Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access vault using kubernetes method #237

Open
shafiz1 opened this issue Jul 15, 2021 · 4 comments
Open

Access vault using kubernetes method #237

shafiz1 opened this issue Jul 15, 2021 · 4 comments
Labels
bug Something isn't working

Comments

@shafiz1
Copy link

shafiz1 commented Jul 15, 2021
edited
Loading

Describe the bug
I am trying to access vault secrets using kube auth on self hosted action runner
I could see the input it requires is the vault role and kubernetes token path

When I use them It fails with Error: Response code 400 (Bad Request)

To Reproduce

- name: Get secrets from Vault
  uses: hashicorp/[email protected]
  with:
          url: https://vaultdev.***********.com
          method: kubernetes
          role: *************
          kubernetesTokenPath: **************
          secrets: |
                  ****************** USERNAME | TEST_USERNAME_;
                  ****************** PASSWORD | TEST_PASSWORD ;

Expected behavior
Fetch secrets from vault

Log Output
Get Vault Secrets
##[debug]Retrieving Vault Token from v1/auth/kubernetes/login endpoint
::endgroup::
Error: Response code 400 (Bad Request)
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Get secrets from Vault

Additional context
Does this action supported kube auth on self hosted runner - as I see this in readme

kubernetes: you must provide the role paramaters. You can optionally override the kubernetesTokenPath paramater for custom mounted serviceAccounts. Consider kubernetes auth(https://www.vaultproject.io/docs/auth/kubernetes) when using self-hosted runners on Kubernetes:
@shafiz1 shafiz1 added the bug Something isn't working label Jul 15, 2021
@slemme1
Copy link
Contributor

slemme1 commented Jul 29, 2021
edited
Loading

To help isolate where the problem is, have you tested the login with these parameters using curl or Postman to make sure its not a Kubernetes config issue?
https://www.vaultproject.io/api-docs/auth/kubernetes#login
There are some caveats (additional config parameters) depending on where Vault is running:
https://www.vaultproject.io/api-docs/auth/kubernetes#caveats
I will be working on a kubernetes/vault project soon so let me know what you find...

@nullck
Copy link

nullck commented Nov 8, 2022

what I'm missing here is the parameter "path", since I have multiple kubernetes backend configured on Vault I'd like to be able to customize the path parameter.

exactly what is been explained on this blog - https://computingforgeeks.com/how-to-integrate-multiple-kubernetes-clusters-to-vault-server/

@fairclothjm
Copy link
Contributor

@nullck Hello, you should be able to provide a path to the appropriate backend with the path field defined here: https://github.com/hashicorp/vault-action#reference

@fairclothjm
Copy link
Contributor

@shafiz1 Hi, are you still seeing this issue? Were you able to verify the login with these parameters using curl or Postman to make sure its not a Kubernetes config issue? as mentioned here: #237 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nullck @fairclothjm @slemme1 @shafiz1