Spring Cloud Vault With k2 v2 - How to Avoid 403 at Startup?

不羁的心 提交于 2020-02-25 03:57:07

问题


Problem

Does anyone know how to configure bootstrap.yml to tell Spring Cloud Vault to go to the correct path for k2 v2 and not try other paths first?

Details

I can successfully connect to my Vault, running k2 v2, but Spring Cloud will always try to connect to paths in the vault that don't exist, throwing a 403 on startup.

Status 403 Forbidden [secret/application]: permission denied; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden

The above path, secret/application, doesn't exist because k2 v2 puts data in the path. For example: secret/data/application.

This isn't a show-stopper because Spring Cloud Vault does check other paths, including the correct one that has the data item in the path, but the fact a meaningless 403 is thrown during startup is like a splinter in my mind.

Ultimately, it does try the correct k2 v2 path

2019-03-18 12:22:46.611  INFO 77685 --- [  restartedMain] b.c.PropertySourceBootstrapConfiguration : Located property source: CompositePropertySource {name='vault', propertySources=[LeaseAwareVaultPropertySource {name='secret/data/my-app'}

My configuration

    spring.cloud.vault:
      kv:
        enabled: true
        backend: secret
        profile-separator: '/'
        default-context: my-app
        application-name: my-app
      host: localhost
      port: 8200
      scheme: http
      authentication: TOKEN
      token: my-crazy-long-token-string

Thanks for your help!


回答1:


Add the following lines in your bootstrap.yml, this disables the generic backend

spring.cloud.vault:
  generic:
    enabled: false

for more information https://cloud.spring.io/spring-cloud-vault/reference/html/#vault.config.backends.generic



来源:https://stackoverflow.com/questions/55226030/spring-cloud-vault-with-k2-v2-how-to-avoid-403-at-startup

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!