search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
272 stars 151 forks source link

AppRole authentication failed when only roleId provided with reactive #591

Closed chany714 closed 3 years ago

chany714 commented 3 years ago

Describe the bug

AppRole authentication failed when only 'roleId' provided on reactive even with spring.cloud.vault.reactive.enabled=false. With same configuration, spring mvc works as expected.

version

15:21:45.431 [main] ERROR org.springframework.boot.SpringApplication - Application run failed
java.lang.IllegalArgumentException: Unknown SecretId configuration: INSTANCE
    at org.springframework.vault.authentication.AppRoleAuthentication.getSecretIdSteps(AppRoleAuthentication.java:158)
    at org.springframework.vault.authentication.AppRoleAuthentication.getAuthenticationSteps(AppRoleAuthentication.java:110)
    at org.springframework.vault.authentication.AppRoleAuthentication.createAuthenticationSteps(AppRoleAuthentication.java:103)
    at org.springframework.vault.authentication.AppRoleAuthentication.getAuthenticationSteps(AppRoleAuthentication.java:177)
    at org.springframework.cloud.vault.config.VaultReactiveConfiguration.createAuthenticationStepsOperator(VaultReactiveConfiguration.java:138)
    at org.springframework.cloud.vault.config.VaultReactiveConfiguration.createVaultTokenSupplier(VaultReactiveConfiguration.java:122)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader$ReactiveInfrastructure.lambda$registerTokenSupplier$6(VaultConfigDataLoader.java:548)
    at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
    at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
    at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader$ReactiveInfrastructure.lambda$registerReactiveSessionManager$8(VaultConfigDataLoader.java:566)
    at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
    at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
    at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader$ReactiveInfrastructure.lambda$registerSessionManager$9(VaultConfigDataLoader.java:574)
    at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
    at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
    at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader.lambda$registerImperativeInfrastructure$4(VaultConfigDataLoader.java:195)
    at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
    at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
    at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader.lambda$registerVaultConfigTemplate$7(VaultConfigDataLoader.java:232)
    at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
    at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
    at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader.lambda$loadConfigData$2(VaultConfigDataLoader.java:163)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader.createConfigData(VaultConfigDataLoader.java:227)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader.loadConfigData(VaultConfigDataLoader.java:162)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader.load(VaultConfigDataLoader.java:135)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader.load(VaultConfigDataLoader.java:94)
    at org.springframework.boot.context.config.ConfigDataLoaders.load(ConfigDataLoaders.java:103)
    at org.springframework.boot.context.config.ConfigDataImporter.load(ConfigDataImporter.java:118)
    at org.springframework.boot.context.config.ConfigDataImporter.resolveAndLoad(ConfigDataImporter.java:82)
    at org.springframework.boot.context.config.ConfigDataEnvironmentContributors.withProcessedImports(ConfigDataEnvironmentContributors.java:121)
    at org.springframework.boot.context.config.ConfigDataEnvironment.processWithProfiles(ConfigDataEnvironment.java:311)
    at org.springframework.boot.context.config.ConfigDataEnvironment.processAndApply(ConfigDataEnvironment.java:235)
    at org.springframework.boot.context.config.ConfigDataEnvironmentPostProcessor.postProcessEnvironment(ConfigDataEnvironmentPostProcessor.java:97)
    at org.springframework.boot.context.config.ConfigDataEnvironmentPostProcessor.postProcessEnvironment(ConfigDataEnvironmentPostProcessor.java:89)
    at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEnvironmentPreparedEvent(EnvironmentPostProcessorApplicationListener.java:100)
    at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEvent(EnvironmentPostProcessorApplicationListener.java:86)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131)
    at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:82)
    at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:63)
    at java.util.ArrayList.forEach(ArrayList.java:1257)
    at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:117)
    at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:111)
    at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:62)
    at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:375)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:333)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1340)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329)

Sample application.yml

spring:
  cloud:
    vault:
      enabled: true
      reactive:
        enabled: false
      host: localhost
      port: 8200
      scheme: http
      authentication: APPROLE
      app-role:
        role-id: 1b45faa0-35fd-0110-4c9f-25936cd7857a
      fail-fast: true
  config:
    import: vault://
herblover commented 3 years ago

Any update for this?

mp911de commented 3 years ago

That is a bug in Spring Vault. I created a new ticket at https://github.com/spring-projects/spring-vault/issues/656,