Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify api_addr related errors on VaultPluginTLSProvider #3620

Merged
merged 7 commits into from
Dec 5, 2017
Merged

Clarify api_addr related errors on VaultPluginTLSProvider #3620

merged 7 commits into from
Dec 5, 2017

Conversation

calvn
Copy link
Contributor

@calvn calvn commented Nov 28, 2017

Closes #3612

@calvn calvn requested a review from briankassouf November 28, 2017 00:22
This was referenced Nov 28, 2017
Closed
Closed
@calvn calvn requested a review from jefferai December 3, 2017 21:33
jefferai
jefferai reviewed Dec 4, 2017
View reviewed changes
helper/pluginutil/tls.go Outdated
@@ -146,19 +146,19 @@ func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, er

addrRaw := wt.Claims().Get("addr")
if addrRaw == nil {
return nil, errors.New("decoded token does not contain primary cluster address")
return nil, errors.New("decoded token does not contain primary cluster api_address")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error message isn't really good (originally, not due to your change) -- it's not really "primary cluster" it's "active node". But really just, the originating Vault process.

jefferai
jefferai reviewed Dec 4, 2017
View reviewed changes
website/source/docs/internals/plugins.html.md Outdated
@@ -32,6 +32,9 @@ plugin process' environment. This token is single use and has a short TTL. Once
unwrapped, it provides the plugin with a uniquely generated TLS certificate and
private key for it to use to talk to the original vault process.

The [`api_addr`][api_addr] must be set in order for the plugin process establish
communication with the Vault server during mount time.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might want a note here (and below) about when this will be set automatically.

jefferai
jefferai previously approved these changes Dec 4, 2017
View reviewed changes
briankassouf
briankassouf reviewed Dec 5, 2017
View reviewed changes
helper/pluginutil/tls.go Outdated
@@ -146,19 +146,19 @@ func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, er

addrRaw := wt.Claims().Get("addr")
if addrRaw == nil {
return nil, errors.New("decoded token does not contain primary cluster address")
return nil, errors.New("decoded token does not contain the active node's api_address")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are going to underscore it here it should probably be api_addr to match the config value

briankassouf
briankassouf previously approved these changes Dec 5, 2017
View reviewed changes
Copy link
Contributor

@briankassouf briankassouf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one small comment, otherwise looks good!

@calvn calvn dismissed stale reviews from briankassouf and jefferai via 8f21e5c December 5, 2017 16:15
@calvn calvn merged commit 208dc55 into master Dec 5, 2017
@calvn calvn deleted the plugin-api-addr branch December 5, 2017 17:01
calvn added a commit that referenced this pull request Dec 5, 2017
@calvn
Clarify api_addr related errors on VaultPluginTLSProvider (#3620)
68d90fc 
* Mention api_addr on VaultPluginTLSProvider logs, update docs

* Clarify message and mention automatic api_address detection

* Change error message to use api_addr

* Change error messages to use api_addr
chrishoffman pushed a commit that referenced this pull request Dec 6, 2017
Merge remote-tracking branch 'oss/master' into cache-exceptions
9c67a8d 
* oss/master:
  changelog++
  Support MongoDB session-wide write concern (#3646)
  Clarify api_addr related errors on VaultPluginTLSProvider (#3620)
  allowed/disallowed_policies as TypeCommaStringSlice (#3641)
  Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key (#3632)
  Docs: Update /sys/policies/ re: beta refs to address #3624 (#3629)
  Update secrets page
  Remove beta notice
  Expanding on the quick start guide with how to set up an intermediate authority (#3622)
  Docs: mlock() notes, fixes #3605 (#3614)
  Fix spelling (#3609)
  Add command to example to register plugin (#3601)
  update relatedtools, add Goldfish UI. (#3597)
  Fix docs for Transit API (#3588)
  Update cassandra docs with consistency value.
  Remove Trailing White space in Kubernetes Doc (#3360)
  Missing  command for vault PUT operation (#3355)
  Update some rekey docs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@briankassouf briankassouf briankassouf left review comments

@jefferai jefferai jefferai left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@calvn @jefferai @briankassouf