AndrewCopeland
commented
3 years ago The error is occurring at the authentication stage. The CLI will authenticate (to get the conjur access token) and then use that conjur access token to retrieve the secret.
This is using the following library: https://github.com/cyberark/conjur-api-go
I will have to dive into this code to see what the timeout is being set as. It might be very small hence the reason the issue is intermediate and/or related to the network topology from your local machine to the target conjur instance.
Thank you for creating this issue.
cbarga
Describe the bug When retrieving a secret, client timeout error occurs.
To Reproduce
[clb10@C02QX3NQFVH5MBP ~/add_account]# cybr conjur get-secret QA-CyberArkVault/Jenkins/DAP_Automation/dap_automation-cyberark/username 2021/02/02 14:20:50 Failed to retrieve secret variable ''. Post "https://conjurmaster-qa./authn//admin/authenticate": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Expected behavior
[clb10@C02QX3NQFVH5MBP ~/add_account]# curl -H "$(conjur authn authenticate -H)" https://conjurmaster-qa.,fqdn>/secrets//variable/QA-CyberArkVault%2FJenkins%2FDAP_Automation%2Fdap_automation-cyberark%2Fusername
ChrisB
Screenshots
Desktop (please complete the following information):
Additional context In the screenshot, you can see that the direct curl and conjur-cli methods work, while the cybr-cli and summon-conjur methods get a timeout. I would think they all use the same API under the covers. This has only been happening for the past few days. summon-conjur works as expected from another server.
[root@lncd906 DAP_Octopus]# /usr/local/lib/summon/summon-conjur QA-CyberArkVault/Jenkins/DAP_Automation/dap_automation-cyberark/username ChrisB