Closed WillemTheWalrus closed 7 months ago
You provided both, scheme
and uri
. A configured URI has precedence over scheme, hostname and port.
Please either configure URI or scheme/hostname/port.
I removed the scheme
attribute but am still seeing the same error. Here is the updated cloud.vault
section of my application-local.yml
file:
cloud.vault:
enabled: true
token: 00000000-0000-0000-0000-000000000000
uri: http://localhost:8200
It appears as though the URI I provided is not being used
By using HTTPS in the URI, you can switch to SSL. Also, your URL looks like the default values.
Since this is for local development, I would like to avoid setting up SSL on my local vault container. Is there any way to configure it so that it can make requests over http instead of https?
Also I tried changing the URI to https://localhost:8201
just to see if it would pick up any of configuration changes and it appears to still be using the same default URI. I made sure to clean and rebuild the project. Here is the stack trace:
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://localhost:8200/v1/secret/application/local": Unsupported or unrecognized SSL message
at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:888) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:868) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:764) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:378) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.vault.core.VaultTemplate.lambda$doRead$5(VaultTemplate.java:461) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:448) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:458) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:353) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:621) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.lease.SecretLeaseContainer.doStart(SecretLeaseContainer.java:366) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:356) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:319) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:176) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:161) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:119) ~[spring-vault-core-3.0.0.jar:3.0.0]
at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:146) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:83) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.doCreatePropertySources(VaultPropertySourceLocatorSupport.java:122) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.createCompositePropertySource(VaultPropertySourceLocatorSupport.java:101) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.locate(VaultPropertySourceLocatorSupport.java:76) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:50) ~[spring-cloud-context-4.0.2.jar:4.0.2]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:46) ~[spring-cloud-context-4.0.2.jar:4.0.2]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:95) ~[spring-cloud-context-4.0.2.jar:4.0.2]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:605) ~[spring-boot-3.0.6.jar:3.0.6]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:385) ~[spring-boot-3.0.6.jar:3.0.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:309) ~[spring-boot-3.0.6.jar:3.0.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1304) ~[spring-boot-3.0.6.jar:3.0.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1293) ~[spring-boot-3.0.6.jar:3.0.6]
Here is the log printed before the stack trace:
2023-12-05T07:02:56.582-08:00 WARN 98972 --- [ restartedMain] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/application/local', mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] I/O error on GET request for "https://localhost:8200/v1/secret/application/local": Unsupported or unrecognized SSL message
Does anything change if you provide that value as system property or via application.yml
? I totally missed that you were looking for disabling HTTPS, I was under the impression you wanted to enable it.
Setting it as a System property worked!
While I am happy that this removed the error, is there any way to configure this in the properties file instead?
I assume that due to the early nature of Spring Boot's config file handling, profile-specific config files aren't parsed yet.
I would agree with this however I also added tried changing the main application.yml
file that should be loaded by default and tried running my application without a set profile. The settings in the application.yml
profile were not pulled in ( changed the uri
attribute to http://localhost:8209
but saw the same error that points to the uri https://localhost:8200
). It seems that it isn't pulling in any configuration settings.
Is there something I have to do to enable this package to pull in the settings in my config files?
Also, I just checked my gradle compileClasspath and it looks like it is using v4.0.1 of the spring-cloud-start-vault-config
package in case you are interested.
There's a thread on profile-specific config files in the Boot issue tracker: https://github.com/spring-projects/spring-boot/issues/26858
While I agree that this is an issue, I am also concerned with my properties not being loaded when there is no profile specified. My settings were not loaded even when they were moved to the application.yml
file.
Thank you for taking the time to look at this issue! I appreciate it
I figured out the issue! I should have been putting my settings in a bootstrap.yml
file as the settings need to be loaded before the application starts up. Sorry for any confusion this may have caused!
Describe the bug I am running vault in a local docker container at http://localhost:8200 and have configured my application to reach out to this container using http, NOT https. However, I see this error when starting up the application:
I/O error on GET request for "https://localhost:8200/v1/secret/application/local": Unsupported or unrecognized SSL message
I will post my configuration file and my docker-compose file below.
I am using the following dependency in my gradle build:
implementation("org.springframework.cloud:spring-cloud-starter-vault-config")
From the error message it looks like spring-cloud-vault-config-4.0.1 and spring-vault-core-3.0.0 are being brought in as transitive dependencies.
Also, I am running this locally using the
local
profileSample application-local.yml:
docker-compose.yml: