Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deny_unauthorized is not allowed as a proxy protocol behavior #26439

Open
bmendric opened this issue Apr 15, 2024 · 0 comments
Open

deny_unauthorized is not allowed as a proxy protocol behavior #26439

bmendric opened this issue Apr 15, 2024 · 0 comments
Labels
bug Used to indicate a potential bug core Issues and Pull-Requests specific to Vault Core regression Used to indicate possible regressions between versions

Comments

@bmendric
Copy link

Describe the bug
Setting proxy_protocol_behavior = "deny_unauthorized" fails config validation

To Reproduce
Steps to reproduce the behavior:

  1. Create a Vault server config with the above setting
  2. Attempt to run vault server -config=config.hcl

Expected behavior
I do not expect an error on valid configurations

Environment:

  • Vault Server Version (retrieve with vault status): N/a
  • Vault CLI Version (retrieve with vault version): 1.16.1
  • Server Operating System/Architecture:

Vault server configuration file(s):

storage "inmem" {}

listener "tcp" {
  address = "[::]:8200"
  tls_disable = true
  proxy_protocol_behavior = "deny_unauthorized"
  proxy_protocol_authorized_addrs = "127.0.0.1"
}

log_level = "trace"
log_format = "json"
ui = false

disable_mlock = true

Additional context
I was working to validate that #17144 is still a problem. I originally tested this configuration with 1.15.5 (still exhibits the above problem, but does accept this config.hcl), however, I upgraded to 1.16.1 for sanity and discovered this. So I assume its something that broke in 1.16.0.

Also, here is the supporting documentation saying this is valid: https://developer.hashicorp.com/vault/docs/configuration/listener/tcp#proxy_protocol_behavior
@bmendric bmendric mentioned this issue Apr 15, 2024
Open
@hsimon-hashicorp hsimon-hashicorp added bug Used to indicate a potential bug regression Used to indicate possible regressions between versions core Issues and Pull-Requests specific to Vault Core labels Apr 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to indicate a potential bug core Issues and Pull-Requests specific to Vault Core regression Used to indicate possible regressions between versions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bmendric @hsimon-hashicorp