AppRole CIDR should include egress-subnets
Bug #2028668 reported by
James Page
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| vault-charm |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
Currently the AppRole associated with a requiring unit for the vault-kv interface is restricted using a /32 CIDR to the 'ingress-address' field on the relation - this is actually the address upon which the remote unit should be addressed rather than the address from which traffic will originate from.
Juju provides the egress-subnets data item for this purpose. The AppRole and its associated secret ID can be restricted to a list of CIDR's so we should extend this to include the egress-subnets data.
| Changed in vault-charm: | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
To post a comment you must log in.
