我试图通过动态创建具有使用限制、策略和 ttl 的令牌来访问 Cubbyhole 引擎的秘密。但是我遇到了例外:
org.springframework.vault.authentication.VaultLoginException: Cannot login using Cubbyhole: 1 error occurred:
* missing path
以下是代码。任何形式的帮助都将不胜感激。
配置
@Configuration
public class VaultConfig extends AbstractVaultConfiguration {
public static VaultEndpoint vaultEndpoint;
private static RestOperations restOperations;
private static VaultTemplate vaultTemplate;
@EventListener(ApplicationReadyEvent.class)
public void init() {
VaultConfig.restOperations = restOperations();
VaultConfig.vaultEndpoint = vaultEndpoint();
VaultConfig.vaultTemplate = vaultTemplate();
}
@Override
public VaultEndpoint vaultEndpoint() {
VaultEndpoint vaultEndpoint = VaultEndpoint.create("localhost", 8200);
vaultEndpoint.setScheme("http");
return vaultEndpoint;
}
@Override
public ClientAuthentication clientAuthentication() {
return new TokenAuthentication("mytoken");
}
public static CubbyholeAuthentication getCubbyholeAuthentication() {
List<String> policies = Arrays.asList("default", "cubbyhole-policy");
VaultTokenRequest tokenRequest = VaultTokenRequest.builder()
.ttl(120, TimeUnit.MINUTES)
.numUses(2)
.policies(policies)
.renewable(false)
.build();
VaultTokenResponse vaultTokenResponse = VaultConfig.vaultTemplate.opsForToken().create(tokenRequest);
CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder()
.initialToken(vaultTokenResponse.getToken())
.path("secrets/")
.build();
return new CubbyholeAuthentication(options, VaultConfig.restOperations);
}
}
服务
@Service
public class CubbyHoleService {
@EventListener(ApplicationReadyEvent.class)
public void cubbyHoleTest() {
VaultTemplate vaultTemplate = new VaultTemplate(VaultConfig.vaultEndpoint, VaultConfig.getCubbyholeAuthentication());
VaultKeyValueOperations vaultKeyValueOperations = vaultTemplate.opsForKeyValue("cubbyhole/", KV_2);
VaultResponseSupport<Secrets> responseSupport = vaultKeyValueOperations.get("my_confidential", Secrets.class);
if (responseSupport == null) {
System.out.println("CubbyHole Data not found");
return;
}
System.out.println("CubbyHole Data found");
Secrets secrets = responseSupport.getData();
System.out.println(secrets.toString());
}
}
POJO的秘密
@Data
@AllArgsConstructor
@NoArgsConstructor
public class Secrets {
private String key;
private String value;
}
完整的堆栈跟踪
org.springframework.vault.authentication.VaultLoginException: Cannot login using Cubbyhole: 1 error occurred:
* missing path
at org.springframework.vault.authentication.VaultLoginException.create(VaultLoginException.java:61) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.authentication.CubbyholeAuthentication.lookupToken(CubbyholeAuthentication.java:218) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.authentication.CubbyholeAuthentication.login(CubbyholeAuthentication.java:185) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.authentication.SimpleSessionManager.getSessionToken(SimpleSessionManager.java:61) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultTemplate.lambda$getSessionInterceptor$1(VaultTemplate.java:253) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:87) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.vault.client.RestTemplateBuilder.lambda$createTemplate$4(RestTemplateBuilder.java:239) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:87) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.vault.client.VaultClients.lambda$createRestTemplate$0(VaultClients.java:117) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:87) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:71) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:862) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:764) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:675) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.vault.core.VaultKeyValueAccessor.lambda$doRead$1(VaultKeyValueAccessor.java:133) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValueAccessor.lambda$doRead$2(VaultKeyValueAccessor.java:166) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:448) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:163) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:132) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:107) ~[spring-vault-core-3.0.2.jar:3.0.2]
at org.springframework.vault.core.VaultKeyValue2Template.get(VaultKeyValue2Template.java:80) ~[spring-vault-core-3.0.2.jar:3.0.2]
at com.samim.SpringVaultPrac.service.CubbyHoleService.cubbyHoleTest(CubbyHoleService.java:21) ~[classes/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:348) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:233) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:165) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:174) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:167) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:145) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:445) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:378) ~[spring-context-6.0.13.jar:6.0.13]
at org.springframework.boot.context.event.EventPublishingRunListener.ready(EventPublishingRunListener.java:109) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplicationRunListeners.lambda$ready$6(SpringApplicationRunListeners.java:80) ~[spring-boot-3.1.5.jar:3.1.5]
at java.base/java.lang.Iterable.forEach(Iterable.java:75) ~[na:na]
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:118) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:112) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplicationRunListeners.ready(SpringApplicationRunListeners.java:80) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:335) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) ~[spring-boot-3.1.5.jar:3.1.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1295) ~[spring-boot-3.1.5.jar:3.1.5]
at com.samim.SpringVaultPrac.SpringVaultPracApplication.main(SpringVaultPracApplication.java:10) ~[classes/:na]
Caused by: org.springframework.web.client.HttpServerErrorException$InternalServerError: 500 Internal Server Error: "{"errors":["1 error occurred:\n\t* missing path\n\n"]}<EOL>"
at org.springframework.web.client.HttpServerErrorException.create(HttpServerErrorException.java:102) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:186) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:137) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:915) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:864) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:764) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:646) ~[spring-web-6.0.13.jar:6.0.13]
at org.springframework.vault.authentication.CubbyholeAuthentication.lookupToken(CubbyholeAuthentication.java:210) ~[spring-vault-core-3.0.2.jar:3.0.2]
... 44 common frames omitted
我猜你发送的路径错误。
假设您想从
my_confidential
获取秘密,然后将代码更新为:
CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder()
.initialToken(vaultTokenResponse.getToken())
.path("cubbyhole/my_confidential")
.build();
将服务更新为此:
@Service
public class CubbyHoleService {
@EventListener(ApplicationReadyEvent.class)
public void cubbyHoleTest() {
VaultTemplate vaultTemplate = new VaultTemplate(VaultConfig.vaultEndpoint, VaultConfig.getCubbyholeAuthentication());
VaultKeyValueOperations vaultKeyValueOperations = vaultTemplate.opsForKeyValue("cubbyhole/my_confidential", KV_2);
VaultResponseSupport<Secrets> responseSupport = vaultKeyValueOperations.get("my_confidential", Secrets.class);
if (responseSupport == null) {
System.out.println("CubbyHole Data not found");
return;
}
System.out.println("CubbyHole Data found");
Secrets secrets = responseSupport.getData();
System.out.println(secrets.toString());
}
}