search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
272 stars 151 forks source link

GCP-IAM authentication fails with reactive #593

Closed pbseguel closed 3 years ago

pbseguel commented 3 years ago

Describe the bug

GCP-IAM authentication fails when reactive classes are present in the context even with spring.cloud.vault.reactive.enabled=false.

Versions:

Error trace:

10:34:23.082 [main] ERROR org.springframework.boot.SpringApplication - Application run failed
java.lang.IllegalStateException: Cannot construct VaultTokenSupplier from org.springframework.vault.authentication.GcpIamCredentialsAuthentication@21f9277b. ClientAuthentication must implement AuthenticationStepsFactory or be TokenAuthentication
at org.springframework.cloud.vault.config.VaultReactiveConfiguration.createVaultTokenSupplier(VaultReactiveConfiguration.java:126)
at org.springframework.cloud.vault.config.VaultConfigDataLoader$ReactiveInfrastructure.lambda$registerTokenSupplier$6(VaultConfigDataLoader.java:548)
at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
at org.springframework.cloud.vault.config.VaultConfigDataLoader$ReactiveInfrastructure.lambda$registerReactiveSessionManager$8(VaultConfigDataLoader.java:566)
at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
at org.springframework.cloud.vault.config.VaultConfigDataLoader$ReactiveInfrastructure.lambda$registerSessionManager$9(VaultConfigDataLoader.java:574)
at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
at org.springframework.cloud.vault.config.VaultConfigDataLoader.lambda$registerImperativeInfrastructure$4(VaultConfigDataLoader.java:195)
at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
at org.springframework.cloud.vault.config.VaultConfigDataLoader.lambda$registerSecretLeaseContainer$10(VaultConfigDataLoader.java:251)
at org.springframework.boot.DefaultBootstrapContext.getInstance(DefaultBootstrapContext.java:119)
at org.springframework.boot.DefaultBootstrapContext.getOrElseThrow(DefaultBootstrapContext.java:111)
at org.springframework.boot.DefaultBootstrapContext.get(DefaultBootstrapContext.java:88)
at org.springframework.cloud.vault.config.VaultConfigDataLoader.lambda$loadConfigData$1(VaultConfigDataLoader.java:158)
at org.springframework.cloud.vault.config.VaultConfigDataLoader.createConfigData(VaultConfigDataLoader.java:227)
at org.springframework.cloud.vault.config.VaultConfigDataLoader.loadConfigData(VaultConfigDataLoader.java:158)
at org.springframework.cloud.vault.config.VaultConfigDataLoader.load(VaultConfigDataLoader.java:135)
at org.springframework.cloud.vault.config.VaultConfigDataLoader.load(VaultConfigDataLoader.java:94)
at org.springframework.boot.context.config.ConfigDataLoaders.load(ConfigDataLoaders.java:103)
at org.springframework.boot.context.config.ConfigDataImporter.load(ConfigDataImporter.java:118)
at org.springframework.boot.context.config.ConfigDataImporter.resolveAndLoad(ConfigDataImporter.java:82)
at org.springframework.boot.context.config.ConfigDataEnvironmentContributors.withProcessedImports(ConfigDataEnvironmentContributors.java:121)
at org.springframework.boot.context.config.ConfigDataEnvironment.processWithProfiles(ConfigDataEnvironment.java:311)
at org.springframework.boot.context.config.ConfigDataEnvironment.processAndApply(ConfigDataEnvironment.java:235)
at org.springframework.boot.context.config.ConfigDataEnvironmentPostProcessor.postProcessEnvironment(ConfigDataEnvironmentPostProcessor.java:97)
at org.springframework.boot.context.config.ConfigDataEnvironmentPostProcessor.postProcessEnvironment(ConfigDataEnvironmentPostProcessor.java:89)
at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEnvironmentPreparedEvent(EnvironmentPostProcessorApplicationListener.java:100)
at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEvent(EnvironmentPostProcessorApplicationListener.java:86)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131)
at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:82)
at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:63)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:117)
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:111)
at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:62)
at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:375)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:333)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1340)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329)
at com.example.Application.main(Application.java:15)

Sample

application.yml

spring:
  cloud:
    vault:
      enabled: true
      reactive:
        enabled: false
      uri: https://gcp-vault-uri
      namespace: my-namespace
      authentication: GCP_IAM
      gcp-iam:
        role: my-role
        service-account-id: my-service-account@gcp-project-id.iam.gserviceaccount.com
        project-id: gcp-project-id
  config:
    import: vault://
mp911de commented 3 years ago

GCP IAM Credentials isn't support for reactive use-cases as it uses a blocking HTTP client internally via the GCP Cloud SDK. See also https://docs.spring.io/spring-vault/docs/current/reference/html/#vault.authentication.gcpiam.