hashicorp-vault-plugin
hashicorp-vault-plugin copied to clipboard
`AbstractVaultTokenCredentialWithExpiration` is broken for multi-cluster setup
Jenkins and plugins versions report
Latest
What Operating System are you using (both controller, and any agents involved in the problem)?
CentOS
Reproduction steps
Run
withVault(configuration: [
"vaultCredentialId": "vault-aws-iam-role",
"vaultUrl": "https://foo"
], vaultSecrets: [[
"path": "secret/test",
"secretValues": [[
"envVar": "SECRET",
"vaultKey": "foo"
]]
]]) {
echo SECRET
}
withVault(configuration: [
"vaultCredentialId": "vault-aws-iam-role",
"vaultUrl": "https://bar"
], vaultSecrets: [[
"path": "secret/test",
"secretValues": [[
"envVar": "SECRET",
"vaultKey": "foo"
]]
]]) {
echo SECRET
}
Expected Results
Should use and cache separate tokens
Actual Results
It is issuing and caching a token for https://foo
and then until this token expires - it tries to use that token for https://bar
as well as any other Vault cluster, and it obviously gets 403 in response.
Anything else?
No response