search

avioconsulting / mule-vault-properties-provider

Mule 4 Properties Provider for properties from HashiCorp Vault
BSD 2-Clause "Simplified" License
6 stars 7 forks source link

SSL Configuration with Token Authentication (PEM) spring properties error #1

Closed epheatt closed 5 years ago

epheatt commented 5 years ago

When using a combination a basic vaultToken and ssl pemFile (holding the chain cert) a null pointer is thrown by spring properties resolver when connecting to a https vault url. When pemFile is removed and verifySSL=false able to successfully connect with a token to a https vault url

<vault-properties-provider:config name="config" vaultUrl="https://localhost:8200">
  <vault-properties-provider:basic vaultToken="s.uo18rIGCFexkcxOOJET97EPA" kvVersion="2"/>
  <vault-properties-provider:ssl pemFile="ssl/my.pem" verifySSL="true" />
</vault-properties-provider:config>

ERROR 2019-10-25 16:37:02,491 [Mule.app.deployer.monitor.1.thread.1] org.mule.runtime.module.deployment.internal.DefaultArchiveDeployer: Failed to deploy artifact [mule-vault-demo]
org.mule.runtime.deployment.model.api.DeploymentException: Failed to deploy artifact [mule-vault-demo]
Caused by: org.mule.runtime.api.exception.MuleRuntimeException: org.mule.runtime.deployment.model.api.DeploymentInitException: PropertyBatchUpdateException: Failed properties: Property 'parameters' threw exception; nested exception is java.lang.NullPointerException
Caused by: org.mule.runtime.deployment.model.api.DeploymentInitException: PropertyBatchUpdateException: Failed properties: Property 'parameters' threw exception; nested exception is java.lang.NullPointerException
Caused by: org.mule.runtime.core.api.config.ConfigurationException: Error creating bean with name 'HTTP_Listener': Cannot create inner bean '(inner bean)#4736e87d' of type [org.mule.runtime.module.extension.internal.config.dsl.connection.ConnectionProviderObjectFactory$$EnhancerByCGLIB$$fc09cb67] while setting bean property 'connectionProviderResolver'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#4736e87d': Error setting property values; nested exception is org.springframework.beans.PropertyBatchUpdateException; nested PropertyAccessExceptions (1) are:
PropertyAccessException 1: org.springframework.beans.MethodInvocationException: Property 'parameters' threw exception; nested exception is java.lang.NullPointerException
Caused by: org.mule.runtime.api.lifecycle.InitialisationException: Error creating bean with name 'HTTP_Listener': Cannot create inner bean '(inner bean)#4736e87d' of type [org.mule.runtime.module.extension.internal.config.dsl.connection.ConnectionProviderObjectFactory$$EnhancerByCGLIB$$fc09cb67] while setting bean property 'connectionProviderResolver'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#4736e87d': Error setting property values; nested exception is org.springframework.beans.PropertyBatchUpdateException; nested PropertyAccessExceptions (1) are:
PropertyAccessException 1: org.springframework.beans.MethodInvocationException: Property 'parameters' threw exception; nested exception is java.lang.NullPointerException
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'HTTP_Listener': Cannot create inner bean '(inner bean)#4736e87d' of type [org.mule.runtime.module.extension.internal.config.dsl.connection.ConnectionProviderObjectFactory$$EnhancerByCGLIB$$fc09cb67] while setting bean property 'connectionProviderResolver'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#4736e87d': Error setting property values; nested exception is org.springframework.beans.PropertyBatchUpdateException; nested PropertyAccessExceptions (1) are:
PropertyAccessException 1: org.springframework.beans.MethodInvocationException: Property 'parameters' threw exception; nested exception is java.lang.NullPointerException
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:327) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:131) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1681) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1433) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:592) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:515) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.mule.runtime.config.internal.ObjectProviderAwareBeanFactory.getBean(ObjectProviderAwareBeanFactory.java:73) ~[mule-module-spring-config-4.2.0.jar:4.2.0]
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:830) ~[spring-beans-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:877) ~[spring-context-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549) ~[spring-context-5.1.6.RELEASE.jar:5.1.6.RELEASE]
    at org.mule.runtime.config.internal.SpringRegistry.doInitialise(SpringRegistry.java:100) ~[mule-module-spring-config-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.internal.registry.AbstractRegistry.initialise(AbstractRegistry.java:93) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.internal.registry.MuleRegistryHelper.fireLifecycle(MuleRegistryHelper.java:110) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.internal.lifecycle.MuleContextLifecycleManager$MuleContextLifecycleCallback.onTransition(MuleContextLifecycleManager.java:73) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.internal.lifecycle.MuleContextLifecycleManager$MuleContextLifecycleCallback.onTransition(MuleContextLifecycleManager.java:69) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager.invokePhase(AbstractLifecycleManager.java:134) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.internal.lifecycle.MuleContextLifecycleManager.fireLifecycle(MuleContextLifecycleManager.java:61) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.internal.context.DefaultMuleContext.initialise(DefaultMuleContext.java:297) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.context.DefaultMuleContextFactory.doCreateMuleContext(DefaultMuleContextFactory.java:188) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.context.DefaultMuleContextFactory.createMuleContext(DefaultMuleContextFactory.java:59) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.impl.internal.artifact.ArtifactContextBuilder.lambda$build$2(ArtifactContextBuilder.java:487) ~[mule-module-deployment-model-impl-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.util.ExceptionUtils.tryExpecting(ExceptionUtils.java:227) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.util.ClassUtils.withContextClassLoader(ClassUtils.java:915) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.util.ClassUtils.withContextClassLoader(ClassUtils.java:879) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.impl.internal.artifact.ArtifactContextBuilder.build(ArtifactContextBuilder.java:398) ~[mule-module-deployment-model-impl-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.impl.internal.application.DefaultMuleApplication.doInit(DefaultMuleApplication.java:221) ~[mule-module-deployment-model-impl-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.impl.internal.application.DefaultMuleApplication.init(DefaultMuleApplication.java:190) ~[mule-module-deployment-model-impl-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.util.ClassUtils.lambda$withContextClassLoader$9(ClassUtils.java:860) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.util.ExceptionUtils.tryExpecting(ExceptionUtils.java:227) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.util.ClassUtils.withContextClassLoader(ClassUtils.java:915) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.util.ClassUtils.withContextClassLoader(ClassUtils.java:879) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.core.api.util.ClassUtils.withContextClassLoader(ClassUtils.java:859) ~[mule-core-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.impl.internal.artifact.DeployableArtifactWrapper.executeWithinArtifactClassLoader(DeployableArtifactWrapper.java:140) ~[mule-module-deployment-model-impl-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.impl.internal.artifact.DeployableArtifactWrapper.init(DeployableArtifactWrapper.java:83) ~[mule-module-deployment-model-impl-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.internal.DefaultArtifactDeployer.doInit(DefaultArtifactDeployer.java:63) ~[mule-module-deployment-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.internal.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:28) ~[mule-module-deployment-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.internal.DefaultArchiveDeployer.redeploy(DefaultArchiveDeployer.java:445) [mule-module-deployment-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.internal.DefaultArchiveDeployer.redeploy(DefaultArchiveDeployer.java:56) [mule-module-deployment-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.internal.DeploymentDirectoryWatcher.redeployModifiedArtifacts(DeploymentDirectoryWatcher.java:479) [mule-module-deployment-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.internal.DeploymentDirectoryWatcher.redeployModifiedApplications(DeploymentDirectoryWatcher.java:466) [mule-module-deployment-4.2.0.jar:4.2.0]
    at org.mule.runtime.module.deployment.internal.DeploymentDirectoryWatcher.run(DeploymentDirectoryWatcher.java:305) [mule-module-deployment-4.2.0.jar:4.2.0]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_211]
    at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_211]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_211]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_211]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_211]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_211]
    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_211]
adammead commented 5 years ago

@epheatt I have tried reproducing the issue locally, but have been unable to do so. Which version of the Mule runtime are you using? If running via studio, which version of studio are you using?

In my sample, I am connecting to a local vault server that has this configuration:

ui = true
storage "inmem" {}

listener "tcp" {
  address = "127.0.0.1:8200"
  tls_cert_file = "ssl/vault-cert.pem"
  tls_key_file = "ssl/vault-privkey.pem"
}

In my sample project, my configuration looks like this (using Vault properties provider version 0.3.0, Anypoint Studio version 7.3.2, Mule runtime version 4.1.4):

<vault-properties-provider:config name="Vault_Properties_Provider_Config">
  <vault-properties-provider:token-connection vaultUrl="https://127.0.0.1:8200" engineVersion="v2" vaultToken="s.t3Lh3e4cQdWoqGrtAW6oH88m" >
    <vault-properties-provider:ssl-properties pemFile="ssl/root-cert.pem" />
  </vault-properties-provider:token-connection>
</vault-properties-provider:config>

root-cert.pem is the parent cert for vault-cert.pem.

epheatt commented 5 years ago

I changed the pemFile path to be "${mule.home}/apps/${app.name}/ssl/root-cert.pem" and the null pointer error for the properties was resolved so I guess the resource was just not getting resolved to a relative path. In the current annotated version of the code I see the verifySSL override has been removed, is there any intention of reintroducing the ability to disable verification for development environments?

adammead commented 5 years ago

The verifySSL parameter has been added back in with 0.3.2.