-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update consul-template to latest for pkiCert fix #16087
Conversation
So that we get the fix in hashicorp/consul-template#1590. I tested manually that this no longer causes `pkiCert` to get into an infinite failure loop when the cert expires.
@@ -295,6 +295,7 @@ require ( | |||
github.com/hashicorp/logutils v1.0.0 // indirect | |||
github.com/hashicorp/mdns v1.0.4 // indirect | |||
github.com/hashicorp/serf v0.9.6 // indirect | |||
github.com/hashicorp/vault/api/auth/kubernetes v0.1.0 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How come this is adding an indirect dep to vault, does go mod tidy
clean this up?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
go mod tidy
is what added this :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like that dep was added to consul-template recently: hashicorp/consul-template#1580
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if we should add an explicit replace at the top of this file like the other hashicorp/vault/api
deps?
replace github.com/hashicorp/vault/api/auth/kubernetes => ./api/auth/kubernetes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I think this makes sense. Looks like we do this for userpass and approle too.
Updated with official 0.29.1 fix, and updated docs. Please take another look. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -295,6 +295,7 @@ require ( | |||
github.com/hashicorp/logutils v1.0.0 // indirect | |||
github.com/hashicorp/mdns v1.0.4 // indirect | |||
github.com/hashicorp/serf v0.9.6 // indirect | |||
github.com/hashicorp/vault/api/auth/kubernetes v0.1.0 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if we should add an explicit replace at the top of this file like the other hashicorp/vault/api
deps?
replace github.com/hashicorp/vault/api/auth/kubernetes => ./api/auth/kubernetes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM once Theron's comments are resolved :)
Co-authored-by: Theron Voran <[email protected]>
cherry-picked c165363 Update consul-template to latest for pkiCert fix So that we get the fixes in hashicorp/consul-template#1590 and hashicorp/consul-template#1591. I tested manually that this no longer causes `pkiCert` to get into an infinite failure loop when the cert expires, and that the key and CA certificate are also accessible. Co-authored-by: Theron Voran <[email protected]>
cherry-picked c165363 Update consul-template to latest for pkiCert fix So that we get the fixes in hashicorp/consul-template#1590 and hashicorp/consul-template#1591. I tested manually that this no longer causes `pkiCert` to get into an infinite failure loop when the cert expires, and that the key and CA certificate are also accessible. Co-authored-by: Theron Voran <[email protected]> Co-authored-by: Christopher Swenson <[email protected]> Co-authored-by: Theron Voran <[email protected]>
So that we get the fix in hashicorp/consul-template#1590.
I tested manually that this no longer causes
pkiCert
to get into aninfinite failure loop when the cert expires.