Brant, Thanks for the additional details. Based on the description, it sounds like it would be worth raising an issue with Spring Vault. The NiFi implementation delegates HashiCorp Vault authentication handling to Spring Vault, so if support were introduced there, that would be ideal. If it is not on their roadmap, evaluating the effort for a direct implementation in NiFi could be considered.
Regards, David Handermann On Wed, May 8, 2024 at 3:24 PM Brant Gardner <bcgard...@solventum.com> wrote: > Hi David, > > > > Sure, we examined the 3.1.1 source code for spring-vault on GitHub and > confirmed that it does not appear to have the relevant code for extracting > the token as IMDSv2 stipulates. > > > > The error message we get lines up with this, and if we use an EC2 instance > with IMDSv2 set to “Optional” we don’t get the error. > > > > Does that help or can I get you anything else? > > > > *Brant Gardner* > > Software Developer – BI & Analytics > > Time: GMT -6:00 > > bcgard...@solventum.com > [image: A black background with green text Description automatically > generated] > > > > *From:* David Handermann <exceptionfact...@apache.org> > *Sent:* Wednesday, May 8, 2024 14:38 > *To:* users@nifi.apache.org > *Subject:* [EXTERNAL] Re: Re: IMDSv2 + Hashicorp Vault > > > > