Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Occasional integration test failure: VaultClientError: permission denied, on post https://10.197.78.173:8200/v1/sys/audit/file #245

Open
DanielArndt opened this issue Jul 18, 2024 · 1 comment
Open

Occasional integration test failure: VaultClientError: permission denied, on post https://10.197.78.173:8200/v1/sys/audit/file #245

DanielArndt opened this issue Jul 18, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@DanielArndt
Copy link
Member

DanielArndt commented Jul 18, 2024
edited
Loading

Bug Description

Occasionally, the integration tests seem to fail with the following error:

unit-vault-b-0: 18:14:28 ERROR unit.vault-b/0.juju-log Vault returned an error while authorizing the charm
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-vault-b-0/charm/lib/charms/vault_k8s/v0/vault_client.py", line 219, in enable_audit_device
    self._client.sys.enable_audit_device(
  File "/var/lib/juju/agents/unit-vault-b-0/charm/venv/hvac/api/system_backend/audit.py", line 65, in enable_audit_device
    return self._adapter.post(url=api_path, json=params)
  File "/var/lib/juju/agents/unit-vault-b-0/charm/venv/hvac/adapters.py", line 159, in post
    return self.request("post", url, **kwargs)
  File "/var/lib/juju/agents/unit-vault-b-0/charm/venv/hvac/adapters.py", line 408, in request
    response = super().request(*args, **kwargs)
  File "/var/lib/juju/agents/unit-vault-b-0/charm/venv/hvac/adapters.py", line 376, in request
    self._raise_for_error(method, url, response)
  File "/var/lib/juju/agents/unit-vault-b-0/charm/venv/hvac/adapters.py", line 294, in _raise_for_error
    utils.raise_for_error(
  File "/var/lib/juju/agents/unit-vault-b-0/charm/venv/hvac/utils.py", line 41, in raise_for_error
    raise exceptions.VaultError.from_status(
hvac.exceptions.Forbidden: permission denied, on post https://10.197.78.173:8200/v1/sys/audit/file

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-vault-b-0/charm/./src/charm.py", line 441, in _on_authorize_charm_action
    vault.enable_audit_device(device_type=AuditDeviceType.FILE, path="stdout")
  File "/var/lib/juju/agents/unit-vault-b-0/charm/lib/charms/vault_k8s/v0/vault_client.py", line 233, in enable_audit_device
    raise VaultClientError(e) from e
charms.vault_k8s.v0.vault_client.VaultClientError: permission denied, on post https://10.197.78.173:8200/v1/sys/audit/file

To Reproduce

Unknown. Happens occasionally during integration tests.

Environment

Integration tests

Relevant log output

Additional context

juju-crashdump.zip
@DanielArndt DanielArndt added the bug Something isn't working label Jul 18, 2024
@DanielArndt DanielArndt changed the title Occasional integration test failure: VaultClientError: permission denied, on post https://10.197.78.173:8200/v1/sys/audit/file Occasional integration test failure: VaultClientError: permission denied, on post https://10.197.78.173:8200/v1/sys/audit/file Jul 18, 2024
@gruyaume
Copy link
Collaborator

Here's another recent CI run where this error showed up:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DanielArndt @gruyaume