-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault on oidc login #6921
Comments
Tried to downgrade the cli to 1.1.2 and I've got the same error. Maybe the server version causes this? |
While it shouldn't crash and we'll get that fixed, where it is crashing is pretty much the end of the process anyway, and the CLI doesn't have a valid authorization from the Vault server. What do the server logs say when you attempt the login? |
I figured it out. I am running vault on kubernetes and I also have istio installed and it caused the issue. The log was the following:
I am not sure why was this at the moment. Disabling istio solves it. UPDATE: I tried reenabling istio without mutual tls but I still have the problem, seems like I have to somehow tell istio to ignore these rpc calls probably. |
Glad you're making progress. I have no experience with Istio, but the Vault newsgroup might. In any case, we'll get this panic fixed. At least then you would have been shown a message with next steps: Since the CLI is external to the Vault server, it really has no more details in cases like these. |
That said, it is interesting that this started appearing when you changed up your Vault version/config. I'll let the team know as I would be curious to know if other aspects of Vault might show similar symptoms. |
@kalafut It is most definitely istio I forgot that I have introduced it as well when I upgraded vault. So it is not an issue on vault's side (well the sigsegv was ugly but that's all) |
@MrBlaise Thanks for that context. |
Describe the bug
When I try to run
vault login -method=oidc
it gives me the following message:It used to work before. The things I changed: upgraded to 1.1.3 (both server and client), removed custom self signed cert from the server (and the env variable VAULT_CAPATH) from my local client.
After some tries it starts to work somewhat, it logs me in but fails to print out the credentials I've got. Example:
To Reproduce
Steps to reproduce the behavior:
vault login -method=oidc
Expected behavior
Should not segfault, log me in, print out the policies etc. I have access to.
Environment:
vault status
): 1.1.3vault version
): 1.1.3UPDATE:
In my particular case I have introduced istio when I upgraded vault and it caused some rpc calls to fail and that caused the sigsegv in the cli.
The text was updated successfully, but these errors were encountered: