util: store EnvVaultInsecure as string, not bool

The configuration option `EnvVaultInsecure` is expected to be a string, not a boolean. By converting the bool back to a string (after verification), it is now possible to skip the certificate validation check by setting `vaultCAVerify: false` in the Vault configuration. Fixes: ceph#1852 Reported-by: Bryon Nevis <[email protected]> Signed-off-by: Niels de Vos <[email protected]> (cherry picked from commit 582d004)
nixpanic · Feb 2, 2021 · 1d1f330 · 1d1f330
1 parent 50aede0
commit 1d1f330
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/internal/util/vault.go b/internal/util/vault.go
@@ -175,7 +175,7 @@ func (vc *vaultConnection) initConnection(kmsID string, config map[string]interf
 		if err != nil {
 			return fmt.Errorf("failed to parse 'vaultCAVerify': %w", err)
 		}
-		vaultConfig[api.EnvVaultInsecure] = !vaultCAVerify
+		vaultConfig[api.EnvVaultInsecure] = strconv.FormatBool(!vaultCAVerify)
 	}
 
 	vaultCAFromSecret := "" // optional