if the generated `Secret` of a `Vault` object is accidentally deleted, it causes an Exception during refresh handling
Closed this issue · 2 comments
for testing I created and applied
apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
name: jayg
spec:
type: "KEYVALUE"
path: "secret/infra/jayg"
and a corresponding Secret
was created.
I copied the jayg
Vault
and changed the name to jayg2
and applied and all was well.
I then deleted the jayg2
Secret
(but not the Vault
object) from our cluster via
kubectl delete -f jayg2.yaml
on the next refresh pass there was a NullExceptionPointer in the vault-crd
logs
2019-03-18 19:46:00.850 INFO 1 --- [TaskScheduler-1] d.k.v.k.scheduler.ScheduledRefresh : Start refresh of secret...
2019-03-18 19:46:01.337 ERROR 1 --- [TaskScheduler-1] o.s.s.s.TaskUtils$LoggingErrorHandler : Unexpected error occurred in scheduled task.
java.lang.NullPointerException: null
at de.koudingspawn.vault.kubernetes.KubernetesService.modifySecret(KubernetesService.java:58) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.kubernetes.EventHandler.modifyHandler(EventHandler.java:44) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.kubernetes.scheduler.ScheduledRefresh.refreshCertificates(ScheduledRefresh.java:42) ~[classes!/:0.0.1-SNAPSHOT]
at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_181]
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84) ~[spring-context-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_181]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [na:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]
I probed a bit by adding more Vault
objects with different names. The refresh process continued to work for those that were sorted before the deleted one. (e.g. jayg
continued to update from vault as secrets were changed as well as a new ajayg
Vault
object)
But anything sorted after the deleted secret did not get updated secrets from Vault secret changes. (e.g. jayg2
Secret
never gets re-created. jayg3
will get a Secret
created based on the value in vault at the time it was applied but will never get updated via the Refresh process after a Vault secret value update.
(I am not sure if it actually processes them alphabetically but I created this scenario to test whether one 'bad' refresh error stops processing for the rest of the Vault
objects.)
tested my previously failing scenario and it's working now!
Thanks to both of you!