问题描述
有人知道如何配置bootstrap.yml来告诉Spring Cloud Vault转到k2 v2的正确路径,而不先尝试其他路径吗?
Does anyone know how to configure bootstrap.yml to tell Spring Cloud Vault to go to the correct path for k2 v2 and not try other paths first?
我可以成功地连接到运行k2 v2的保管库,但是Spring Cloud将始终尝试连接到保管库中不存在的路径,并在启动时抛出403.
I can successfully connect to my Vault, running k2 v2, but Spring Cloud will always try to connect to paths in the vault that don't exist, throwing a 403 on startup.
Status 403 Forbidden [secret/application]: permission denied; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden
上面的路径secret/application不存在,因为k2 v2将data放在路径中.例如:secret/data/application.
The above path, secret/application, doesn't exist because k2 v2 puts data in the path. For example: secret/data/application.
这不是停止显示的方法,因为Spring Cloud Vault 确实会检查其他路径,包括路径中带有data项的正确路径,但实际上会抛出无意义的403在启动过程中,就像是我脑海中的碎片.
This isn't a show-stopper because Spring Cloud Vault does check other paths, including the correct one that has the data item in the path, but the fact a meaningless 403 is thrown during startup is like a splinter in my mind.
最终,它会尝试正确的k2 v2路径
2019-03-18 12:22:46.611 INFO 77685 --- [ restartedMain] b.c.PropertySourceBootstrapConfiguration : Located property source: CompositePropertySource {name='vault', propertySources=[LeaseAwareVaultPropertySource {name='secret/data/my-app'}
我的配置
spring.cloud.vault:
kv:
enabled: true
backend: secret
profile-separator: '/'
default-context: my-app
application-name: my-app
host: localhost
port: 8200
scheme: http
authentication: TOKEN
token: my-crazy-long-token-string
感谢您的帮助!
推荐答案
在bootstrap.yml中添加以下行,这将禁用通用后端
Add the following lines in your bootstrap.yml, this disables the generic backend
spring.cloud.vault:
generic:
enabled: false
更多信息 https://cloud.spring.io/spring-cloud-vault/reference/html/#vault.config.backends.generic
这篇关于带有k2 v2的Spring Cloud Vault-如何在启动时避免403?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!