Closed Pedro-Fernandes closed 3 years ago
Thanks for the report. So basically, the {profile}
is not being replaced properly. We need to investigate why this is.
Actually the {profile} is correct, i just replaced its name in the description text. Say i was using a dev profile, the application would try to read 'secret/application/dev' And the expected behaviour would be 'secret/my-application-name/dev'
Thank you for looking into it.
I wasn't able to reproduce the issue. The mechanism that computes the paths hasn't changed. Feel free to provide a minimal sample that is able to demonstrate the problem.
Please check this small project that reproduces the issue. Instructions to setup vault are on readme
I've ran into this issue as well @Pedro-Fernandes - did you find a resolution ?
Hey @darinhoward, no solution afaik.
The vault ACL policies cause the "permission denied" response. Please configure your Vault ACL policy correctly, see https://learn.hashicorp.com/tutorials/vault/policies for reference. The Vault reference documentation contains ACL methods and paths.
Hi @mp911de , I'm not sure commenting here is still valid, please advice.
Anyway, I'm still facing the same error as mentioned in this issue. The application was trying to read from secret/application
, and it failed to do so, then it read from secret/my-application-name
and succeeded --> there is a bunch of exception stacktraces in the application logs even though the application started successfully and I'm looking for a way to get rid of that.
I didn't get your last comment, I have configured a read-enabled policy for secret/my-application-name
, did you imply that I should have configured the same policy for the path secret/application
?
Nvm, I've just found it: setting spring.cloud.vault.kv.default-context=my-application-name
should do the job.
Thanks for the reference document.
Describe the bug Using Spring Cloud HOXTON.SR6, with Spring boot 2.3.2 When initiating the service, i get 403 errors trying to access "/secret/application" and "/secret/application/{profile}". The "application" in those paths should be replaced by my application name. Error: `[RequestedSecret [path='secret/application/{profile}’, mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] Status 403 Forbidden [secret/application/{profile}]: 1 error occurred:
The replacement works correctly and the erros are gone if i set spring.cloud.vault.generic.enabled = false. The problem is that this property is set for deprecation. Then what would be the way around it?
Sample Not working with the following bootstrap:
works with: