Excessively number of calls made by spring-cloud-vault
See original GitHub issueHi, im using spring-cloud-vault to retrieve secrets from hashicorp vault, everything works fine, but i tought that spring-cloud-vault makes the calls only when the application starts, but when i enabled the debug mode, i can see it keeps making a lot of calls and it affects the application, some of the connection gets shutdown and it have a huge impact on the network traffic.
This is how it is intended to work or its a bug?
here is my configuration:
spring.cloud.vault.generic.enabled=true
spring.cloud.vault.generic.backend=kv
spring.cloud.vault.token={token}
spring.cloud.vault.authentication=TOKEN
spring.cloud.vault.namespace={namespace}
spring.cloud.vault.uri={URL}
spring.cloud.vault.application-name={Application}
spring.cloud.vault.ssl.trust-store=classpath:keystore.jks
spring.cloud.vault.ssl.trust-store-password=changeit
//increased the values for testing
spring.cloud.vault.connection-timeout=1000000
spring.cloud.vault.read-timeout=1000000
spring.cloud.vault.config.order=-10
and here my log entries
2020-03-05 17:43:55 [main] INFO o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.1.0.Final}
2020-03-05 17:43:58 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 17:43:58 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 17:43:59 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 17:43:59 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 17:44:09 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 17:44:09 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 17:44:09 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 17:44:09 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 17:44:19 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 17:44:19 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 17:44:20 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 17:44:20 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 17:44:30 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 17:44:30 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 17:44:30 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 17:44:30 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 17:44:37 [main] WARN o.h.e.j.e.i.JdbcEnvironmentInitiator - HHH000342: Could not obtain connection to query metadata : IO Error: The Network Adapter could not establish the connection
2020-03-05 17:44:37 [main] WARN o.s.b.w.s.c.AnnotationConfigServletWebServerApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException:
As you can see it making a lot of calls to the same url consecutive. if it is working as intended, we should have a option to disabled it or set an interval on when spring-cloud vault should refresh those secrets.
and even when the application starts it keeps making a lot of calls:
2020-03-05 18:09:53 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8082"]
2020-03-05 18:09:53 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8082 (http) with context path '/application'
2020-03-05 18:09:54 [main] INFO c.e.e.t.a.w.application - Started application in 78.233 seconds (JVM running for 79.392)
2020-03-05 18:09:59 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 18:09:59 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 18:09:59 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 18:09:59 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 18:10:09 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 18:10:09 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 18:10:10 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 18:10:10 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 18:10:20 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 18:10:20 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 18:10:20 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 18:10:20 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 18:10:30 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 18:10:30 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 18:10:31 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 18:10:31 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 18:10:41 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 18:10:41 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 18:10:41 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Response 200 OK
2020-03-05 18:10:41 [Spring-Cloud-Vault-1] DEBUG o.s.web.client.RestTemplate - Reading to [org.springframework.vault.support.VaultResponse]
2020-03-05 18:10:51 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - HTTP GET https://vault:443/v1/kv/data/secrets
2020-03-05 18:10:51 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Accept=[application/json, application/*+json]
2020-03-05 18:10:52 [Spring-Cloud-Vault-2] DEBUG o.s.web.client.RestTemplate - Response 200 OK
Issue Analytics
- State:
- Created 4 years ago
- Comments:9 (6 by maintainers)
Top GitHub Comments
Thanks a lot, @stefanocke. That’s a Spring Vault issue. I created spring-projects/spring-vault#601 to fix that issue.
@mp911de Steps to reproduce:
Download the Spring Initializer App with Spring MVC and Vault Config and unzip
https://start.spring.io/#!type=maven-project&language=java&platformVersion=2.3.5.RELEASE&packaging=jar&jvmVersion=11&groupId=com.example&artifactId=vault-gh391&name=vault-gh391&description=Demo project for https%3A%2F%2Fgithub.com%2Fspring-cloud%2Fspring-cloud-vault%2Fissues%2F391&packageName=com.example.vault-gh391&dependencies=cloud-starter-vault-config,web
If you need, please change from maven to gradle.
Install vault and start vault in dev mode
vault server -dev
Run the following script within the demo app directory But at first, insert your vault root token.
Observe the log You will see, that secret/application is renewed every 10 seconds: