Use system CA bundle when verifying Vault certificate
Change-Id: I39d761dfbe1500f06abd617dd97eced671971b7d Closes-Bug: #1859092
This commit is contained in:
parent
d7c8e6feb4
commit
e23f232a68
|
@ -14,8 +14,11 @@
|
|||
import hvac
|
||||
|
||||
|
||||
SYSTEM_CA_BUNDLE = '/etc/ssl/certs/ca-certificates.crt'
|
||||
|
||||
|
||||
def retrieve_secret_id(url, token):
|
||||
client = hvac.Client(url=url, token=token)
|
||||
client = hvac.Client(url=url, verify=SYSTEM_CA_BUNDLE, token=token)
|
||||
# workaround for issue where callng `client.unwrap(token)` results in
|
||||
# "error decrementing wrapping token's use-count: invalid token entry
|
||||
# provided for use count decrementing"
|
||||
|
|
|
@ -32,3 +32,7 @@ class TestVaultUtils(test_utils.PatchHelper):
|
|||
self.assertEqual(
|
||||
vault_utils.retrieve_secret_id('url', 'token'), 'FAKE_SECRET_ID')
|
||||
hvac_client._post.assert_called_with('/v1/sys/wrapping/unwrap')
|
||||
self.hvac.Client.assert_called_once_with(
|
||||
token='token',
|
||||
url='url',
|
||||
verify=vault_utils.SYSTEM_CA_BUNDLE)
|
||||
|
|
Loading…
Reference in New Issue