avoid a panic on failed creds polling #7238

jwm · 2019-08-01T18:39:12Z

We run Vault Agent on k8s with kiam. Occasionally, the kiam-agent will be unavailable due to maintenance, which causes Agent's creds poll loop to panic.

I haven't tried running this change, but it seems pretty straightforward.

panic: interface conversion: interface {} is *errwrap.wrappedError, not string
goroutine 69 [running]:
github.com/hashicorp/vault/vendor/github.com/hashicorp/go-hclog.(*intLogger).log(0xc000701200, 0xbf48e5d44eb0be7e, 0x4a96954a2a, 0x4d2ae40, 0x4, 0x2bde115, 0x36, 0xc000c561d0, 0x2, 0x1)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/go-hclog/int.go:238 +0xf6f
github.com/hashicorp/vault/vendor/github.com/hashicorp/go-hclog.(*intLogger).Log(0xc000701200, 0xc000000004, 0x2bde115, 0x36, 0xc000c561d0, 0x1, 0x1)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/go-hclog/int.go:107 +0x1b3
github.com/hashicorp/vault/vendor/github.com/hashicorp/go-hclog.(*intLogger).Warn(0xc000701200, 0x2bde115, 0x36, 0xc000c561d0, 0x1, 0x1)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/go-hclog/int.go:393 +0x65
github.com/hashicorp/vault/command/agent/auth/aws.(*awsMethod).pollForCreds(0xc000702d80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c)
	/gopath/src/github.com/hashicorp/vault/command/agent/auth/aws/aws.go:274 +0x202
created by github.com/hashicorp/vault/command/agent/auth/aws.NewAWSAuthMethod
	/gopath/src/github.com/hashicorp/vault/command/agent/auth/aws/aws.go:157 +0x644

jefferai · 2019-08-01T19:00:29Z

Superset of #7237

jefferai · 2019-08-01T20:22:02Z

Thanks!

jwm · 2019-08-01T21:12:18Z

Thanks for merging it so quickly! 🎉

Backport for issue #7238

pkazi · 2021-01-14T18:02:46Z

Hey @jwm , sorry to asking here , not a correct forum , but had no option.

As u said We run Vault Agent on k8s with kiam , I m also trying to achieve same, using aws IAM auth method for vault agent with KIAM, getting below error -

* failed to verify kiam-kiam as a valid EC2 instance in region us-east-1" backoff=1.461871503

Its coming from https://github.com/hashicorp/vault/blob/master/builtin/credential/aws/path_login.go#L1359
Can you or anyone help me how I bypass/fix this?

avoid a panic on failed creds polling

940b471

jefferai added this to the 1.2.1 milestone Aug 1, 2019

jefferai mentioned this pull request Aug 1, 2019

Fix interface conversion panic #7237

Closed

kalafut approved these changes Aug 1, 2019

View reviewed changes

jefferai approved these changes Aug 1, 2019

View reviewed changes

jefferai merged commit 4bf623d into hashicorp:master Aug 1, 2019

jefferai removed this from the 1.2.1 milestone Aug 5, 2019

jefferai added the backport label Aug 5, 2019

jefferai pushed a commit that referenced this pull request Aug 5, 2019

avoid a panic on failed creds polling (#7238)

3a9b91c

jefferai mentioned this pull request Aug 5, 2019

Backport 1.2.1: avoid a panic on failed creds polling #7257

Merged

jefferai added a commit that referenced this pull request Aug 5, 2019

avoid a panic on failed creds polling (#7257)

f26452d

Backport for issue #7238

jefferai removed the backport label Aug 5, 2019

jefferai modified the milestone: 1.3 Aug 5, 2019

chrishoffman added this to the 1.2.1 milestone Oct 23, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

avoid a panic on failed creds polling #7238

avoid a panic on failed creds polling #7238

jwm commented Aug 1, 2019

jefferai commented Aug 1, 2019

jefferai commented Aug 1, 2019

jwm commented Aug 1, 2019

pkazi commented Jan 14, 2021

avoid a panic on failed creds polling #7238

avoid a panic on failed creds polling #7238

Conversation

jwm commented Aug 1, 2019

jefferai commented Aug 1, 2019

jefferai commented Aug 1, 2019

jwm commented Aug 1, 2019

pkazi commented Jan 14, 2021