search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
31.13k stars 4.21k forks source link

Storage consul: allow comma in service_tags #6832

Open deniszh opened 5 years ago

deniszh commented 5 years ago

Currently, service_tags parameter of consul storage should contain a comma-separated list of tags, which means that tag can't contain a comma. it would be nice to have some way to insert it.

fewknow commented 4 years ago

This is currently blocking for us to use "OrgName, Inc." when creating a role with pki secrets engine.

resource "vault_pki_secret_backend_role" "role" {
  backend = "pki"
  name    = "my_role"
  ou      = ["OrgName, Inc."]
}

This ends up creating 

locality                              []
max_ttl                               0s
no_store                              false
not_before_duration                   30s
organization                          [OrgName Inc.]
ou                                    []

So when I try to generate a cert it get this err: 

RESPONSE : 
{"errors":["Organization [] doesn't match regexps: [^QRG, Inc\\.$]"]}
FelipeEmerim commented 3 years ago

Since traefik added an option of discovering consul services though service tags this is a major issue for us, as the middlewares are a comma separated list of names.

tommyalatalo commented 2 years ago

service_tags needs to be a HCL list of strings and not a comma separated string. The value that the parameter takes now makes no sense since the config is written in HCL and would very naturally lend itself to this.

smaddock commented 2 years ago

Similar issue in the forums: https://discuss.hashicorp.com/t/how-to-use-a-comma-in-vault-pki/35324/3