Vault vault-pki not updating certificate as part of chain #816
Description
Bug Description
Deploying Vault and Traefik applications with vault-ki integration. (Vault acting as intermediate CA).
And the traefik latest/stable is broken.
This is because the relation data provided by vault has chain information which does not contain certificate and traefik just copies the chain ignoring the certificate.
Expectation is to vault write certificate as part of chain.
To Reproduce
- juju deploy vault.yaml (vault.yaml @ https://pastebin.ubuntu.com/p/mPzm33yj9g/)
- Unseal and Authorize vault charm
- Check relation data
juju show-unit traefik/0
Environment
juju+k8s environment
vault-k8s 1.16/stable and 1.18/stable
traefik-k8s latest/stable
Relevant log output
$ juju show-unit traefik/0
traefik/0:
workload-version: 2.11.0
opened-ports: []
charm: ch:amd64/traefik-k8s-254
leader: true
life: alive
relation-info:
- relation-id: 7
endpoint: certificates
related-endpoint: vault-pki
application-data:
certificates: '[{"ca": "-----BEGIN CERTIFICATE-----\nMIIDYTCCAkmgAwIBAgIUTo4zqgukdB41i6aGR3RuTLCeqdIwDQYJKoZIhvcNAQEL\nBQAwLDEqMCgGA1UEAwwhc2VsZi1zaWduZWQtY2VydGlmaWNhdGVzLW9wZXJhdG9y\nMB4XDTI1MTAyOTE0MDYyOFoXDTI2MDEyNzE0MDYyOFowQjERMA8GA1UEAwwIdGVz\ndC5jb20xLTArBgNVBC0MJDI1NzVlNWZmLWFkMDQtNDE4ZC1iZjVlLTQ4MWQ0ZDg5\nNDMxNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeKU0iVVQmHMFPg\nm5Kkvi59NwC5dL9HOYMmyUlJizjbaJnMgLryDTrs3T58xG68jE3mjhHXObwQu2JV\nPRjaDLZl1Wu/BveEhn0nShKiMCwXr48Yu5ngPMRjx9/OHJaM2IVSIFb3WqjHyuut\nRMi6hoMcqTAG5ZLblLjVWgAj2Nu3txzzG96zm8Ljy5h3bBxgiUFR3X8YFc8ZK/17\nhij4DDTLko2fdrkq/UbKwzfAT2Bxm37penSl5CMnTumJUdwS6b8wDf30i0RDZ+74\nAnqR08hzNw249uGTo0liT+vImdbG6HFUNciIaQZuUV6jKNLsz+ux5jCrVkdktCXE\n0kVHuu8CAwEAAaNlMGMwIQYDVR0jBBowGIAWBBTw35QZ+94JcmjrQwWeW2RiNlSG\nNzAdBgNVHQ4EFgQUDGzBLT5UvyTLNKdv/kBUe+CCGk4wDwYDVR0TAQH/BAUwAwEB\n/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAESj8P+xYe0CuuLw\n2uFMD8Re1i5DeG0prdhwn80WagBhGQEkJ6akOcS22Yjuj+k8OdTADSkAEORMfqJv\nzLyyXfl5uQah04IHAp6/CjY8fss0QOtuc/VBs0WSWix0ooUeBiILAuasSWWeVNjD\nei7+1HN3gOBtwpNViR2wa2JyDSMIWmMFfOJghPHczCGuRrFFM4gY8qlDqfD17ZG3\nxqt7BW3cTmq9ATJCN+747pa8D/VImG8RWQwuMV+h3eY/jr1U3zGqRvH6CpFSZ4HK\ngJFF5EHAhYppf5zWokwkN7oobnra8OThEW8INkApqSWwNcDrmoM5hb52/BigDIEn\nQPSCHzU=\n-----END
