Describe the bug
When there is Vault backend within a composite backend, then it cannot do server-side authentication. For example, it cannot do AppRole-based authentication.
Given following configuration for config-server:
spring:
profiles:
active: composite
cloud:
config:
server:
composite:
- type: vault
host: my-vault-server
port: 5555
authentication: approle
roleId: 123
secretId: 456
It won't be able to authenticate with Vault using its AppRole's role id and secret id. Instead it throws an error, saying that it expects the X-Config-Token header. This tells us that it's using a wrong config token provider.
The reason is that a default session manager bean is being created with the default Vault properties. However, a session manager is needed which uses the Vault properties from the Vault in the composite backend.
Authored w/ @kvmw
Describe the bug
When there is Vault backend within a composite backend, then it cannot do server-side authentication. For example, it cannot do AppRole-based authentication.
Given following configuration for config-server:
It won't be able to authenticate with Vault using its AppRole's role id and secret id. Instead it throws an error, saying that it expects the
X-Config-Tokenheader. This tells us that it's using a wrong config token provider.The reason is that a default session manager bean is being created with the default Vault properties. However, a session manager is needed which uses the Vault properties from the Vault in the composite backend.
Authored w/ @kvmw