mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-05-22 07:16:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: store EnvVaultInsecure as string, not bool

Browse Source 
The configuration option `EnvVaultInsecure` is expected to be a string,
not a boolean. By converting the bool back to a string (after
verification), it is now possible to skip the certificate validation
check by setting `vaultCAVerify: false` in the Vault configuration.

Fixes: #1852
Reported-by: Bryon Nevis <bryon.nevis@intel.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
(cherry picked from commit 582d004ca5a66b03ed3bd5c92f42474b39ffdf6c)
This commit is contained in:
Niels de Vos 2021-02-02 10:49:30 +01:00 committed by mergify[bot]
parent 08904884d3
commit 4005585806
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/util/vault.go
View File

@ -104,7 +104,7 @@ func (vc *vaultConnection) initConnection(kmsID string, config, secrets map[stri
if err != nil { if err != nil {
return fmt.Errorf("failed to parse 'vaultCAVerify': %w", err) return fmt.Errorf("failed to parse 'vaultCAVerify': %w", err)
} }
vaultConfig[api.EnvVaultInsecure] = !vaultCAVerify vaultConfig[api.EnvVaultInsecure] = strconv.FormatBool(!vaultCAVerify)
} }
vaultCAFromSecret, ok := config["vaultCAFromSecret"] vaultCAFromSecret, ok := config["vaultCAFromSecret"]