You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When trying to revoke a certificate vault-sidekick seem to revoke the wrong lease, it will revoke the lease of the just created cert rather than the old one
run vault-sidekick -output=/tmp/sidekick -logtostderr -v=10 -cn=pki:pki/issue/client:common_name=client-sidekick,revoke=true,update=1m,fmt=bundle,file=/tmp/sidekick/test
I1015 17:41:40.494242 28294 main.go:45] starting the vault-sidekick, v0.3.10 (git+sha v0.3.11)
I1015 17:41:40.494314 28294 vault.go:100] adding the listener: 0xc42010a540
I1015 17:41:40.494575 28294 vault.go:128] adding a resource into the service processor, resource: type: pki, path: pki/issue/client
I1015 17:41:40.494669 28294 vault.go:289] rescheduling the resource: type: pki, path: pki/issue/client, channel: 0xc420146120
I1015 17:41:40.494690 28294 vault.go:358] resource: pki, path: pki/issue/client, params: map[common_name:client-sidekick]
I1015 17:41:40.494707 28294 vault.go:360] attempting to retrieve the resource: type: pki, path: pki/issue/client from vault
I1015 17:41:40.587572 28294 vault.go:462] retrieved resource: type: pki, path: pki/issue/client, leaseId: pki/issue/client/KZVrQpbRcjajAlHlHWaNeicv, lease_time: 71h59m59s
I1015 17:41:40.587589 28294 vault.go:165] successfully retrieved resource: type: pki, path: pki/issue/client, leaseID: pki/issue/client/KZVrQpbRcjajAlHlHWaNeicv
I1015 17:41:40.587599 28294 main.go:83] recieved an update from the resource: type: pki, path: pki/issue/client
I1015 17:41:40.587607 28294 watched_resource.go:67] setting a renewal notification on resource: type: pki, path: pki/issue/client, time: 1m0s
I1015 17:41:40.587636 28294 formats.go:255] saving the file: /tmp/sidekick/test-bundle.pem
I1015 17:41:40.587670 28294 formats.go:255] saving the file: /tmp/sidekick/test.pem
I1015 17:41:40.587685 28294 formats.go:255] saving the file: /tmp/sidekick/test-ca.pem
I1015 17:41:40.587696 28294 formats.go:255] saving the file: /tmp/sidekick/test-key.pem
a certificate with lease id pki/issue/client/KZVrQpbRcjajAlHlHWaNeicv is created
after one minute a new certificate is created
I1015 17:42:40.588271 28294 vault.go:201] resource: type: pki, path: pki/issue/client, lease: pki/issue/client/KZVrQpbRcjajAlHlHWaNeicv up for renewal, renewable: false, revoked: true
I1015 17:42:40.588371 28294 vault.go:241] resource: type: pki, path: pki/issue/client flagged as not renewable, shifting to regenerating the resource
I1015 17:42:40.588473 28294 vault.go:289] rescheduling the resource: type: pki, path: pki/issue/client, channel: 0xc420146120
I1015 17:42:40.588564 28294 vault.go:149] resource: type: pki, path: pki/issue/client has a previous lease: pki/issue/client/KZVrQpbRcjajAlHlHWaNeicv
I1015 17:42:40.588635 28294 vault.go:358] resource: pki, path: pki/issue/client, params: map[common_name:client-sidekick]
I1015 17:42:40.588702 28294 vault.go:360] attempting to retrieve the resource: type: pki, path: pki/issue/client from vault
I1015 17:42:40.836888 28294 vault.go:462] retrieved resource: type: pki, path: pki/issue/client, leaseId: pki/issue/client/uNlHoB7rsSylJ5G42wpWTTDy, lease_time: 71h59m59s
I1015 17:42:40.836905 28294 vault.go:165] successfully retrieved resource: type: pki, path: pki/issue/client, leaseID: pki/issue/client/uNlHoB7rsSylJ5G42wpWTTDy
I1015 17:42:40.836919 28294 main.go:83] recieved an update from the resource: type: pki, path: pki/issue/client
I1015 17:42:40.836950 28294 formats.go:255] saving the file: /tmp/sidekick/test-bundle.pem
I1015 17:42:40.836943 28294 vault.go:289] rescheduling the resource: <nil>, channel: 0xc420146180
I1015 17:42:40.836968 28294 vault.go:336] attemping to revoking the lease: pki/issue/client/uNlHoB7rsSylJ5G42wpWTTDy
I1015 17:42:40.836949 28294 watched_resource.go:67] setting a renewal notification on resource: type: pki, path: pki/issue/client, time: 1m0s
I1015 17:42:40.836998 28294 formats.go:255] saving the file: /tmp/sidekick/test.pem
I1015 17:42:40.837016 28294 formats.go:255] saving the file: /tmp/sidekick/test-ca.pem
I1015 17:42:40.837034 28294 formats.go:255] saving the file: /tmp/sidekick/test-key.pem
I1015 17:42:40.839807 28294 vault.go:342] successfully revoked the leaseId: pki/issue/client/uNlHoB7rsSylJ5G42wpWTTDy
As you can see the REVOKED cert is the one just created with id pki/issue/client/uNlHoB7rsSylJ5G42wpWTTDy rather than the old one
The text was updated successfully, but these errors were encountered:
When trying to revoke a certificate vault-sidekick seem to revoke the wrong lease, it will revoke the lease of the just created cert rather than the old one
vault-sidekick -output=/tmp/sidekick -logtostderr -v=10 -cn=pki:pki/issue/client:common_name=client-sidekick,revoke=true,update=1m,fmt=bundle,file=/tmp/sidekick/testa certificate with lease id
pki/issue/client/KZVrQpbRcjajAlHlHWaNeicvis createdafter one minute a new certificate is created
As you can see the REVOKED cert is the one just created with id
pki/issue/client/uNlHoB7rsSylJ5G42wpWTTDyrather than the old oneThe text was updated successfully, but these errors were encountered: