vault-charm

vault:certificate relation doesn't work when using IPv6

Bug #1948489 reported by Simon Déziel on 2021-10-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	vault-charm	New	Undecided	Unassigned

Bug Description

With vault (1.5.9 from charmhub/stable rev 50), the vault:vertificate relation doesn't work if using IPv6 as cert issuance fails with:

unit-vault-0: 14:02:38 INFO unit.vault/0.juju-log Invoking reactive handler: reactive/vault_handlers.py:869:auto_generate_root_ca_cert
unit-vault-0: 14:02:39 ERROR unit.vault/0.juju-log Hook error:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/__init__.py", line 74, in main
    bus.dispatch(restricted=restricted_mode)
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 390, in dispatch
    _invoke(other_handlers)
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 359, in _invoke
    handler.invoke()
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 181, in invoke
    self._action(*args)
  File "/var/lib/juju/agents/unit-vault-0/charm/reactive/vault_handlers.py", line 882, in auto_generate_root_ca_cert
    root_ca = vault_pki.generate_root_ca(
  File "/var/lib/juju/agents/unit-vault-0/charm/lib/charm/vault_pki.py", line 280, in generate_root_ca
    client.write(
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/hvac/v1/__init__.py", line 189, in write
    response = self._adapter.post('/v1/{0}'.format(path), json=kwargs, wrap_ttl=wrap_ttl)
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/hvac/adapters.py", line 103, in post
    return self.request('post', url, **kwargs)
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/hvac/adapters.py", line 233, in request
    utils.raise_for_error(response.status_code, text, errors=errors)
  File "/var/lib/juju/agents/unit-vault-0/.venv/lib/python3.8/site-packages/hvac/utils.py", line 29, in raise_for_error
    raise exceptions.InvalidRequest(message, errors=errors)
hvac.exceptions.InvalidRequest: invalid URL found in issuing certificates: http://2602:fc62:b:1018:1::f770:8200/v1/charm-pki-local/ca

Revision history for this message

Simon Déziel (sdeziel) wrote on 2021-10-22:

https://github.com/openstack/charm-vault/pull/8 contains a tentative fix.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.