-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hashicorp Vault component #1348
Comments
I think you need to configure Hashicorp Vault Property Function |
Shouldn't these properties be set from the UI itself ? I have set them except for secretPath but I faced that error: so I tried setting the below property: but it also failed with:
@mgubaidullin so please let me know how to specify the secretPath |
Secret properties function is a thing, the producer methods are a different thing. If you use secret path, you need to set an header. When you set camel.vault.hashicorp.* properties you're setting up the secret properties function. The function will resolve parameters for you inside a route with the following syntax {{hashicorp:engine:secretname}} |
@oscerd can you share with me if is there a default name for the header that hashicorp component supports and uses to set the secretPath ? |
It is CamelHashicorpVaultSecretPath |
@samar-elsayed you can always find component headers in the property panel |
While trying with Karavan vscode 4.7.0, I found that
|
There is no engine property in 4.7. it's now part of the syntax in the
expression {{hashicorp:engine:secretname}}
Il ven 23 ago 2024, 14:44 Samar Elsayed ***@***.***> ha
scritto:
… @mgubaidullin <https://github.com/mgubaidullin>
While trying with Karavan vscode *4.7.0,* I found that camel.vault.hashicorp.engine
is not recognized and the below error happens although I didn't face this
issue while using *4.6.0*
org.apache.camel.PropertyBindingException: Error binding property
(camel.vault.hashicorp.engine=secret) with name: engine on bean:
***@***.*** with value:
secret
—
Reply to this email directly, view it on GitHub
<#1348 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABG6XVYBFB6AFDC5Z6OJ5A3ZS4VB3AVCNFSM6AAAAABL7ZECTGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMBXGAYTOOJRG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@oscerd could you give me an example to log a value of a secret ? for instance, I have a secret that is located in that path main/test/apiKey I have tried to use the below but it just prints main/test/apiKey literally
|
Do you have hashicorp vault component in your classpath? Because otherwise it won't resolve anything. |
@oscerd yes I have it already inside my karavan project I noticed while apache camel was connecting to vault, I found hashicorp-vault component adds the following but at my company we are using v2 secret engine so I think the issue may be related to the secret engine version |
I think we need to revisit this and check compatibility with v1 and v2 |
@oscerd I got a chance to try this with v1 but I faced the below error
|
It's impossible to say without knowing the configuration of the vault and how you configured the properties. |
@oscerd you mean the properties I have configured for vault component ? or the configuration we have for the vault instance itself? and if it is the latter then which part of the vault instance configuration is needed for troubleshooting? |
Can you try to enable debug logging level and see what happens? |
With the debug log level, you should be able to see a bit better what is happening. |
@oscerd well I was not able to simulate the last issue I shared here again but I am back to the first issue I faced which is not being able to get the value of the fields under /onlineMidTakseet/test?version=1 ( I have 2 fields (key=value) under this path and I want to at least get one of them ) so can you please help me to just get the field value from the vault ? |
It should be something like {{hashicorp-vault:secret:onlineMidTakseet/test:<key_name>@1}} |
@oscerd still the same result I cant get its value the log step only give me the below |
well, the call seems to be done, I really have a no idea. The function is working in the local tests and even by testing through Kamelet. I cannot reproduce. |
In this case, I will need to use k8 secrets the normal way and exclude hashicorp-vault for now until a further solution is available Thanks @oscerd for following up with me |
The solution is working in 4.7.0, there are no further solutions to be find, I cannot access your environment so I cannot really reproduce. |
I can try to setup a route with pure Kamelets and an Hashicorp Vault docker image to show it will log the secret if you want. |
@oscerd I am using 4.7.0 I have shared here the vault config as a last resort |
I'll try with v2 and see, maybe it's because of that. |
I found the time to reproduce. Essentially the problem is with the secret path. The Hashicorp properties function is not able to distinguish between the slash for the subkey and the slash in your secret path. So if you something like onlineMidTakseet as path and not onlineMidTaskseet/test it will work. This is because the last slash should represent the separator to dive into the secret value and get a key. So what is happening is that the function is looking for secret onlineMidTakseet with key apiKey while the secret is onlineMidTakseet/test. We can work on improving this or add a note about this. |
Hmm ok so it is not related the kv version right? I hope you can improve it since in my team we need to use / to separate and organize multiple environments secret per application name |
No, it has nothing to do with engine version. For sure this won't go in 4.8.0, the Camel release will be during the weekend and there is no time. |
Thinking about it, it's also hard to implement because if the slash is used to determine where the secret path ends and the after slash is the subkey, you'll never know if you are looking for a full key or a particular field of the secret. Even without investigating, this is not really possible, unless we change the syntax. |
This is now supported and it will be available in 4.9.0 |
Great! |
Describe the bug
I have tried to add a vault component as shown below :
but once I run Jbang run, it gives me the following error
Steps to reproduce the behavior
as mentioned above
Variant
Vs Code Extension
Container Management (if applicable)
None
Operating System (if applicable)
Windows
Version
4.6.0
Relevant log output
No response
The text was updated successfully, but these errors were encountered: