hashicorp-vault-plugin
hashicorp-vault-plugin copied to clipboard
jenkinsci
error 412 while calling withVault
Jenkins and plugins versions report
Jenkins: 2.426.3 OS: Linux - 5.15.133+ Java: 17.0.9 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
Parameterized-Remote-Trigger:3.2.0 ace-editor:1.1 active-directory:2.34 analysis-model-api:11.15.0 ansible:253.v4fe719ffdd8a_ ansicolor:1.0.4 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 apache-httpcomponents-client-5-api:5.2.1-1.1 authentication-tokens:1.53.v1c90fd9191a_b_ badge:1.9.1 basic-branch-build-strategies:81.v05e333931c7d blackduck-detect:9.0.0 blueocean:1.27.10 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.27.10 blueocean-commons:1.27.10 blueocean-config:1.27.10 blueocean-core-js:1.27.10 blueocean-dashboard:1.27.10 blueocean-display-url:2.4.2 blueocean-events:1.27.10 blueocean-git-pipeline:1.27.10 blueocean-github-pipeline:1.27.10 blueocean-i18n:1.27.10 blueocean-jwt:1.27.10 blueocean-personalization:1.27.10 blueocean-pipeline-api-impl:1.27.10 blueocean-pipeline-editor:1.27.10 blueocean-pipeline-scm-api:1.27.10 blueocean-rest:1.27.10 blueocean-rest-impl:1.27.10 blueocean-web:1.27.10 bootstrap4-api:4.6.0-6 bootstrap5-api:5.3.2-3 bouncycastle-api:2.30.1.77-225.v26ea_c9455fd9 branch-api:2.1144.v1425d1c3d5a_7 build-history-manager:1.7.1 build-pipeline-plugin:1.5.8 caffeine-api:3.1.8-133.v17b_1ff2e0599 checkmarx:2023.4.3 checks-api:2.0.2 cloud-stats:320.v96b_65297a_4b_b_ cloudbees-bitbucket-branch-source:866.vdea_7dcd3008e cloudbees-folder:6.858.v898218f3609d cobertura:1.17 code-coverage-api:4.99.0 command-launcher:107.v773860566e2e commons-lang3-api:3.13.0-62.v7d18e55f51e2 commons-text-api:1.11.0-95.v22a_d30ee5d36 config-file-provider:968.ve1ca_eb_913f8c configuration-as-code:1775.v810dc950b_514 copyartifact:722.v0662a_9b_e22a_c coverage:1.10.0 credentials:1319.v7eb_51b_3a_c97b_ credentials-binding:657.v2b_19db_7d6e6d dashboard-view:2.495.v07e81500c3f2 data-tables-api:1.13.8-2 dependency-check-jenkins-plugin:5.4.3 disk-usage:1.2 display-url-api:2.200.vb_9327d658781 docker-build-step:2.10 docker-commons:439.va_3cb_0a_6a_fb_29 docker-java-api:3.3.1-79.v20b_53427e041 docker-plugin:1.5 docker-workflow:572.v950f58993843 durable-task:543.v262f6a_803410 echarts-api:5.4.3-2 email-ext:2.104 embeddable-build-status:467.v4a_954796e45d envinject:2.908.v66a_774b_31d93 envinject-api:1.199.v3ce31253ed13 extended-read-permission:53.v6499940139e5 favorite:2.208.v91d65b_7792a_c font-awesome-api:6.5.1-2 forensics-api:2.3.0 getpassvaultsecret:1.0-SNAPSHOT (private-acb5bbe2-I355863) git:5.2.1 git-client:4.6.0 git-server:99.va_0826a_b_cdfa_d github:1.37.3.1 github-api:1.318-461.v7a_c09c9fa_d63 github-autostatus:3.6.2 github-branch-source:1772.va_69eda_d018d4 github-oauth:597.ve0c3480fcb_d0 groovy:457.v99900cb_85593 groovy-postbuild:228.vcdb_cf7265066 gson-api:2.10.1-15.v0d99f670e0a_7 h2-api:11.1.4.199-12.v9f4244395f7a_ handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-30.v7e777411b_148 hashicorp-vault-pipeline:1.4 hashicorp-vault-plugin:363.va_f8c1627db_b_a htmlpublisher:1.32 http_request:1.18 influxdb:3.6 instance-identity:185.v303dc7c645f9 ionicons-api:56.v1b_1c8c49374e jackson2-api:2.16.1-373.ve709c6871598 jacoco:3.3.5 jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javadoc:243.vb_b_503b_b_45537 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.9-1 jdk-tool:73.vddf737284550 jenkins-design-language:1.27.10 jersey2-api:2.41-133.va_03323b_a_1396 jira:3.11 jjwt-api:0.11.5-77.v646c772fddb_0 job-dsl:1.87 joda-time-api:2.12.6-21.vca_fd74418fb_7 jquery:1.12.4-1 jquery-detached:1.2.1 jquery3-api:3.7.1-1 jsch:0.2.8-65.v052c39de79b_2 json-api:20231013-17.v1c97069404b_e json-path-api:2.9.0-33.v2527142f2e1d junit:1256.v002534a_5f33e kubernetes:4179.v3b_88431df708 