You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Starting TX EDC 0.8.0-RC3 in a local environment (based on EDC 0.10.0-20240918-SNAPSHOT, hence main) outputs a hashicorp vault warning both in control-plane and data-plane images when using a static EDC_VAULT_HASHICORP_TOKEN from the environment
Expected Behavior
No Warning, token refresh should work.
Observed Behavior
WARNING 2024-09-27T14:06:12.663937303 [Hashicorp Vault] Initial token look up failed with reason: Failed to look up token with reason: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 1, column: 1]
Since the initial token lookup failed, the guess is that also the refresh does not work.
Steps to Reproduce
Steps to reproduce the behavior:
Run a local vault with a preconfigured token
configure a tractus-x image (also tested with TX EDC 0.7.4 --> EDC 0.7.2 - same problem) against the vault using that token in EDC_VAULT_HASHICORP_TOKEN
start the image and log at the log
Context Information
EDC main/0.10.0-20240918-SNAPSHOT inside of TX EDC 0.8.0-RC3
hashicorp/vault:>1.17.3 as the vault implementation (docker releae "vault" stuck with <=1.13.3 7 months ago - see https://hub.docker.com/_/vault)
OS: MacOS, Orbstack with linux/amd64 rosetta emulation
Detailed Description
The culprit seems to lie in the HashiCorpVaultClient#isTokenRenewable method
The TOKEN_LOOK_UP_SELF_PATH is encoded as "v1%2Fauth%2Ftoken%2Flookup-self" and appended to the vault url.
A call is then made to (local cluster sample) "http://vault:8201/v1%2Fauth%2Ftoken%2Flookup-self". The default hashicorp/vault:latest image answers with "200 OK" from a redirection to "http://vault:8201/ui" and the content will be html, not the expected json response (which shows the seen parsing error/warning).
Possible Implementation
Instead of
var uri = settings.url()
.newBuilder()
.addPathSegment(TOKEN_LOOK_UP_SELF_PATH)
.build();
it rather should be
var uri = settings.url()
.newBuilder()
.addPathSegments(TOKEN_LOOK_UP_SELF_PATH)
.build();
to split the TOKEN_LOOK_UP_SELF_PATH before encoding only the remaining individual segments and not encoding the TOKEN_LOOK_UP_SELF_PATH as a whole.
The text was updated successfully, but these errors were encountered:
* #4508 interpret token self-lookup path as several segments, not a single segment which encodes the path slashes.
* feature: introduce/clone integration test to run against hashicorps BS-Licencesed product.
* fix: stay with static container/test initialization not to risk multiple vault instances. Courtesy of @paullatzelsperger.
* chore: update DEPs
Bug Report
Describe the Bug
Starting TX EDC 0.8.0-RC3 in a local environment (based on EDC 0.10.0-20240918-SNAPSHOT, hence main) outputs a hashicorp vault warning both in control-plane and data-plane images when using a static EDC_VAULT_HASHICORP_TOKEN from the environment
Expected Behavior
No Warning, token refresh should work.
Observed Behavior
WARNING 2024-09-27T14:06:12.663937303 [Hashicorp Vault] Initial token look up failed with reason: Failed to look up token with reason: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: REDACTED (
StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION
disabled); line: 1, column: 1]Since the initial token lookup failed, the guess is that also the refresh does not work.
Steps to Reproduce
Steps to reproduce the behavior:
Context Information
Detailed Description
The culprit seems to lie in the HashiCorpVaultClient#isTokenRenewable method
Connector/extensions/common/vault/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/client/HashicorpVaultClient.java
Line 124 in 067ded3
especially when compared to the renewToken implementation
Connector/extensions/common/vault/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/client/HashicorpVaultClient.java
Line 161 in 067ded3
The TOKEN_LOOK_UP_SELF_PATH is encoded as "v1%2Fauth%2Ftoken%2Flookup-self" and appended to the vault url.
A call is then made to (local cluster sample) "http://vault:8201/v1%2Fauth%2Ftoken%2Flookup-self". The default hashicorp/vault:latest image answers with "200 OK" from a redirection to "http://vault:8201/ui" and the content will be html, not the expected json response (which shows the seen parsing error/warning).
Possible Implementation
Instead of
it rather should be
to split the TOKEN_LOOK_UP_SELF_PATH before encoding only the remaining individual segments and not encoding the TOKEN_LOOK_UP_SELF_PATH as a whole.
The text was updated successfully, but these errors were encountered: