search

spring-cloud / spring-cloud-consul

Spring Cloud Consul
http://cloud.spring.io/spring-cloud-consul/
Apache License 2.0
805 stars 543 forks source link

Accessed Consul cluster's KV store with TLS and ACL enabled through code, but Spring Boot configuration failure #834

Open happy2wh7 opened 5 months ago

happy2wh7 commented 5 months ago

This question might not be appropriate to ask here, but I have tried various methods and still can't solve the problem.

Using com.orbitz.consul.consul-client:1.5.3, I can retrieve the value of the key from Consul's KV store in code. However, configuring it with Spring Boot 3.2.2 fails.

I have set up a Consul cluster with three nodes, all running in server mode. TLS is enabled for both outgoing and incoming connections, and ACL is also enabled. I used the same CA to issue p12-format certificates for accessing the Consul cluster.

I created a value with the key config/example-spring,dev/data in Consul's KV store and generated an ACL token with the necessary permissions to access this key.

The crucial part of the code is as follows:

#load the p12 file from the file system and trust any certificate.
SSLContext sslContext = createSSLContext("/path/to/user1.p12", "key-password");
Consul consul = Consul.builder().withAclToken("58f89672-c9a1-8a97-0d0c-cd2a32fb8f36")
        .withUrl("https://c3.consul.casa:8501")
        .withHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        })
        .withSslContext(sslContext).build(); 
KeyValueClient kvClient = consul.keyValueClient();

#Successfully retrieved the value
String yaml = kvClient.getValueAsString("config/example-spring,dev/data").get();

In my understanding, the configuration of the Consul cluster is correct. but the configuration fails with Spring Boot 3.2.2

application.properties:

spring.profiles.active=dev
spring.application.name=example-spring
spring.config.import=consul:

bootstrap.yml:

spring:
  cloud:
    consul:
      enabled: true
      host: c3.consul.casa
      port: 8501
      scheme: https
      config:
        enabled: true
        acl-token: "58f89672-c9a1-8a97-0d0c-cd2a32fb8f36"
        format: YAML
        data-key: data
        profileSeparator: ","
        watch:
          enabled: false
      tls:
        key-store-instance-type: pkcs12
        key-store-path: classpath:user1.p12
        key-store-password: key-password

error message:

***************************
APPLICATION FAILED TO START
***************************

Description:

Config data resource '[ConsulConfigDataResource@275fe372 context = 'config/example-spring,dev/', optional = true, properties = [ConsulConfigProperties@40e10ff8 enabled = true, prefixes = list['config'], defaultContext = 'application', profileSeparator = ',', format = KEY_VALUE, dataKey = 'data', aclToken = [null], watch = [ConsulConfigProperties.Watch@557a1e2d waitTime = 55, enabled = true, delay = 1000], failFast = true, name = 'example-spring'], profile = 'dev']' via location 'consul:' does not exist

Action:

Check that the value 'consul:' at class path resource [application.properties] - 4:22 is correct, or prefix it with 'optional:'

Thanks all.