| 2020-09-10 17:27:21 |
David Ames |
bug |
|
|
added bug |
| 2020-09-10 17:27:33 |
David Ames |
bug task added |
|
vault-charm |
|
| 2020-09-10 17:27:48 |
David Ames |
charm-interface-vault-kv: status |
New |
Confirmed |
|
| 2020-09-10 17:27:50 |
David Ames |
charm-interface-vault-kv: importance |
Undecided |
High |
|
| 2020-09-10 17:28:10 |
David Ames |
vault-charm: status |
New |
Confirmed |
|
| 2020-09-10 17:28:12 |
David Ames |
vault-charm: importance |
Undecided |
High |
|
| 2020-09-10 17:28:53 |
David Ames |
description |
Since commit db22a4652c6ec4bfbaf1b7cbd529f38a60a138df [0] for LP Bug#1826892 [1] if the bindings do not match on both ends of the secrets storage (vault-kv) relation the vault_url is not published even though role ids and tokens are. This leads to the relation being incomplete and is very difficult to diagnose.
We need a more robust solution that either errors out or very clearly communicates to the end user what needs fixing. The solution needs to resolve this bug and LP Bug#1826892.
I recall discussing the commit above at a sprint. I question the requirement to have matching bindings and it seems to me even if the bindings match but it is a routed environment (same space but different IP subnets) the current code would not work.
[0] https://github.com/openstack-charmers/charm-interface-vault-kv/commit/db22a4652c6ec4bfbaf1b7cbd529f38a60a138df
[1] https://bugs.launchpad.net/vault-charm/+bug/1826892 |
Since commit db22a4652c6ec4bfbaf1b7cbd529f38a60a138df [0] for LP Bug#1826892 [1] if the bindings do not match on both ends of the secrets storage (vault-kv) relation the vault_url is not published even though role ids and tokens are. This leads to the relation being incomplete and is very difficult to diagnose.
We have now seen this in the wild on multiple occasions.
We need a more robust solution that either errors out or very clearly communicates to the end user what needs fixing. The solution needs to resolve this bug and LP Bug#1826892.
I recall discussing the commit above at a sprint. I question the requirement to have matching bindings and it seems to me even if the bindings match but it is a routed environment (same space but different IP subnets) the current code would not work.
[0] https://github.com/openstack-charmers/charm-interface-vault-kv/commit/db22a4652c6ec4bfbaf1b7cbd529f38a60a138df
[1] https://bugs.launchpad.net/vault-charm/+bug/1826892 |
|
| 2021-04-12 18:57:41 |
David Ames |
charm-interface-vault-kv: status |
Confirmed |
Fix Committed |
|
| 2021-05-03 17:44:54 |
Alex Kavanagh |
charm-interface-vault-kv: milestone |
|
21.04 |
|
| 2021-05-03 17:48:23 |
Alex Kavanagh |
charm-interface-vault-kv: status |
Fix Committed |
Fix Released |
|
