hashicorp-vault-plugin `AbstractVaultTokenCredentialWithExpiration` is broken for multi-cluster setup

`AbstractVaultTokenCredentialWithExpiration` is broken for multi-cluster setup

Open dee-kryvenko opened this issue 1 year ago • 1 comments

Jenkins and plugins versions report

Latest

What Operating System are you using (both controller, and any agents involved in the problem)?

CentOS

Reproduction steps

Run

withVault(configuration: [
    "vaultCredentialId": "vault-aws-iam-role",
    "vaultUrl": "https://foo"
    ], vaultSecrets: [[
        "path": "secret/test",
        "secretValues": [[
            "envVar": "SECRET",
            "vaultKey": "foo"
        ]]
    ]]) {
    echo SECRET
}
withVault(configuration: [
    "vaultCredentialId": "vault-aws-iam-role",
    "vaultUrl": "https://bar"
    ], vaultSecrets: [[
        "path": "secret/test",
        "secretValues": [[
            "envVar": "SECRET",
            "vaultKey": "foo"
        ]]
    ]]) {
    echo SECRET
}

Expected Results

Should use and cache separate tokens

Actual Results

It is issuing and caching a token for https://foo and then until this token expires - it tries to use that token for https://bar as well as any other Vault cluster, and it obviously gets 403 in response.

Anything else?

No response

Oct 04 '22 21:10 dee-kryvenko

hashicorp-vault-plugin hashicorp-vault-plugin copied to clipboard

`AbstractVaultTokenCredentialWithExpiration` is broken for multi-cluster setup

Jenkins and plugins versions report

What Operating System are you using (both controller, and any agents involved in the problem)?

Reproduction steps

Expected Results

Actual Results

Anything else?

hashicorp-vault-plugin
hashicorp-vault-plugin copied to clipboard