-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BAO_ADDR
is not propagated to the token helper when provided as -address
#314
Labels
bug
Something isn't working
Comments
I implemented a fix for this in hashicorp/vault#23218 that I want to port to OpenBao. The pull request was never included into Hashicorp Vault, so the Source-Available License Policy should not be a problem. The changes touch parts of the code that would conflict with #313, so before I go ahead and adapt that change for OpenBao, I’m waiting to see what happens to #313. |
ruuda
added a commit
to ruuda/openbao
that referenced
this issue
May 29, 2024
Previously the token helper might inherit BAO_ADDR from the process, but if the address was specified through an -address command-line flag, then the token helper would not know the address, or it would use the wrong one. Fix that by propagating the address everywhere, and then setting BAO_ADDR explicitly in the token helper's environment. Fixes openbao#314.
ruuda
added a commit
to ruuda/openbao
that referenced
this issue
May 29, 2024
Previously the token helper might inherit BAO_ADDR from the process, but if the address was specified through an -address command-line flag, then the token helper would not know the address, or it would use the wrong one. Fix that by propagating the address everywhere, and then setting BAO_ADDR explicitly in the token helper's environment. Fixes openbao#314. Signed-off-by: Ruud van Asseldonk <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The token helper might inherit
BAO_ADDR
from the environment, but if the address is configured through the-address
flag instead, then the token helper has no way of knowing about the address.To Reproduce
Steps to reproduce the behavior:
BAO_ADDR
and then fails as the token helper in~/.bao
.BAO_ADDR=foo bao login
, observe it gets theBAO_ADDR
.bao login -address foo
, observe it does not getBAO_ADDR
.Expected behavior
The token helper needs to know the address of the instance it’s connecting to, so it can store a token per instance, that is the point of the token helper. Therefore,
bao
needs to setBAO_ADDR
in the environment of the token helper it executes, and not rely on it being present implicitly.Environment:
bao status
): irrelevantbao version
):OpenBao v2.0.0-alpha20240329 ('74c2dddb0612b9a3da79384c20638266aa7de407'), built 2024-04-26T10:19:19Z
OpenBao server configuration file(s): irrelevant
Additional context
This bug report is an adaptation of hashicorp/vault#22257.
The text was updated successfully, but these errors were encountered: