无法访问 Hashicorp Vault Cubbyhole 的秘密 |春季启动
问题描述 投票:0回答:1
我试图通过动态创建具有使用限制、策略和 ttl 的令牌来访问 Cubbyhole 引擎的秘密。但是我遇到了例外:
org.springframework.vault.authentication.VaultLoginException: Cannot login using Cubbyhole: 1 error occurred:
* missing path
这是我金库中的秘密:
以下是代码。任何形式的帮助都将不胜感激。
配置
@Configuration
public class VaultConfig extends AbstractVaultConfiguration {
public static VaultEndpoint vaultEndpoint;
private static RestOperations restOperations;
private static VaultTemplate vaultTemplate;
@EventListener(ApplicationReadyEvent.class)
public void init() {
VaultConfig.restOperations = restOperations();
VaultConfig.vaultEndpoint = vaultEndpoint();
VaultConfig.vaultTemplate = vaultTemplate();
}
@Override
public VaultEndpoint vaultEndpoint() {
VaultEndpoint vaultEndpoint = VaultEndpoint.create("localhost", 8200);
vaultEndpoint.setScheme("http");
return vaultEndpoint;
}
@Override
public ClientAuthentication clientAuthentication() {
return new TokenAuthentication("mytoken");
}
public static CubbyholeAuthentication getCubbyholeAuthentication() {
List<String> policies = Arrays.asList("default", "cubbyhole-policy");
VaultTokenRequest tokenRequest = VaultTokenRequest.builder()
.ttl(120, TimeUnit.MINUTES)
.numUses(2)
.policies(policies)
.renewable(false)
.build();
VaultTokenResponse vaultTokenResponse = VaultConfig.vaultTemplate.opsForToken().create(tokenRequest);
CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder()
.initialToken(vaultTokenResponse.getToken())
.path("secrets/")
.build();
return new CubbyholeAuthentication(options, VaultConfig.restOperations);
}
}
服务
@Service
public class CubbyHoleService {
@EventListener(ApplicationReadyEvent.class)
public void cubbyHoleTest() {
VaultTemplate vaultTemplate = new VaultTemplate(VaultConfig.vaultEndpoint, VaultConfig.getCubbyholeAuthentication());
VaultKeyValueOperations vaultKeyValueOperations = vaultTemplate.opsForKeyValue("cubbyhole/", KV_2);
VaultResponseSupport<Secrets> responseSupport = vaultKeyValueOperations.get("my_confidential", Secrets.class);
if (responseSupport == null) {
System.out.println("CubbyHole Data not found");
return;
}
System.out.println("CubbyHole Data found");
Secrets secrets = responseSupport.getData();
System.out.println(secrets.toString());
}
}
POJO的秘密
@Data
@AllArgsConstructor
@NoArgsConstructor
public class Secrets {
private String key;
private String value;
}
完整的堆栈跟踪
org.springframework.vault.authentication.VaultLoginException: Cannot login using Cubbyhole: 1 error occurred:
* missing path
at org.springframework.vault.authentication.VaultLoginException.create(VaultLoginException.java:61) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.authentication.CubbyholeAuthentication.lookupToken(CubbyholeAuthentication.java:218) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.authentication.CubbyholeAuthentication.login(CubbyholeAuthentication.java:185) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.authentication.SimpleSessionManager.getSessionToken(SimpleSessionManager.java:61) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultTemplate.lambda$getSessionInterceptor$1(VaultTemplate.java:253) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:87) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.vault.client.RestTemplateBuilder.lambda$createTemplate$4(RestTemplateBuilder.java:239) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:87) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.vault.client.VaultClients.lambda$createRestTemplate$0(VaultClients.java:117) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:87) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:71) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:862) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:764) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:675) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.vault.core.VaultKeyValueAccessor.lambda$doRead$1(VaultKeyValueAccessor.java:133) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValueAccessor.lambda$doRead$2(VaultKeyValueAccessor.java:166) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:448) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:163) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:132) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:107) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValue2Template.get(VaultKeyValue2Template.java:80) ~[spring-vault-core-3.0.2.jar:3.0.2]
at com.samim.SpringVaultPrac.service.CubbyHoleService.cubbyHoleTest(CubbyHoleService.java:21) ~[classes/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:348) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:233) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:165) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:174) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:167) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:145) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:445) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:378) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.boot.context.event.EventPublishingRunListener.ready(EventPublishingRunListener.java:109) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplicationRunListeners.lambda$ready$6(SpringApplicationRunListeners.java:80) ~[spring-boot-3.1.5.jar:3.1.5]
at java.base/java.lang.Iterable.forEach(Iterable.java:75) ~[na:na]
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:118) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:112) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplicationRunListeners.ready(SpringApplicationRunListeners.java:80) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:335) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1295) ~[spring-boot-3.1.5.jar:3.1.5]
at com.samim.SpringVaultPrac.SpringVaultPracApplication.main(SpringVaultPracApplication.java:10) ~[classes/:na]
Caused by: org.springframework.web.client.HttpServerErrorException$InternalServerError: 500 Internal Server Error: "{"errors":["1 error occurred:\n\t* missing path\n\n"]}<EOL>"
at org.springframework.web.client.HttpServerErrorException.create(HttpServerErrorException.java:102) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:186) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:137) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:915) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:864) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:764) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:646) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.vault.authentication.CubbyholeAuthentication.lookupToken(CubbyholeAuthentication.java:210) ~[spring-vault-core-3.0.2.jar:3.0.2]
... 44 common frames omitted
1个回答
0
投票
投票
我猜你发送的路径错误。
假设您想从
my_confidential CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder()
.initialToken(vaultTokenResponse.getToken())
.path("cubbyhole/my_confidential")
.build();
将服务更新为此:
@Service
public class CubbyHoleService {
@EventListener(ApplicationReadyEvent.class)
public void cubbyHoleTest() {
VaultTemplate vaultTemplate = new VaultTemplate(VaultConfig.vaultEndpoint, VaultConfig.getCubbyholeAuthentication());
VaultKeyValueOperations vaultKeyValueOperations = vaultTemplate.opsForKeyValue("cubbyhole/my_confidential", KV_2);
VaultResponseSupport<Secrets> responseSupport = vaultKeyValueOperations.get("my_confidential", Secrets.class);
if (responseSupport == null) {
System.out.println("CubbyHole Data not found");
return;
}
System.out.println("CubbyHole Data found");
Secrets secrets = responseSupport.getData();
System.out.println(secrets.toString());
}
}
最新问题
- 通过 ProxyCommand 使用 SSH 代理时的动态主机名
- SQL注入语法[已关闭]
- 如何让图像填满屏幕并在 SwiftUI 中居中
- Tailwind/Nuxt 问题 - 元素之间的内联空间丢失
- 在 PostgreSQL 中,Null 是否为 TIMESTAMP 数据类型节省空间?
- 什么是异常处理个性功能?
- 具有位置的 Div:绝对由同级 div 的边距移动
- <column_name> 不包含在聚合函数或 GROUP BY 子句中。 (8120)
- 调试iOS应用时如何查看App Group Shared Container目录的内容?
- 迁移到 Expo 后 Java 运行时错误:无法传递结果
- 机器人框架/Selenium 脚本无法在 Salesforce 页面上执行 Javascript
- 如何让Windows在失败时重新启动.net服务
- 检测哪个图像更清晰
- 如何制作 SqlAlchemy 来生成有效的 MS SQL Server 查询?
- 如何在本地添加SDL2头文件和lib到项目中?
- HashiCorp Vault 租赁和令牌访问器有什么区别?
- NSKeyedUnarchiver unarchivedObject:键“NS.objects”的值属于意外类别
- FIlter 函数替代在 Excel 中创建列表
- AWS amplify 无法识别 vite React NX monorepo
- 将租户留在 Azure 门户中而不登录其[已关闭]
© www.soinside.com 2019 - 2024. All rights reserved.