Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Hashicorp Vault integration stopped working in 2.4.0
See original GitHub issueDescribe the bug
Our application has a Rest-Client defined with @RegisterRestClient(configKey = "aclient"), and config
aclient/mp-rest/url=https://somethi.ng
Most of the config lives is Hashicorp Vault when not running locally. When upgrading to 2.4.0/.1 startup fails with
Caused by: java.lang.IllegalArgumentException: Unable to determine the proper baseUrl/baseUri. Consider registering using @RegisterRestClient(baseUri="someuri"), @RegisterRestClient(configKey="orkey"), or by adding 'quarkus.rest-con
fig."aclient".url' or 'quarkus.rest-config."aclient".uri' to your Quarkus configuration
Changing the config key to quarkus.rest-config."aclient".url, quarkus.rest-config.aclient.url, quarkus.rest-client.aclient.url has no effect.
Looking at RestClientBase between 2.3.1 and 2.4.1 we see that handling of config is changed from ConfigProvider.getConfig().getOptionalValue(property, class) to RestClientsConfig.
My hypothesis is that the code that set RestClientsConfig.configs (code generated by RunTimeConfigurationGenerator?) uses ConfigSource.getPropertyNames(), and VaultConfigSource return empty set for both getProperties and getPropertyNames().
When setting breakpoint (java field breakpoint in Intellij) we see that the config from Vault loaded.
The same behaviour is seen with quarkus-micrometer-registry-influx.
Expected behavior
All config from Vault is used as if defined in application.properties.
Actual behavior
Config values stored in Vault is not used, application crash with message that they are mssing.
How to Reproduce?
- Combine guides for rest-client and vault: quarkus-vault-rest-client reproducer.
- Follow the steps for initializing the local Vault container.
-
docker run --rm --cap-add=IPC_LOCK -e VAULT_ADDR=http://localhost:8200 -p 8200:8200 --name=dev-vault vault:1.6.0(Terminal A) -
docker exec -it dev-vault sh(in new terminal B) -
export VAULT_TOKEN=$Root Token FROM terminal A(in terminal B) -
vault kv put secret/myapps/vault-quickstart/config a-private-key=123456(in terminal B) -
cat <<EOF | vault policy write vault-quickstart-policy - path "secret/data/myapps/vault-quickstart/*" { capabilities = ["read"] } EOF -
vault auth enable userpass vault write auth/userpass/users/bob password=sinclair policies=vault-quickstart-policy -
Login to http://localhost:8200 with $Root Token FROM terminal A and add secrets in myapps/vault-quickstart/ (use do it in terminal B)
-
Downgrading to Quarkus 2.3.1 will make the application work as expected.
Output of uname -a or ver
N/A
Output of java -version
11, 17
GraalVM version (if different from Java)
No response
Quarkus version or git rev
2.4.1
Build tool (ie. output of mvnw --version or gradlew --version)
mvn 3.8.3
Additional information
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
As a workaround, adding the properties in another source (application.properties) with empty values should work. This will list the properties in
getPropertyNames()and on value lookup, it will retrieve the one from Vault because it has an higher ordinal.In the meanwhile, we will fix this. Sorry for the inconvenience.
Great!