Using Spring Vault 2.1.2 and I cannot upgrade. I am configuring an AbstractReactiveVaultConfiguration to use KubernetesAuthentication.
@Configuration
public class VaultConfiguration extends AbstractReactiveVaultConfiguration {
@Value("${my.vault.endpoint.url}")
private URI vaultEndpointURL;
@Override
public VaultEndpoint vaultEndpoint() {
return VaultEndpoint.from(vaultEndpointURL);
}
@Override
public ClientAuthentication clientAuthentication() {
KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions.builder()
.role("myRole").path("foo/bar").build();
return new KubernetesAuthentication(options, restOperations());
}
}
This is producing:
org.springframework.vault.authentication.VaultLoginException: Cannot retrieve VaultToken from authentication chain; nested exception is org.springframework.web.reactive.function.client.WebClientResponseException$BadRequest: 400 Bad Request
With sufficient logging, I have discovered that it is attempting to post to:
POST /v1/auth/foo%2Fbar/login
What is escaping the configured path of "foo/bar" and how can this be avoided?
It is the problem with latest release 2.2.1.RELEASE. of spring-vault.
It has been fixed now. Yet to release the new version.
Refer the bug and fix here
Reason for the bug:
Previously, we were sending two arguments to login method. .login("auth/{mount}/login", options.getPath());. Inside login method, this arguments will be given to HttpRequestBuilder.post(uriTemplate, uriVariables) which was converting the / to %2F
Currently, we are sending one one argument AuthenticationUtil.getLoginPath(options.getPath()) this will not convert the / to %2F.
We can raise this issue to spring-vault and ask them to release the next version.