getting `SecretNotAccessibleException` when trying to create a "KEYVALUEV2"

Question

getting `SecretNotAccessibleException` when trying to create a "KEYVALUEV2"

Closed this issue 5 years ago · 1 comments

vault kv get secret-v2/infra/jayg
works from a command line as does
vault kv get -version=1 secret-v2/infra/jayg

trying to apply this yaml

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
  name: jayg-v2
spec:
  type: "KEYVALUEV2"
  path: "secret-v2/infra/jayg"
  versionConfiguration:
    version: 1

results in this traceback

de.koudingspawn.vault.vault.communication.SecretNotAccessibleException: The secret secret-v2/infra/jayg is not available or in the wrong format.
    at de.koudingspawn.vault.vault.VaultCommunication.getVersionedSecret(VaultCommunication.java:122) ~[classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.vault.impl.KeyValueV2Generator.generateSecret(KeyValueV2Generator.java:27) ~[classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.vault.VaultService.generateSecret(VaultService.java:18) ~[classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.kubernetes.EventHandler.addHandler(EventHandler.java:27) ~[classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.kubernetes.Watcher$1.eventReceived(Watcher.java:38) [classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.kubernetes.Watcher$1.eventReceived(Watcher.java:31) [classes!/:0.0.1-SNAPSHOT]
    at io.fabric8.kubernetes.client.utils.WatcherToggle.eventReceived(WatcherToggle.java:49) [kubernetes-client-4.1.0.jar!/:na]
    at io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager$2.onMessage(WatchConnectionManager.java:232) [kubernetes-client-4.1.0.jar!/:na]
    at okhttp3.internal.ws.RealWebSocket.onReadMessage(RealWebSocket.java:310) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.ws.WebSocketReader.readMessageFrame(WebSocketReader.java:222) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.ws.WebSocketReader.processNextFrame(WebSocketReader.java:101) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.ws.RealWebSocket.loopReader(RealWebSocket.java:265) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.ws.RealWebSocket$2.onResponse(RealWebSocket.java:204) [okhttp-3.9.1.jar!/:na]
    at okhttp3.RealCall$AsyncCall.execute(RealCall.java:153) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32) [okhttp-3.9.1.jar!/:na]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]de.koudingspawn.vault.vault.communication.SecretNotAccessibleException: The secret secret-v2/infra/jayg is not available or in the wrong format.
    at de.koudingspawn.vault.vault.VaultCommunication.getVersionedSecret(VaultCommunication.java:122) ~[classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.vault.impl.KeyValueV2Generator.generateSecret(KeyValueV2Generator.java:27) ~[classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.vault.VaultService.generateSecret(VaultService.java:18) ~[classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.kubernetes.EventHandler.addHandler(EventHandler.java:27) ~[classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.kubernetes.Watcher$1.eventReceived(Watcher.java:38) [classes!/:0.0.1-SNAPSHOT]
    at de.koudingspawn.vault.kubernetes.Watcher$1.eventReceived(Watcher.java:31) [classes!/:0.0.1-SNAPSHOT]
    at io.fabric8.kubernetes.client.utils.WatcherToggle.eventReceived(WatcherToggle.java:49) [kubernetes-client-4.1.0.jar!/:na]
    at io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager$2.onMessage(WatchConnectionManager.java:232) [kubernetes-client-4.1.0.jar!/:na]
    at okhttp3.internal.ws.RealWebSocket.onReadMessage(RealWebSocket.java:310) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.ws.WebSocketReader.readMessageFrame(WebSocketReader.java:222) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.ws.WebSocketReader.processNextFrame(WebSocketReader.java:101) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.ws.RealWebSocket.loopReader(RealWebSocket.java:265) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.ws.RealWebSocket$2.onResponse(RealWebSocket.java:204) [okhttp-3.9.1.jar!/:na]
    at okhttp3.RealCall$AsyncCall.execute(RealCall.java:153) [okhttp-3.9.1.jar!/:na]
    at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32) [okhttp-3.9.1.jar!/:na]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]

I am able to use vault-crd for a non-versioned secrets engine in vault so it is installed correctly and can talk to vault. I am using the same token in vault-crd as I am on the command line.
I'm sure I'm doing something wrong but I'm not sure what.

Answer 1 · 2019-03-19T16:02:33.000Z

I tailed the vault logs when making the Vault object (which fails) and using the command line to get the vault secret and I think I see the issue.
I've forked this and I'm going to try and fix.