diff options
author | Marc A. Paradise <marcparadise@users.noreply.github.com> | 2022-06-07 19:52:37 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-07 19:52:37 +0000 |
commit | 4c6160a95737975d989d9352bebf59d06c6b10c0 (patch) | |
tree | 7f3c9b729e20339a0788cbbfedea1f29c6a6d51a | |
parent | c8e7984bbe8391b0376eea95c22d7e5d7d2b3a45 (diff) | |
parent | 5ab3fda166392c5ac8f4d2f9a18ae91258fed9a4 (diff) | |
download | chef-4c6160a95737975d989d9352bebf59d06c6b10c0.tar.gz |
Merge pull request #12957 from chef/neha-p6/backport-17_fix_iam_hashi_issue
backport-17: Fix error 'error validating X-Vault-AWS-IAM-Server-ID header: missing header X-Vault-AWS-IAM-Server-ID' in Hashi Vault secret manager for AWS IAM auth method
Test failures unrelated
-rw-r--r-- | lib/chef/dsl/secret.rb | 4 | ||||
-rw-r--r-- | lib/chef/secret_fetcher/hashi_vault.rb | 2 |
2 files changed, 1 insertions, 5 deletions
diff --git a/lib/chef/dsl/secret.rb b/lib/chef/dsl/secret.rb index 2377ae36fe..04ca2b2adf 100644 --- a/lib/chef/dsl/secret.rb +++ b/lib/chef/dsl/secret.rb @@ -162,10 +162,6 @@ class Chef # value = secret(name: "test1", service: :aws_secrets_manager, version: "v1", config: { region: "us-west-1" }) # log "My secret is #{value}" def secret(name: nil, version: nil, service: default_secret_service, config: default_secret_config) - Chef::Log.warn <<~EOM.gsub("\n", " ") - The secrets Chef Infra language helper is currently in beta. If you have feedback or you would - like to be part of the future design of this helper e-mail us at secrets_management_beta@progress.com" - EOM sensitive(true) if is_a?(Chef::Resource) Chef::SecretFetcher.for_service(service, config, run_context).fetch(name, version) end diff --git a/lib/chef/secret_fetcher/hashi_vault.rb b/lib/chef/secret_fetcher/hashi_vault.rb index 170fcba4b6..1b18c6345f 100644 --- a/lib/chef/secret_fetcher/hashi_vault.rb +++ b/lib/chef/secret_fetcher/hashi_vault.rb @@ -112,7 +112,7 @@ class Chef raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the authenticating Vault role name in the configuration as :role_name") end - Vault.auth.aws_iam(config[:role_name], Aws::InstanceProfileCredentials.new) + Vault.auth.aws_iam(config[:role_name], Aws::InstanceProfileCredentials.new, Vault.address) else raise Chef::Exceptions::Secret::ConfigurationInvalid.new("Invalid :auth_method provided. You gave #{config[:auth_method]}, expected one of :#{SUPPORTED_AUTH_TYPES.join(", :")} ") end |