_cert_file)
end
require 'vault'
Vault.configure do |config|
config.ssl_pem_file = temp_cert_file.path
end
resource_name :read_vault
provides :read_vault
unified_mode true
property :path, String, required: true
property :address, String, required: true
property :token, String, required: true
property :role_name, String, required: false
action :read do
# Need to set the vault address
Vault.address = new_resource.address
# Authenticate with the token
Vault.token = new_resource.token
if property_is_set?(:role_name) # Authenticate to Vault using the role_id
approle_id = Vault.approle.role_id(new_resource.role_name)
secret_id = Vault.approle.create_secret_id(new_resource.role_name).data[:secret_id]
Vault.auth.approle(approle_id, secret_id)
end
# Attempt to read the secret
secret = Vault.logical.read(new_resource.path)
if secret.nil?
raise "Could not read secret '#{new_resource.path}'!"
end
# Store the secret in memory only
node.run_state[new_resource.path] = secret
new_resource.updated_by_last_action(true)
end
WORKING:
# Needed due to https://github.com/hashicorp/vault-ruby/issues/273
require 'tempfile'
temp_cert_file = Tempfile.new('tempfile')
Dir.glob(['/etc/ssl/certs/*.crt',
'/etc/ssl/certs/*.pem',
'/etc/chef/trusted_certs/*.crt',
'/etc/chef/trusted_certs/*.pem']).each do |ca_cert|
IO.copy_stream(ca_cert, temp_cert_file)
end
ENV['SSL_CERT_FILE'] = temp_cert_file.path
require 'vault'
resource_name :read_vault
provides :read_vault
unified_mode true
property :path, String, required: true
property :address, String, required: true
property :token, String, required: true
property :role_name, String, required: false
action :read do
# Need to set the vault address
Vault.address = new_resource.address
# Authenticate with the token
Vault.token = new_resource.token
if property_is_set?(:role_name) # Authenticate to Vault using the role_id
approle_id = Vault.approle.role_id(new_resource.role_name)
secret_id = Vault.approle.create_secret_id(new_resource.role_name).data[:secret_id]
Vault.auth.approle(approle_id, secret_id)
end
# Attempt to read the secret
secret = Vault.logical.read(new_resource.path)
if secret.nil?
raise "Could not read secret '#{new_resource.path}'!"
end
# Store the secret in memory only
node.run_state[new_resource.path] = secret
new_resource.updated_by_last_action(true)
end
The text was updated successfully, but these errors were encountered:
According to README.md the construct config.ssl_pem_file should work by providing the path to the pem file, yet I got only:
Maybe I'm missing something but so far I managed to make it work with ENV['SSL_CERT_FILE'].
NOT WORKING:
WORKING:
The text was updated successfully, but these errors were encountered: