Skip to content

Misleading error for Vault issuer #5782

New issue
New issue
Closed
#6433
Closed
Misleading error for Vault issuer#5782
#6433
Labels
area/vaultIndicates a PR directly modifies the Vault Issuer codegood first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.kind/featureCategorizes issue or PR as related to a new feature.
@amcginlay

Description

@amcginlay
amcginlay
opened on Feb 7, 2023

I created a Vault issuer as follows:

cat << EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: vault
spec:
  vault:
    auth:
      tokenSecretRef:
        key: token
        name: cert-manager-vault-token
    path: pki/sign/example-dot-com
    server: http:/vault.vault.svc.cluster.local:8200
EOF

In response, cert-manager log produces:

setup.go:114] vault: Vault is not initialized or is sealed: error: Get "http:///vault.vault.svc.cluster.local:8200/v1/sys/health": http: no Host in request URL

This error has been miscategorised. The real error is the missing "/" in the issuer's server value.

I would expect cert-manager to validate the URL, recognise the mistake and raise a URL format error instead.

  • Kubernetes version: kind version 0.17.0 (k8s v1.25.3)
  • cert-manager version: v1.9.1
  • Install method: TLSPK / jsctl

NOTE: the scope of this type of bug may not be limited to the Vault issuer. Not tested others.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/vaultIndicates a PR directly modifies the Vault Issuer codegood first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.kind/featureCategorizes issue or PR as related to a new feature.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions