vault-crd seems to have issues reading vault 0.10.0's response
Closed this issue · 4 comments
Hi,
we're currently having some issues getting vault-crd to work, the java container throws the following error:
org.springframework.web.client.RestClientException: Error while extracting response for type [class de.koudingspawn.vault.vault.impl.pki.PKIResponse] and content type [application/json]; nest
ed exception is org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token; nested except
ion is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token
at [Source: (PushbackInputStream); line: 1, column: 124] (through reference chain: de.koudingspawn.vault.vault.impl.pki.PKIResponse["data"]->de.koudingspawn.vault.vault.impl.pki.VaultRespons
eData["ca_chain"])
at org.springframework.web.client.HttpMessageConverterExtractor.extractData(HttpMessageConverterExtractor.java:115) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:732) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:686) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:437) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at de.koudingspawn.vault.vault.VaultCommunication.createPki(VaultCommunication.java:41) ~[classes!/:0.0.1-SNAPSHOT]
thats our input object:
apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
name: test-pki
spec:
path: "pki_exampe/issue/vaultcrdrole"
type: "PKI"
pkiConfiguration:
commonName: "kaese.example.de"
ttl: "7h"
Vault roles/policys are configured accordingly and a manual vault write using the token generated with this policy and the path above returns the set of certs.
Any ideas what this could be?
btw: vault itself issues the cert perfectly and you can get it from vault afterwards ( at least the public part :) ) but the response from vault seems to irritate vault-crd somehow.
best regards,
Bjoern
Hi Björn,
are you using an intermediate certificate chain?
I expected that the intermediate certificate chain "ca_chain" is a string, but I think it isn't.
I'll implement a fix.
Thanks for your feedback :-)
Best regards,
Björn
HI,
thanks for the fast response - and yes - it is an intermediate :)
regards,
Bjoern
Hi Björn,
bug is fixed!
The new Docker image will be build now and is available in few minutes: https://hub.docker.com/r/daspawnw/vault-crd/
Best regards,
Björn
Thanks, that did it. Working like a charm now.