1

我在保管库服务器上配置了一个策略,仅用于从my/secret_key_path/here带注释的配置类 中读取密钥,@VaultPropertySource("my/secret_key_path/here")并且在启动时出现此错误,无法检索密钥的值:

org.springframework.vault.VaultException: Status 403 secret/my/secret_key_path/here/dev: permission denied
    at org.springframework.vault.client.VaultResponses.buildException(VaultResponses.java:83) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate$2.doWithRestOperations(VaultTemplate.java:341) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:318) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:327) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:227) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:467) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:297) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:256) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:147) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:133) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:155) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:89) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.doCreatePropertySources(VaultPropertySourceLocatorSupport.java:170) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.createCompositePropertySource(VaultPropertySourceLocatorSupport.java:145) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.locate(VaultPropertySourceLocatorSupport.java:116) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) [spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:301) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at test.WriterServiceApplication.main(WriterServiceApplication.java:17) [classes!/:1.0-SNAPSHOT]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_151]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_151]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_151]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_151]
    at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]

2018-01-19 12:56:14.872  WARN 28733 --- [           main] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/application/dev', mode=ROTATE]] Lease [leaseId='null', leaseDuration=0, renewable=false] Status 403 secret/application/dev: permission denied

org.springframework.vault.VaultException: Status 403 secret/application/dev: permission denied
    at org.springframework.vault.client.VaultResponses.buildException(VaultResponses.java:83) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate$2.doWithRestOperations(VaultTemplate.java:341) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:318) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:327) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:227) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:467) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:297) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:256) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:147) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:133) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:155) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:89) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.doCreatePropertySources(VaultPropertySourceLocatorSupport.java:170) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.createCompositePropertySource(VaultPropertySourceLocatorSupport.java:145) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.locate(VaultPropertySourceLocatorSupport.java:116) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) [spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:301) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at test.WriterServiceApplication.main(WriterServiceApplication.java:17) [classes!/:1.0-SNAPSHOT]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_151]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_151]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_151]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_151]
    at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]

2018-01-19 12:56:14.875  WARN 28733 --- [           main] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/application', mode=ROTATE]] Lease [leaseId='null', leaseDuration=0, renewable=false] Status 403 secret/application: permission denied

org.springframework.vault.VaultException: Status 403 secret/application: permission denied
    at org.springframework.vault.client.VaultResponses.buildException(VaultResponses.java:83) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate$2.doWithRestOperations(VaultTemplate.java:341) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:318) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:327) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:227) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:467) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:297) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:256) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:147) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:133) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
    at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:155) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:89) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.doCreatePropertySources(VaultPropertySourceLocatorSupport.java:170) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.createCompositePropertySource(VaultPropertySourceLocatorSupport.java:145) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.locate(VaultPropertySourceLocatorSupport.java:116) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
    at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) [spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:301) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
    at test.WriterServiceApplication.main(WriterServiceApplication.java:17) [classes!/:1.0-SNAPSHOT]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_151]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_151]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_151]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_151]
    at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
    at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]

编辑:仅在使用仅为读取该保管库端点而生成的令牌时才会出现问题。

4

0 回答 0