The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.
471
stars
102
forks
source link
Vault connection status doesn't change to false if connection is no more valid. #825
Open
rsabo33 opened 5 months ago
Describe the bug Vault connection status doesn't change to false if connection is no more valid.
To Reproduce Steps to reproduce the behavior:
1. Using Vault connection
apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultConnection spec: address: 'https://some-vault-server:8200/' skipTLSVerify: true
status.valid is set to true status: valid: true
and VaultConnection accepted is added to events
3. With vault service stopped on the some-vault-server later address should be no more valid but it is still reported as status: valid: true
4. With some bogus modification to resource like adding caCertSecretRef: ''
This will change to status: valid: false
with event Failed to check Vault seal status: Get "https://some-vault-server:8200/v1/sys/seal-status": dial tcp 1.2.3.4:8200: connect: connection refused
5. Now with vault service started on the some-vault-server it is changed to status: valid: true
Expected behavior Vault connection status change from true to false if connection is no more valid.
Environment
Additional context Add any other context about the problem here.