CERTIFICATE-----", "certificate_signing_request": "-----BEGIN CERTIFICATE
REQUEST-----\nMIICuzCCAaMCAQAwSTEYMBYGA1UEAwwPcHVibGljLnRlc3QuY29tMS0wKwYDVQQt\nDCQzOTIyNDJiOS1mYWVlLTQxYjEtYWE4NS1lNzc1YjM5YTBmYWUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT6XgGvvGBiUPYUToyo/1C/Y78vIWbwdMI\n0p2akcgE9jtikJ2Pr1V6V9ZgS9kvXeN/2WU+D3dXJijnV0h9mGHjwB5uptZ5bEYI\nG1vetuNiadyCYS1KQwuPqRtdbzQlSxVKS5X30e7gbrH7OmV+McUGP3Lj5FA0kQc4\nQKpZW/5kpnGb8JCAEwELNO3FhHKeiJ/VBweSOzZ4uwtbdTrDlk1EVbZ5EWPvdfb2\n42LmXobypkiwlIBMD53wvA3Mqm8sggtscDrcv0B71gfbN0BAZpbrfjV2gCdh8hnx\nH+O9eZ6+18VS+DKxfG9bgSugIoNIPNxXlDYhxcWf1lmYwAIcliaJAgMBAAGgLTAr\nBgkqhkiG9w0BCQ4xHjAcMBoGA1UdEQQTMBGCD3B1YmxpYy50ZXN0LmNvbTANBgkq\nhkiG9w0BAQsFAAOCAQEAL/aca+14YS5BkUsvk78WjNXq/HmVFs5ykpZbAVPUB+ln\nKpYOKB/MX8UoW6U4Gr2dAcC6sSw0saEmI7/5PftA5Y3gyDu8IjtszO27557vaLFC\nweDJYzBnU4puqrjRpOllAuqkoGJPSyThhCj/4WDYE18ZPHeVDWWBTz/hFk0rdGlj\njWg5Nu5xmb6dPrpIthER7fWSqttJtLlP/6xIW10scv1I7e2jh4YewAhyWbx3FdLD\nere3+bdt+f0S8NZJN6CTEjiutfn+FjhyGYt/CV+3xC5Y4+jJROiJkEcuNWkhal0F\nzNZBc4Be1WqKuohaMVd4Se0a6kkJU8wf7jaeHHrwnQ==\n-----END
CERTIFICATE REQUEST-----", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDeTCCAmGgAwIBAgIUdNqeOOJa93zNFwPkI2zaWtLiCucwDQYJKoZIhvcNAQEL\nBQAwQjERMA8GA1UEAwwIdGVzdC5jb20xLTArBgNVBC0MJDI1NzVlNWZmLWFkMDQt\nNDE4ZC1iZjVlLTQ4MWQ0ZDg5NDMxNjAeFw0yNTEwMjkxNDIwMTdaFw0yNTEyMTMx\nNDIwNDdaMBoxGDAWBgNVBAMTD3B1YmxpYy50ZXN0LmNvbTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBAJPpeAa+8YGJQ9hROjKj/UL9jvy8hZvB0wjSnZqR\nyAT2O2KQnY+vVXpX1mBL2S9d43/ZZT4Pd1cmKOdXSH2YYePAHm6m1nlsRggbW962\n42Jp3IJhLUpDC4+pG11vNCVLFUpLlffR7uBusfs6ZX4xxQY/cuPkUDSRBzhAqllb\n/mSmcZvwkIATAQs07cWEcp6In9UHB5I7Nni7C1t1OsOWTURVtnkRY+919vbjYuZe\nhvKmSLCUgEwPnfC8DcyqbyyCC2xwOty/QHvWB9s3QEBmlut+NXaAJ2HyGfEf4715\nnr7XxVL4MrF8b1uBK6Aig0g83FeUNiHFxZ/WWZjAAhyWJokCAwEAAaOBjjCBizAO\nBgNVHQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G\nA1UdDgQWBBQHHXRT7rrESD4Si2QZiUaTy+iPsjAfBgNVHSMEGDAWgBQMbMEtPlS/\nJMs0p2/+QFR74IIaTjAaBgNVHREEEzARgg9wdWJsaWMudGVzdC5jb20wDQYJKoZI\nhvcNAQELBQADggEBAItObGXfYW1n3f4WfCmrTkuUzsOPAgGRw1MhoDqsPE8xvgYG\nkXVRskp310CucIxPk9v8l4cwKCzgLcbqqN00e5YBdr3oBs3cOV2q/PPWeOofFkvx\nEebQq+v+dJBVMFuWjIHe64REuecvNKB/DYU1ymXVRUKF4jLZATlCyHJ3SjduZW9U\nACySj/HLZ3yg2L0WoGfIxb+9RbWVnHalNxelBAqvl/mZgsxG469oAxcgz6IlXyD0\ni6OX2FLC0LxO1CWCTVZy3p0EfxGsntLBlQBOk+IBt1l5a3x+xZo30V5hj1bmDl4c\n+KMmUrmgTEH6BRw7+RYOe5MzxYbsvgFmcGFngXM=\n-----END
CERTIFICATE-----", "chain": ["-----BEGIN CERTIFICATE-----\nMIIDYTCCAkmgAwIBAgIUTo4zqgukdB41i6aGR3RuTLCeqdIwDQYJKoZIhvcNAQEL\nBQAwLDEqMCgGA1UEAwwhc2VsZi1zaWduZWQtY2VydGlmaWNhdGVzLW9wZXJhdG9y\nMB4XDTI1MTAyOTE0MDYyOFoXDTI2MDEyNzE0MDYyOFowQjERMA8GA1UEAwwIdGVz\ndC5jb20xLTArBgNVBC0MJDI1NzVlNWZmLWFkMDQtNDE4ZC1iZjVlLTQ4MWQ0ZDg5\nNDMxNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeKU0iVVQmHMFPg\nm5Kkvi59NwC5dL9HOYMmyUlJizjbaJnMgLryDTrs3T58xG68jE3mjhHXObwQu2JV\nPRjaDLZl1Wu/BveEhn0nShKiMCwXr48Yu5ngPMRjx9/OHJaM2IVSIFb3WqjHyuut\nRMi6hoMcqTAG5ZLblLjVWgAj2Nu3txzzG96zm8Ljy5h3bBxgiUFR3X8YFc8ZK/17\nhij4DDTLko2fdrkq/UbKwzfAT2Bxm37penSl5CMnTumJUdwS6b8wDf30i0RDZ+74\nAnqR08hzNw249uGTo0liT+vImdbG6HFUNciIaQZuUV6jKNLsz+ux5jCrVkdktCXE\n0kVHuu8CAwEAAaNlMGMwIQYDVR0jBBowGIAWBBTw35QZ+94JcmjrQwWeW2RiNlSG\nNzAdBgNVHQ4EFgQUDGzBLT5UvyTLNKdv/kBUe+CCGk4wDwYDVR0TAQH/BAUwAwEB\n/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAESj8P+xYe0CuuLw\n2uFMD8Re1i5DeG0prdhwn80WagBhGQEkJ6akOcS22Yjuj+k8OdTADSkAEORMfqJv\nzLyyXfl5uQah04IHAp6/CjY8fss0QOtuc/VBs0WSWix0ooUeBiILAuasSWWeVNjD\nei7+1HN3gOBtwpNViR2wa2JyDSMIWmMFfOJghPHczCGuRrFFM4gY8qlDqfD17ZG3\nxqt7BW3cTmq9ATJCN+747pa8D/VImG8RWQwuMV+h3eY/jr1U3zGqRvH6CpFSZ4HK\ngJFF5EHAhYppf5zWokwkN7oobnra8OThEW8INkApqSWwNcDrmoM5hb52/BigDIEn\nQPSCHzU=\n-----END
CERTIFICATE-----"]}]'
related-units:
vault/0:
in-scope: true
data:
egress-subnets: 10.152.183.77/32
ingress-address: 10.152.183.77
private-address: 10.152.183.77Additional context
No response