search

jenkinsci / hashicorp-vault-plugin

Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault.
https://plugins.jenkins.io/hashicorp-vault-plugin/
MIT License
218 stars 143 forks source link

Unable to fetch value from vault with CasC #217

Open skrishna375 opened 2 years ago

skrishna375 commented 2 years ago

Jenkins and plugins versions report

Environment ```text OS: CentOS 7 Jenkins Version: 2.289.2 Plugins: configuration-as-code: 1.55.1 hashicorp-vault-plugin: 3.8.0 credentials: 2.6.1 ``` I am using GCE to configure Jenkins Controller via Configuration-as-code plugin, while configuring Vault as a secret source provider - could see some difficulties from setting up the Environment variables and connecting to vault to fetch secrets. Queries: 1. Do we have any option "CASC_VAULT_FILE" from Java options like we have as "-Dcasc.jenkins.config" as am managing the installation via Package management and not using Docker/Kubernetes. 2. As an alternative, I had created a file with the following details and then exported to this variable before starting up the Jenkins service but am getting Variable unresolved error as given below. `WARNING i.j.p.c.SecretSourceResolver$UnresolvedLookup#lookup: Configuration import: Found unresolved variable 'test_user'. Will default to empty string` CASC_VAULT_FILE: CASC_VAULT_TOKEN= CASC_VAULT_PATHS=/jenkins/controller/ CASC_VAULT_URL= CASC_VAULT_ENGINE_VERSION=1

What Operating System are you using (both controller, and any agents involved in the problem)?

CentOS 7

Reproduction steps

Could replicate the same issue with Jenkins docker lts image for the version 2.289.2

Dockerfile:

FROM jenkins/jenkins:2.289.2-lts
COPY --chown=jenkins:jenkins plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN jenkins-plugin-cli -f /usr/share/jenkins/ref/plugins.txt

Plugins: credentials:2.6.1 configuration-as-code:1.55.1 hashicorp-vault-plugin:3.8.0

Expected Results

Jenkins should be able to fetch secrets from the vault as declared in the configuration Environment variable to configure via Package installation

Actual Results

Unable to fetch values from vault due to the error as mentioned

WARNING i.j.p.c.SecretSourceResolver$UnresolvedLookup#lookup: Configuration import: Found unresolved variable 'test_user'. Will default to empty string

Anything else?

No response

dshvedchenko commented 1 year ago

pls try to adjust CASC_VAULT_PATHS=<mountpoint>/jenkins/controller/

skrishna375 commented 1 year ago

Hi @dshvedchenko ,

We don't have any mountpoint setup in vault, can you help here further and let me know if any information required from my end.

Thanks in advance.

dshvedchenko commented 1 year ago

@skrishna375 sorry to respond late, the default mountpoint in vault is secret. so you can try it