Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use vault_api_addr to set VAULT_ADDR in .bashrc #263

Closed
wants to merge 3 commits into from
Closed

Use vault_api_addr to set VAULT_ADDR in .bashrc #263

wants to merge 3 commits into from

Conversation

akerouanton
Copy link
Contributor

@akerouanton akerouanton commented Nov 23, 2021
edited
Loading

Prior to this PR, vault_api_addr and vault_cluster_addr were defined using the IPv4 address of the default interface of the host. Moreover, a variable named vault_hostname was used to run the reachability check but was undocumented.

This change documents vault_hostname and leverages it to set the value of vault_api_addr and vault_cluster_addr when it's available. Otherwise, these vars are defined as before.

Moreover, vault_api_addr is now used to set the URL used by the reachability check and to set the value of VAULT_ADDR in .bashrc. Before that change, these URLs were define by concatenating the value of vault_addr and vault_port together. vault_addr was defined as being either 127.0.0.1 (when vault_address was 0.0.0.0) or the value of vault_address. However, vault_address is used to define the IP address Vault should bind to. Although, by default, they were defined to be exactly the same as vault_api_addr default value, when overriding that param (for instance to put an hostname instead of the IP address), the value of VAULT_ADDR (and the URL used by the reachability check) could be wrong in some cases (eg. when using TLS certs with no IP: 127.0.0.1 SAN). Instead of adding a new var to override the value of VAULT_ADDR, this change reuses the value of vault_api_addr, which is now defined through vault_hostname param (when provided).

@akerouanton akerouanton force-pushed the fix-bashrc-vault-addr branch 6 times, most recently from e5418d9 to 682eaea Compare November 29, 2021 12:28
@akerouanton
Copy link
Contributor Author

ansible-lint breaks on vault_api_addr being too long but I don't know how to fix it. Writing it on multiple lines with |-2 still adds a space between each parts. I'd need some help to fix this issue.

@akerouanton
Define vault_api_addr and vault_cluster_addr using vault_hostname (wh…
417190a 
…en available)

Before this commit, vault_api_addr and vault_cluster_addr were defined
using the IPv4 address of the default interface of the host. Moreover, a
variable named `vault_hostname` is used to run the reachability check
but is undocumented.

This change documents `vault_hostname` and leverages it to set the value
of `vault_api_addr` and `vault_cluster_addr` when it's available.
Otherwise, these vars are defined as before.
@akerouanton
Use vault_api_addr to set VAULT_ADDR in .bashrc
fe74c4a
@akerouanton
Use vault_api_addr to check if Vault is reachable
565c912
@akerouanton akerouanton force-pushed the fix-bashrc-vault-addr branch from 682eaea to 565c912 Compare March 29, 2022 10:23
bbaassssiiee
bbaassssiiee requested changes Jul 8, 2022
View reviewed changes
Copy link
Member

@bbaassssiiee bbaassssiiee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please resolve conflicts

@akerouanton akerouanton deleted the fix-bashrc-vault-addr branch November 22, 2024 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbaassssiiee bbaassssiiee bbaassssiiee requested changes

Assignees
No one assigned
Labels
needs more work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@akerouanton @bbaassssiiee