vault问题记录

vault报错

1设置VAULT_ADDR路径时报错

 failed to create client: parse 'http://127.0.0.1:8200': first path segment in URL cannot contain colon

 解决方式：set VAULT_ADDR=http://127.0.0.1:8200  设置路径时不需要引号

2 vault status
Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: http: server gave HTTP response to HTTPS client

解决方式：没有指定VAULT_ADDR,可以通过指定-address来查看vault status -address='http://*.*.*.*:8200'

3  vault policy write app1 app1.hcl

Error uploading policy: Error making API request.

URL: PUT http://*.*.*.*:8200/v1/sys/policies/acl/app1
Code: 403. Errors:

* permission denied

解决方式：用解封时产生的token登陆后，进行写策略操作

 

spring boot中报错

1 Caused by: org.springframework.vault.VaultException: Status 403 Forbidden [secret/test-login]: 1 error occurred:
 * permission denied

解决方式：将路径权限加入到vault对应的app策略中，重新写入更新后的策略文件vault policy write app1 app1.hcl，不用重新生成token

也可以通过vualt ui界面操作，需要用最初的token登陆后，才能看到policy项，对相应的策略进行更新，更新后直接生效。

 

 2 Caused by: java.lang.NullPointerException
 at com.example.logindemo.LogindemoApplication.initIt(LogindemoApplication.java:32)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:363)
 at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:307)
 at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:136)

 问题和解决方式：

登陆获取用户名密码时失败，需要在vault中允许使用vault  secrets enable database

3 Caused by: org.springframework.vault.VaultException: Status 400 Bad Request [database/creds/app1]: unknown role: app1; nested exception is org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request

问题和解决方式：

需要在vault中创建数据库连接和用户角色：

vault write database/config/my-mysql-database plugin_name=mysql-database-plugin connection_url="{{username}}:{{password}}@tcp(*.*.*.*:3306)/" allowed_roles="app1" username="test" password="123456"

vault write database/roles/app1  db_name=my-mysql-database creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT,INSERT,UPDATE ON *.* TO '{{name}}'@'%';" default_ttl="1h" max_ttl="24h"

4 Caused by: org.springframework.vault.VaultException: Status 500 Internal Server Error [database/creds/app1]: 1 error occurred:
 * Error 1045: Access denied for user 'test'@'*.*.*.*' (using password: YES)