if the generated `Secret` of a `Vault` object is accidentally deleted, it causes an Exception during refresh handling
Closed this issue · 2 comments
for testing I created and applied
apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
name: jayg
spec:
type: "KEYVALUE"
path: "secret/infra/jayg"
and a corresponding Secret was created.
I copied the jayg Vault and changed the name to jayg2 and applied and all was well.
I then deleted the jayg2 Secret (but not the Vault object) from our cluster via
kubectl delete -f jayg2.yaml
on the next refresh pass there was a NullExceptionPointer in the vault-crd logs
2019-03-18 19:46:00.850 INFO 1 --- [TaskScheduler-1] d.k.v.k.scheduler.ScheduledRefresh : Start refresh of secret...
2019-03-18 19:46:01.337 ERROR 1 --- [TaskScheduler-1] o.s.s.s.TaskUtils$LoggingErrorHandler : Unexpected error occurred in scheduled task.
java.lang.NullPointerException: null
at de.koudingspawn.vault.kubernetes.KubernetesService.modifySecret(KubernetesService.java:58) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.kubernetes.EventHandler.modifyHandler(EventHandler.java:44) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.kubernetes.scheduler.ScheduledRefresh.refreshCertificates(ScheduledRefresh.java:42) ~[classes!/:0.0.1-SNAPSHOT]
at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_181]
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84) ~[spring-context-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_181]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [na:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_181]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]
I probed a bit by adding more Vault objects with different names. The refresh process continued to work for those that were sorted before the deleted one. (e.g. jayg continued to update from vault as secrets were changed as well as a new ajayg Vault object)
But anything sorted after the deleted secret did not get updated secrets from Vault secret changes. (e.g. jayg2 Secret never gets re-created. jayg3 will get a Secret created based on the value in vault at the time it was applied but will never get updated via the Refresh process after a Vault secret value update.
(I am not sure if it actually processes them alphabetically but I created this scenario to test whether one 'bad' refresh error stops processing for the rest of the Vault objects.)
tested my previously failing scenario and it's working now!
Thanks to both of you!