kubernetes-client-api:6.10.0-240.v57880ce8b_0b_2 kubernetes-credentials:0.11 lockable-resources:1232.v512d6c434eb_d mailer:463.vedf8358e006b_ mask-passwords:173.v6a_077a_291eb_5 matrix-auth:3.2.1 matrix-project:822.v01b_8c85d16d2 maven-plugin:3.23 mercurial:1260.vdfb_723cdcc81 metrics:4.2.21-449.v6960d7c54c69 mina-sshd-api-common:2.12.0-90.v9f7fb_9fa_3d3b_ mina-sshd-api-core:2.12.0-90.v9f7fb_9fa_3d3b_ momentjs:1.1.1 okhttp-api:4.11.0-157.v6852a_a_fa_ec11 parameterized-trigger:2.46 performance:951.v5600a_c6422ed pipeline-build-step:540.vb_e8849e1a_b_d8 pipeline-github:2.8-159.09e4403bc62f pipeline-githubnotify-step:49.vf37bf92d2bc8 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:704.vc58b_8890a_384 pipeline-input-step:477.v339683a_8d55e pipeline-maven:1376.v18876d10ce9c pipeline-maven-api:1376.v18876d10ce9c pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2175.v76a_fff0a_2618 pipeline-model-definition:2.2175.v76a_fff0a_2618 pipeline-model-extensions:2.2175.v76a_fff0a_2618 pipeline-multibranch-defaults:2.1 pipeline-rest-api:2.34 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2175.v76a_fff0a_2618 pipeline-stage-view:2.34 pipeline-utility-steps:2.16.1 plain-credentials:143.v1b_df8b_d3b_e48 plugin-usage-plugin:4.2 plugin-util-api:3.8.0 popper-api:1.16.1-3 popper2-api:2.11.6-4 postbuildscript:3.2.0-460.va_fda_0fa_26720 prism-api:1.29.0-10 pubsub-light:1.18 rebuild:330.v645b_7df10e2a_ remote-file:1.24 resource-disposer:0.23 robot:3.5.0 saferestart:0.7 saml:4.464.vea_cb_75d7f5e0 scm-api:683.vb_16722fb_b_80b_ script-security:1313.v7a_6067dc7087 sidebar-link:2.4.1 slack:684.v833089650554 snakeyaml-api:2.2-111.vc6598e30cc65 sonar:2.17.1 sse-gateway:1.26 ssh-agent:346.vda_a_c4f2c8e50 ssh-credentials:308.ve4497b_ccd8f4 ssh-slaves:2.948.vb_8050d697fec sshd:3.312.v1c601b_c83b_0e structs:337.v1b_04ea_4df7c8 timestamper:1.26 token-macro:400.v35420b_922dcb_ trilead-api:2.133.vfb_8a_7b_9c5dd1 variant:60.v7290fc0eb_b_cd warnings-ng:10.7.0 webhook-step:342.v620877effe14 windows-slaves:1.8.1 workflow-aggregator:596.v8c21c963d92d workflow-api:1289.va_cf779f32df0 workflow-basic-steps:1042.ve7b_140c4a_e0c workflow-cps:3853.vb_a_490d892963 workflow-durable-task-step:1317.v5337e0c1fe28 workflow-job:1385.vb_58b_86ea_fff1 workflow-multibranch:773.vc4fe1378f1d5 workflow-scm-step:415.v434365564324 workflow-step-api:657.v03b_e8115821b_ workflow-support:865.v43e78cc44e0d ws-cleanup:0.45
What Operating System are you using (both controller, and any agents involved in the problem)?
OS: Linux - 5.15.133+
Reproduction steps
- I have a jenkins server connected to HashiCorpVault Enterprise via approle authentication, I have constructed a function that retrieves the desired secret from Vault. Sometimes I encounter connection problem between jenkins and Vault https://developer.hashicorp.com/vault/docs/enterprise/consistency
Error message "Vault responded with 412 error code"
I tried to wrap the retrieving function in try/catch block but error 412 doesnt result in exception, whereas wrongly connected vault address, wrong path for the sectrets, wrong credentials for approle do result in exception.
try {
fetchedSecrets = fetchVaultSecrets(env.VAULT_URL, env.VAULT_NAMESPACE, env.VAULT_CREDENTIAL_ID, 2, [SMTP_AUTH_PASS: 'password', SMTP_AUTH_USER: 'username'], 'path')
echo "SMTP_AUTH_USER: ${fetchedSecrets.SMTP_AUTH_USER}"
success = true
} catch (Exception e) {
sendEmailUnsuccessfulPipeline()
echo "${e.message}"
Expected Results
It would be nice if the error could result in exception so I could retry connecting to Vault and try to fetch secrets once again.
Actual Results
following error is printed to log: Vault responded with 412 error code. Vault responded with errors: required index state not present
Anything else?
No response
Are you interested in contributing a fix?
No response
