Fixing vault client unwrap function to respect server.verify option.

Currently VaultClient.unwrap is doing own request call without respecting verify option. Any other function is reusing self.request or self.raw_request function which are respecting correctly verify opt. This will change unwrap function to also utilize self.post() which is reusing self.request.
2025-04-10 14:51:40 +00:00 · 2024-03-12 16:16:17 +02:00 · 2024-03-12 16:16:17 +02:00 · 7c9305418c
commit 7c9305418c
parent ef2fb24bd1
2 changed files with 3 additions and 5 deletions
--- a/changelog/66213.fixed.md
+++ b/changelog/66213.fixed.md
@ -0,0 +1 @@
+Fix vault module doesn't respect `server.verify` option during unwrap if verify is set to `False` or CA file on the disk
--- a/salt/utils/vault/client.py
+++ b/salt/utils/vault/client.py
@ -240,17 +240,14 @@ class VaultClient:
                    namespace=self.namespace,
                    verify=self.verify,
                )
-        url = self._get_url("sys/wrapping/unwrap")
+        endpoint = "sys/wrapping/unwrap"
        headers = self._get_headers()
        payload = {}
        if "X-Vault-Token" not in headers:
            headers["X-Vault-Token"] = str(wrapped)
        else:
            payload["token"] = str(wrapped)
-        res = self.session.request("POST", url, headers=headers, json=payload)
-        if not res.ok:
-            self._raise_status(res)
-        return res.json()
+        return self.post(endpoint=endpoint, add_headers=headers, payload=payload)

    def wrap_info(self, wrapped):
        """
				`@ -0,0 +1 @@`
				Fix vault module doesn't respect `server.verify` option during unwrap if verify is set to `False` or CA file on the disk