DaspawnW/vault-crd

vault-crd seems to have issues reading vault 0.10.0's response

Closed this issue · 4 comments

McSlow commented

Hi,
we're currently having some issues getting vault-crd to work, the java container throws the following error:

org.springframework.web.client.RestClientException: Error while extracting response for type [class de.koudingspawn.vault.vault.impl.pki.PKIResponse] and content type [application/json]; nest
ed exception is org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token; nested except
ion is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token
 at [Source: (PushbackInputStream); line: 1, column: 124] (through reference chain: de.koudingspawn.vault.vault.impl.pki.PKIResponse["data"]->de.koudingspawn.vault.vault.impl.pki.VaultRespons
eData["ca_chain"])
        at org.springframework.web.client.HttpMessageConverterExtractor.extractData(HttpMessageConverterExtractor.java:115) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
        at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:732) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
        at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:686) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
        at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:437) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
        at de.koudingspawn.vault.vault.VaultCommunication.createPki(VaultCommunication.java:41) ~[classes!/:0.0.1-SNAPSHOT]

thats our input object:

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
  name: test-pki
spec:
  path: "pki_exampe/issue/vaultcrdrole"
  type: "PKI"
  pkiConfiguration:
    commonName: "kaese.example.de"
    ttl: "7h"

Vault roles/policys are configured accordingly and a manual vault write using the token generated with this policy and the path above returns the set of certs.
Any ideas what this could be?

btw: vault itself issues the cert perfectly and you can get it from vault afterwards ( at least the public part :) ) but the response from vault seems to irritate vault-crd somehow.

best regards,
Bjoern

DaspawnW commented

Hi Björn,

are you using an intermediate certificate chain?
I expected that the intermediate certificate chain "ca_chain" is a string, but I think it isn't.

I'll implement a fix.

Thanks for your feedback :-)
Best regards,
Björn

McSlow commented

HI,
thanks for the fast response - and yes - it is an intermediate :)

regards,
Bjoern

DaspawnW commented

Hi Björn,

bug is fixed!
The new Docker image will be build now and is available in few minutes: https://hub.docker.com/r/daspawnw/vault-crd/

Best regards,
Björn

  • 👍1
McSlow commented

Thanks, that did it. Working like a charm now.