Starting TX EDC 0.8.0-RC3 in a local environment (based on EDC 0.10.0-20240918-SNAPSHOT, hence main) outputs a hashicorp vault warning both in control-plane and data-plane images when using a static EDC_VAULT_HASHICORP_TOKEN from the environment
Expected Behavior
No Warning, token refresh should work.
Observed Behavior
WARNING 2024-09-27T14:06:12.663937303 [Hashicorp Vault] Initial token look up failed with reason: Failed to look up token with reason: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 1, column: 1]
Since the initial token lookup failed, the guess is that also the refresh does not work.
Steps to Reproduce
Steps to reproduce the behavior:
Run a local vault with a preconfigured token
configure a tractus-x image (also tested with TX EDC 0.7.4 --> EDC 0.7.2 - same problem) against the vault using that token in EDC_VAULT_HASHICORP_TOKEN
start the image and log at the log
Context Information
EDC main/0.10.0-20240918-SNAPSHOT inside of TX EDC 0.8.0-RC3
hashicorp/vault:>1.17.3 as the vault implementation (docker releae "vault" stuck with <=1.13.3 7 months ago - see https://hub.docker.com/_/vault)
OS: MacOS, Orbstack with linux/amd64 rosetta emulation
Detailed Description
The culprit seems to lie in the HashiCorpVaultClient#isTokenRenewable method
The TOKEN_LOOK_UP_SELF_PATH is encoded as "v1%2Fauth%2Ftoken%2Flookup-self" and appended to the vault url.
A call is then made to (local cluster sample) "http://vault:8201/v1%2Fauth%2Ftoken%2Flookup-self". The default hashicorp/vault:latest image answers with "200 OK" from a redirection to "http://vault:8201/ui" and the content will be html, not the expected json response (which shows the seen parsing error/warning).
Possible Implementation
Instead of
var uri = settings.url()
.newBuilder()
.addPathSegment(TOKEN_LOOK_UP_SELF_PATH)
.build();
it rather should be
var uri = settings.url()
.newBuilder()
.addPathSegments(TOKEN_LOOK_UP_SELF_PATH)
.build();
to split the TOKEN_LOOK_UP_SELF_PATH before encoding only the remaining individual segments and not encoding the TOKEN_LOOK_UP_SELF_PATH as a whole.
Bug Report
Describe the Bug
Starting TX EDC 0.8.0-RC3 in a local environment (based on EDC 0.10.0-20240918-SNAPSHOT, hence main) outputs a hashicorp vault warning both in control-plane and data-plane images when using a static EDC_VAULT_HASHICORP_TOKEN from the environment
Expected Behavior
No Warning, token refresh should work.
Observed Behavior
WARNING 2024-09-27T14:06:12.663937303 [Hashicorp Vault] Initial token look up failed with reason: Failed to look up token with reason: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: REDACTED (
StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION
disabled); line: 1, column: 1]Since the initial token lookup failed, the guess is that also the refresh does not work.
Steps to Reproduce
Steps to reproduce the behavior:
Context Information
Detailed Description
The culprit seems to lie in the HashiCorpVaultClient#isTokenRenewable method
https://github.com/eclipse-edc/Connector/blob/067ded3635b33a81c645cfe061dec5bbf73e00c0/extensions/common/vault/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/client/HashicorpVaultClient.java#L124
especially when compared to the renewToken implementation
https://github.com/eclipse-edc/Connector/blob/067ded3635b33a81c645cfe061dec5bbf73e00c0/extensions/common/vault/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/client/HashicorpVaultClient.java#L161
The TOKEN_LOOK_UP_SELF_PATH is encoded as "v1%2Fauth%2Ftoken%2Flookup-self" and appended to the vault url. A call is then made to (local cluster sample) "http://vault:8201/v1%2Fauth%2Ftoken%2Flookup-self". The default hashicorp/vault:latest image answers with "200 OK" from a redirection to "http://vault:8201/ui" and the content will be html, not the expected json response (which shows the seen parsing error/warning).
Possible Implementation
Instead of
it rather should be
to split the TOKEN_LOOK_UP_SELF_PATH before encoding only the remaining individual segments and not encoding the TOKEN_LOOK_UP_SELF_PATH as a whole.