Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vault cli -output-curl-string does not include client cert info #13376

Closed
bmendric opened this issue Dec 9, 2021 · 3 comments · Fixed by #13660
Closed

vault cli -output-curl-string does not include client cert info #13376

bmendric opened this issue Dec 9, 2021 · 3 comments · Fixed by #13660
Labels
auth/cert Authentication - certificates bug Used to indicate a potential bug core/cli

Comments

@bmendric
Copy link

bmendric commented Dec 9, 2021

Environment:

  • Vault Version: 1.8.4, 1.8.5, 1.9.0
  • Operating System/Architecture: Ubuntu 18.04 x86_64

Expected Behavior:

Performing the following command:
vault login -method=cert -address=https://localhost:1234 -client-cert=client.crt -client-key=client.key -output-curl-string
should result in the curl command:
curl -X PUT -H "X-Vault-Request: true" -d '{"name":""}' --cert ./client.crt --key ./client.key https://localhost:1234/v1/auth/cert/login

Actual Behavior:

Performing the following command:
vault login -method=cert -address=https://localhost:1234 -client-cert=client.crt -client-key=client.key -output-curl-string
should result in the curl command:
curl -X PUT -H "X-Vault-Request: true" -d '{"name":""}' https://localhost:1234/v1/auth/cert/login

Steps to Reproduce:

See above commands; only need validly PEM encoded crt and key files to test

References:
@bmendric
Copy link
Author

bmendric commented Dec 9, 2021

About to submit another bug report and noticing the template is different... Not sure how I got to this. Let me know if you want it refactored into the actual bug report template.

@heatherezell
Copy link
Contributor

@bmendric This should be good to start, we'll let you know if we have questions. :)

@heatherezell heatherezell added auth/cert Authentication - certificates core/cli bug Used to indicate a potential bug labels Dec 10, 2021
remilapeyre added a commit to remilapeyre/vault that referenced this issue Jan 13, 2022
@remilapeyre
Add support for client certificates to -output-curl-string
dbabe24 
I did not write tests for this feature as -output-curl-string was not
already tested and this is a simple change. Because the name of the
certificates would be lost once loaded I added fields to Config to keep
track of them. I did not add a public method for the user to set them
explicitely as I don't think anyone would need this functionnality
outside of the Vault CLI.

Closes hashicorp#13376
@remilapeyre remilapeyre mentioned this issue Jan 13, 2022
Merged
@remilapeyre
Copy link
Contributor

Thanks for reporting this @bmendric, this was also affecting other commands like vault read, vault write and vault delete.

HridoyRoy pushed a commit that referenced this issue Jan 20, 2022
@remilapeyre
Add support for client certificates to -output-curl-string (#13660)
4a69e15 
* Add support for client certificates to -output-curl-string

I did not write tests for this feature as -output-curl-string was not
already tested and this is a simple change. Because the name of the
certificates would be lost once loaded I added fields to Config to keep
track of them. I did not add a public method for the user to set them
explicitely as I don't think anyone would need this functionnality
outside of the Vault CLI.

Closes #13376

* Add changelog

* Add lock in ConfigureTLS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth/cert Authentication - certificates bug Used to indicate a potential bug core/cli
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for client certificates to -output-curl-string remilapeyre/vault
3 participants
@bmendric @remilapeyre @heatherezell