Fail to login to Vault using AWS_IAM authenticate with namepsace in Spring Cloud Config Server

spring-projects / spring-vault

Provides familiar Spring abstractions for HashiCorp Vault

https://spring.io/projects/spring-vault

Apache License 2.0

283 stars 186 forks source link

Fail to login to Vault using AWS_IAM authenticate with namepsace in Spring Cloud Config Server #611

Closed ronnie-wan closed 3 years ago

ronnie-wan commented 3 years ago

My organization create namespace for each project. Each namespace can then create auth method such as AWS. This translate the login URL to http(s)://<Vault address>/v1/<Vault namespace>/auth/<path>/login. Alternative, sending the namespace as request header "X-Vault-Namespace". The lack of support of Vault namespace causing login to fail in this scenario.

ronnie-wan commented 3 years ago

The system property spring.cloud.config.server.vault.namespace is set but it is not effective in combination of spring.cloud.config.server.vault.authentication=aws_iam. The same namespace property is working fine without aws_iam authentication and with spring.cloud.config.token provided from client.