Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False-positive updates due to type conversion #24

Open
hqdncw opened this issue Oct 19, 2024 · 0 comments
Open

False-positive updates due to type conversion #24

hqdncw opened this issue Oct 19, 2024 · 0 comments
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@hqdncw
Copy link
Owner

hqdncw commented Oct 19, 2024
edited
Loading

Manifests

# cat /etc/vault-autopilot/issuers.yaml
kind: Issuer
spec:
  name: root
  secretsEngineRef: pki
  certificate:
    type: internal
    commonName: localhost
  options:
    issuingCertificates:
      - "vault.vault.svc.cluster.local:8200/v1/pki/ca"
    crlDistributionPoints:
      - "vault.vault.svc.cluster.local:8200/v1/pki/crl"
# cat /etc/vault-autopilot/pkiroles.yaml
kind: PKIRole
spec:
  name: root
  role:
    issuerRef: pki/root
    allowedDomains:
      - localhost
    allowSubdomains: true
# cat /etc/vault-autopilot/secretsengines.yaml
kind: SecretsEngine
spec:
  path: pki
  engine:
    type: pki

Output

$ vault-autopilot --debug apply -f /etc/vault-autopilot/**.yaml  # run this command at least twice to see the following result
DEBUG:asyncio:Using selector: EpollSelector
DEBUG:vault_autopilot.parser:parsing files
DEBUG:vault_autopilot._cli.commands.apply:streaming manifest '/etc/vault-autopilot/issuers.yaml'
DEBUG:vault_autopilot.parser:parsed ManifestObject(root=IssuerApplyDTO(kind='Issuer', spec={'name': 'root', 'secrets_engine_ref': 'pki', 'certificate': {'common_name': 'localhost', 'type': 'internal'}, 'options': {'issuing_certificates': ('vault.vault.svc.cluster.local:8200/v1/pki/ca',), 'crl_distribution_points': ('vault.vault.svc.cluster.local:8200/v1/pki/crl',)}}))
DEBUG:vault_autopilot._cli.commands.apply:streaming manifest '/etc/vault-autopilot/secretsengines.yaml'
DEBUG:vault_autopilot.parser:parsed ManifestObject(root=SecretsEngineApplyDTO(kind='SecretsEngine', spec={'path': 'pki', 'engine': {'type': 'pki'}}))
DEBUG:vault_autopilot._cli.commands.apply:streaming manifest '/etc/vault-autopilot/pkiroles.yaml'
DEBUG:vault_autopilot.parser:parsed ManifestObject(root=PKIRoleApplyDTO(kind='PKIRole', spec={'name': 'root', 'role': {'issuer_ref': 'pki/root', 'allowed_domains': ['localhost'], 'allow_subdomains': True}}))
DEBUG:vault_autopilot._cli.commands.apply:found 3 manifest(s) matching pattern '/etc/vault-autopilot/**.yaml'
DEBUG:vault_autopilot.parser:parsed files successfully
DEBUG:vault_autopilot.storage:the secrets engine 'hqdncw.github.io/vault-autopilot/user-data' is already created
DEBUG:vault_autopilot.processor.abstract:[IssuerApplyProcessor] add node SecretsEngineFallbackNode(absolute_path='pki')
DEBUG:vault_autopilot.processor.abstract:[PKIRoleApplyProcessor] add node IssuerFallbackNode(absolute_path='pki/root')
DEBUG:vault_autopilot.processor.secrets_engine:applying finished 'pki'
DEBUG:vault_autopilot.processor.abstract:creating task for flushing node IssuerNode(node_hash=1694023832515850743, absolute_path='pki/root')
DEBUG:vault_autopilot.service.abstract:[IssuerService] diff: {'type_changes': {"root['spec']['options']['issuingCertificates']": {'old_type': <class 'list'>, 'new_type': <class 'tuple'>, 'old_value': ['vault.vault.svc.cluster.local:8200/v1/pki/ca'], 'new_value': ('vault.vault.svc.cluster.local:8200/v1/pki/ca',)}, "root['spec']['options']['crlDistributionPoints']": {'old_type': <class 'list'>, 'new_type': <class 'tuple'>, 'old_value': ['vault.vault.svc.cluster.local:8200/v1/pki/crl'], 'new_value': ('vault.vault.svc.cluster.local:8200/v1/pki/crl',)}}}
DEBUG:vault_autopilot.processor.issuer:applying finished 'pki/root'
DEBUG:vault_autopilot.processor.abstract:creating task for flushing node PKIRoleNode(absolute_path='pki/root', payload=PKIRoleApplyDTO(kind='PKIRole', spec={'name': 'root', 'role': {'issuer_ref': 'pki/root', 'allowed_domains': ['localhost'], 'allow_subdomains': True}}))
DEBUG:vault_autopilot.service.abstract:[PKIRoleService] diff: {'type_changes': {"root['spec']['role']['allowed_domains']": {'old_type': <class 'list'>, 'new_type': <class 'ruamel.yaml.comments.CommentedSeq'>, 'old_value': ['localhost'], 'new_value': ['localhost']}}}
DEBUG:vault_autopilot.processor.pki_role:applying finished 'pki/root'
DEBUG:vault_autopilot.processor.abstract:[PKIRoleApplyProcessor] flushing pending downstreams for upstream -6092045368410116636
DEBUG:vault_autopilot.processor.abstract:[PKIRoleApplyProcessor] no pending downstreams were found for node -6092045368410116636, flushing aborted
DEBUG:vault_autopilot.processor.abstract:[IssuerApplyProcessor] flushing pending downstreams for upstream 1694023832515850743
DEBUG:vault_autopilot.processor.abstract:[IssuerApplyProcessor] no pending downstreams were found for node 1694023832515850743, flushing aborted
[+] Applying manifests (0.0243 seconds) FINISHED
 => Updating Issuer 'pki/root'... done
 => Verifying integrity of SecretsEngine 'pki'... done
 => Updating PKIRole 'pki/root'... done
Thanks for choosing Vault Autopilot!
@hqdncw hqdncw added bug Something isn't working good first issue Good for newcomers labels Oct 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hqdncw