search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
272 stars 151 forks source link

`spring.cloud.vault.ssl.cert-auth-path` is not considered for TLS authentication #610

Closed user404d closed 2 years ago

user404d commented 2 years ago

Problem: The path option available for vault authentication methods is not used when configuring the certificate authentication client.

Context: We have a deployment where we mount the certificate authentication method to a path different from the default ("cert") and need our applications to use the path we have chosen.

Relevant links:

https://github.com/spring-cloud/spring-cloud-vault/blob/99f49bec23b63e18b826d6442ae991be1c7456a9/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/ClientAuthenticationFactory.java#L120-L121

https://github.com/spring-projects/spring-vault/blob/86dbf474bb9f10114148b125ad948266c06442c3/spring-vault-core/src/main/java/org/springframework/vault/authentication/ClientCertificateAuthentication.java#L58-L59

https://github.com/spring-projects/spring-vault/blob/86dbf474bb9f10114148b125ad948266c06442c3/spring-vault-core/src/main/java/org/springframework/vault/authentication/ClientCertificateAuthenticationOptions.java#L74

I am worried about what my employer considers theirs so sorry for being a bit vague. I also don't know how to fix the other links so it does the pretty inline code preview thing /shrug

mp911de commented 2 years ago

Thanks for reporting the issue. The path for the TLS auth backend has never been considered, VaultProperties.Ssl.getPath() is never read. Since you've started looking into the code, do you want to submit a pull request that assembles ClientCertificateAuthenticationOptions in ClientAuthenticationFactory?