0

我正在尝试以编程方式从 Hashi Vault (v1.5.5) 获取数据,但无论我如何尝试发送 Vault API 请求(通过 spring boot webclient,通过 spring.vault 模板),都会收到 HTTP 503 错误。当我检查保险库的状态时,它已初始化并已启封。在 Vault UI 中,我可以查看要访问的数据。当我使用 curl(见下文)时,我可以获取数据。当我使用 cli 进行保管库时,我可以获取数据。

从我看到的所有示例中,这很容易,但我想知道我是否以编程方式遗漏了一些东西......假设......就像,我的代码必须发出自己的请求来解封 Vault?为了消除身份验证/权限问题,我使用了根令牌。我真的很感激任何建议或想法,因为我已经用完了它们!感谢您对我的问题的时间和兴趣。

vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.5.5
Cluster Name    vault-cluster-435e5f26
Cluster ID      c1b269b8-4a9a-5e9c-e468-85e2e55eb261
HA Enabled      true
HA Cluster      https://192.168.0.3:8201
HA Mode         active

vault kv list csc/tenants
Keys
----
dev:111122223333444422221111
abc:111111111159999999999999
def:1234asdf1234asdf1324asdf

curl --location \
-H "X-Vault-Request:true" \
-H "X-Vault-Token:${VAULT_TOKEN}" \
--request GET "${VAULT_ADDR}/v1/csc/metadata/tenants?list=true" | jq
{
  "request_id": "ba228321-5b99-40f1-69f2-5b8122bc47df",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "keys": [
      "dev:111122223333444422221111",
      "abc:111111111159999999999999",
      "def:1234asdf1234asdf1324asdf"
    ]
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}

// Here is the webflux.fn code that returns 503...
val wc = WebClient
  .builder()
  .baseUrl("http://localhost:8200")
  .defaultHeaders { httpHeaders: HttpHeaders ->
      httpHeaders.set("X-Vault-Request", "true")
      httpHeaders.set("X-Vault-Token", "s.888888888855111111111111")
      HttpHeaders.CONTENT_TYPE
      MediaType.APPLICATION_JSON_VALUE
  }.build()

val res = wc
  .get()
  .uri("/v1/csc/metadata/tenants?list=true")
  .retrieve()
  .bodyToFlux(VaultKvSecretResponse::class.java)
  .map {
      println(it.data.keys.first())
  }
  .subscribe()

// Here is the Spring Vault code that returns 503...
@Configuration
class AppConfig2 : AbstractVaultConfiguration() {
  override fun vaultEndpoint(): VaultEndpoint = VaultEndpoint.from(URI(environment.getRequiredProperty("VAULT_ADDR"))
  override fun clientAuthentication(): ClientAuthentication = TokenAuthentication(environment.getRequiredProperty("VAULT_TOKEN"))
}

@SpringBootApplication
class SbcloudApplication(
  private val environment: Environment,
  private val vaultTemplate: VaultTemplate
) : CommandLineRunner {
    val result = vaultTemplate.list("http://localhost:8200/v1/csc/metadata/data/tenants")
}
4

0 回答 0