search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
270 stars 151 forks source link

Updating spring boot 2.6.7 to 3.0.2; Vault connections are failing #669

Closed voodemsanthosh closed 1 year ago

voodemsanthosh commented 1 year ago

Trying to upgrade spring boot 2.6.7 to 3.0.2 and it is failing to load vault configuration with below exception

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'vaultPropertySourceLocator' defined in class path resource [org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfiguration.class]: Unsatisfied dependency expressed through method 'vaultPropertySourceLocator' parameter 0: Error creating bean with name 'vaultTemplate' defined in class path resource [org/springframework/cloud/vault/config/VaultBootstrapConfiguration.class]: Failed to instantiate [org.springframework.vault.core.VaultTemplate]: Factory method 'vaultTemplate' threw exception with message: Error creating bean with name 'vaultSessionManager' defined in class path resource [org/springframework/cloud/vault/config/VaultBootstrapConfiguration.class]: Unsatisfied dependency expressed through method 'vaultSessionManager' parameter 0: Error creating bean with name 'clientAuthentication' defined in class path resource [org/springframework/cloud/vault/config/VaultBootstrapConfiguration.class]: Failed to instantiate [org.springframework.vault.authentication.ClientAuthentication]: Factory method 'clientAuthentication' threw exception with message: Cannot create authentication mechanism for TOKEN. This method requires either a Token (spring.cloud.vault.token) or a token file at ~/.vault-token.
    at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:798) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:548) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1324) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1161) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:561) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:521) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:326) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:324) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:961) ~[spring-beans-6.0.4.jar:6.0.4]
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:915) ~[spring-context-6.0.4.jar:6.0.4]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:584) ~[spring-context-6.0.4.jar:6.0.4]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:730) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:432) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:308) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:150) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener.bootstrapServiceContext(BootstrapApplicationListener.java:195) ~[spring-cloud-context-4.0.0.jar:4.0.0]
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:114) ~[spring-cloud-context-4.0.0.jar:4.0.0]
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:77) ~[spring-cloud-context-4.0.0.jar:4.0.0]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176) ~[spring-context-6.0.4.jar:6.0.4]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169) ~[spring-context-6.0.4.jar:6.0.4]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143) ~[spring-context-6.0.4.jar:6.0.4]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131) ~[spring-context-6.0.4.jar:6.0.4]
    at org.springframework.boot.context.event.EventPublishingRunListener.multicastInitialEvent(EventPublishingRunListener.java:136) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:81) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:64) ~[spring-boot-3.0.2.jar:3.0.2]
    at java.lang.Iterable.forEach(Iterable.java:75) ~[?:?]
    at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:118) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:112) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:63) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:352) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1302) ~[spring-boot-3.0.2.jar:3.0.2]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1291) ~[spring-boot-3.0.2.jar:3.0.2]

Spring boot 3.0.2 Spring cloud version 2022.0.0 Java version 17

Sample application.yml

spring:
  application:
    name: demo-api
  config:
    import: configserver:http://${SPRING_CLOUD_CONFIG_USERNAME}:${SPRING_CLOUD_CONFIG_PASSWORD}@${configUrl}?fail-fast=true&max-attempts=10&max-interval=1500&multiplier=1.2&initial-interval=1100
  cloud:
    config:
      enabled: true #Make sure to toggle to false for local testing and always true in the repo.
      name: demo-api
    vault:
      enabled: true
      uri: ${vaultUri}
      kv:
        enabled: true
        backend: kv
        default-context: ${context}
        application-name: ${applications}
      kv-version: 2
      order: -1
      backend: kv
      profile-separator: /
      authentication: APPROLE
      namespace: ${vaultNamespace}
      app-role:
        role: ${role}
        app-role-path: approle
        secret-id: ${secretId}
        role-id: ${roleId}

Same configuration working with spring boot 2.6.7 version

mp911de commented 1 year ago

For some reason, your auth mechanism is configured to TOKEN and not APPROLE. Based on the provided details, there's no indication why this is.

voodemsanthosh commented 1 year ago

I am using authentication is APPROLE, but still it is making as TOKEN. I am little suspecting with loading my vault properties. Due to properties are not able to load and it could defaulting to TOKEN ?

I have changed my bootstrap.yml file to application.yml, will that cause to load vault configurations ?

mp911de commented 1 year ago

It can well be that your application config isn't loaded. But that is a concern to be solved in your application infrastructure and configuration location.

voodemsanthosh commented 1 year ago

Same configuration(mentioned above) is working with spring boot 2.6.7 version, later update spring boot version 3.0.2 is not working. Do we need anything to address from spring boot latest version to load vault configs ?

voodemsanthosh commented 1 year ago

Any further update or clue for investigating this issue

mp911de commented 1 year ago

Until you've figured out, why your application.yml isn't applied, there's nothing we can do here.

You could disable the vault bits and evaluate the spring.cloud.vault.authentication property from Spring's Environment to verify your configuration has been applied.

mp911de commented 1 year ago

Closing this one as this ticket isn't actionable.