Tyrael
Repos
56
Followers
357
Following
87

Events

Created at 4 days ago
started
Created at 5 days ago
Created at 1 week ago
Created at 1 week ago
Created at 1 week ago
issue comment
Add support to multi architecture docker image using github action

hi,

any update on this? we were wondering why there are mo recent images from cfssl on dockerhub and then found https://github.com/cloudflare/cfssl/issues/1265 and then this PR

cc @nickysemenza

Created at 3 weeks ago
Created at 3 weeks ago
issue comment
add support for client_key_contents

nevermind, I can see the "Changes not yet released to rubygems.org" part in the Changelog, so this was intentional

Created at 1 month ago
issue comment
add support for client_key_contents

I can see that this also present in the v4.1.11 tag but I can't see that tag on https://rubygems.org/gems/chef-vault/versions/ is that normal/expected?

Created at 1 month ago
closed issue
knife vault doesn't support ssh_agent_signing

Version:

4.1.0 (bundled with ChefDK 4.13.3)

Environment:

MacOS, ChefDK 4.13.3

Scenario:

knife vault show vault item

Steps to Reproduce:

knife vault show vault item

Expected Result:

getting the vault item as I would if not using ssh_agent_signing

Actual Result:

ERROR: ChefVault::Exceptions::SecretDecryption: vault/seeder is encrypted for you, but your private key failed to decrypt the contents. (if you regenerated your client key, have an administrator of the vault run 'knife vault refresh')

Created at 1 month ago
issue comment
knife vault doesn't support ssh_agent_signing

as I mentioned this isn't possible to do and my use-case was using chef vault without the need of storing plain ssh keys on disk which is now possible using client_key_contens (#402)

Created at 1 month ago
closed issue
add support for client_key_contents

Describe the Enhancement

chef supports passing the contents of the private key with client_key_contents since https://github.com/chef/chef/pull/6660/files I would expect this to also work with chef-vault but it looks it does not, and I couldn't find anything in the chef-vault codebase/issues regarding this

Describe the Need

I don't wanna persist the ssh key to disk, for chef signing that is already possible (either via ssh_agent_signing or using config.rb/knife.rb to programatically fetch the private key from a vault and set it via client_key_contents) but as chef-vault can't use agent signing (see #382 ) nor does it honor client_key_contents it looks my only option is to write the key to disk and pass the key path via client_key which means writing the key to disk

Current Alternative

not that I know of

Can We Help You Implement This?

if I'm not missing anything I'm happy to cook up a PR

Created at 1 month ago
issue comment
add support for client_key_contents

now that #402 is merged this can be closed

Created at 1 month ago
Created at 1 month ago
issue comment
add support for client_key_contents

hi @vkarve-chef, sorry for the delay, I've just pushed the test related changes(some rspec, some cucumber/aruba), let me know if they look good to you or if there is anything else needed to move this PR forward

Created at 1 month ago

add tests for client_key_contents

Signed-off-by: Ferenc Kovács tyra3l@gmail.com

Created at 1 month ago
Created at 1 month ago
started
Created at 2 months ago
contract-expiry: update expiry to updated motd

for the record this change is preventing ua status from working on an xenial machine with expired subscription (procurement hell):

2023-01-19 06:19:52,411 - cli.py:(1902) [ERROR]: Unhandled exception, please file a bug Traceback (most recent call last): File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1846, in wrapper return func(*args, **kwargs) File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1959, in main return_value = args.action(args, cfg=cfg) File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1624, in action_status if contract.is_contract_changed(cfg): File "/usr/lib/python3/dist-packages/uaclient/contract.py", line 657, in is_contract_changed else cfg.machine_token_file.contract_expiry_datetime File "/usr/lib/python3/dist-packages/uaclient/files/files.py", line 236, in contract_expiry_datetime ]["contractInfo"]["effectiveTo"] KeyError: 'effectiveTo'

based on the payload dump ommitted there is no effectiveTo field present under contractInfo

Created at 2 months ago
issue comment
add support for client_key_contents

sure, would the following two test scenarios be enough:

  • if client_key_contents is set and client_key is not then client_key_contents should be used
  • if client_key_contents is set and client_key is also set then client_key_contents should be used
Created at 2 months ago
issue comment
add support for client_key_contents

hello, any update on this?

please let me know if there is anything needed from my side to move ahead with merging this.

Created at 2 months ago