Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accessed Consul cluster's KV store with TLS and ACL enabled through code, but Spring Boot configuration failure #834

Open
happy2wh7 opened this issue Feb 6, 2024 · 0 comments
Open

Accessed Consul cluster's KV store with TLS and ACL enabled through code, but Spring Boot configuration failure #834

happy2wh7 opened this issue Feb 6, 2024 · 0 comments
Labels
waiting-for-triage

Comments

@happy2wh7
Copy link

This question might not be appropriate to ask here, but I have tried various methods and still can't solve the problem.

Using com.orbitz.consul.consul-client:1.5.3, I can retrieve the value of the key from Consul's KV store in code. However, configuring it with Spring Boot 3.2.2 fails.

I have set up a Consul cluster with three nodes, all running in server mode. TLS is enabled for both outgoing and incoming connections, and ACL is also enabled. I used the same CA to issue p12-format certificates for accessing the Consul cluster.

I created a value with the key config/example-spring,dev/data in Consul's KV store and generated an ACL token with the necessary permissions to access this key.

The crucial part of the code is as follows:

#load the p12 file from the file system and trust any certificate.
SSLContext sslContext = createSSLContext("/path/to/user1.p12", "key-password");
Consul consul = Consul.builder().withAclToken("58f89672-c9a1-8a97-0d0c-cd2a32fb8f36")
        .withUrl("https://c3.consul.casa:8501")
        .withHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        })
        .withSslContext(sslContext).build(); 
KeyValueClient kvClient = consul.keyValueClient();

#Successfully retrieved the value
String yaml = kvClient.getValueAsString("config/example-spring,dev/data").get();

In my understanding, the configuration of the Consul cluster is correct.
but the configuration fails with Spring Boot 3.2.2

application.properties:

spring.profiles.active=dev
spring.application.name=example-spring
spring.config.import=consul:

bootstrap.yml:

spring:
  cloud:
    consul:
      enabled: true
      host: c3.consul.casa
      port: 8501
      scheme: https
      config:
        enabled: true
        acl-token: "58f89672-c9a1-8a97-0d0c-cd2a32fb8f36"
        format: YAML
        data-key: data
        profileSeparator: ","
        watch:
          enabled: false
      tls:
        key-store-instance-type: pkcs12
        key-store-path: classpath:user1.p12
        key-store-password: key-password

error message:

***************************
APPLICATION FAILED TO START
***************************

Description:

Config data resource '[ConsulConfigDataResource@275fe372 context = 'config/example-spring,dev/', optional = true, properties = [ConsulConfigProperties@40e10ff8 enabled = true, prefixes = list['config'], defaultContext = 'application', profileSeparator = ',', format = KEY_VALUE, dataKey = 'data', aclToken = [null], watch = [ConsulConfigProperties.Watch@557a1e2d waitTime = 55, enabled = true, delay = 1000], failFast = true, name = 'example-spring'], profile = 'dev']' via location 'consul:' does not exist

Action:

Check that the value 'consul:' at class path resource [application.properties] - 4:22 is correct, or prefix it with 'optional:'

Thanks all.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
waiting-for-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@happy2wh7 @spring-cloud-issues