Description
Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: 7.17.0
- Ruby: 3.1.2p20
- Distribution: Fedora/Ubuntu
- Module version: latest
How to reproduce (e.g Puppet code you use)
I am trying to use this fuction with puppet bolt and no puppet-ca setup. So I am trying to use the approle auth for vault. If I curl with role_id and secret_id I can get a token so vault side is perfectly working.
I can also access my vault both via http and https (self signed cert).
Bolt plan:
plan project::class (
TargetSpec $targets
) {
$system_facts = run_plan('facts', 'targets' => $targets)
$apply_result = apply($targets, '_description' => 'apply class') {
$d = vault_lookup::lookup(
'path/to/secret',
'http(s)://vault.example.com',
'approle',
)
notify { example :
message => $d,
}
}
$apply_result.each |$result| {
$result.report['logs'].each |$log| {
out::message("${log['level']}: ${log['message']}")
out::message("--${log['source']}")
}
}
return $apply_result
}
What are you seeing
When trying to read a secret from vault via https I get:
certificate verify failed unable to get local issuer certificate.
But the root ca is definatley trusted by linux.
When trying to read a secret from vault via http I get:
Received 404 response code from vault at http://vault.example.com/approle/login for authentication.
I exported environment variables as described in the documentation.
What behaviour did you expect instead
It is expected to read a secret from vault.
Any additional information you'd like to impart
I feel like environment variables are not beeing used, cause I have to set auth_method to approle as a function parameter otherwise I get redirected to http://vault.example.com/cert/login.
Would be nice if anyone could help me!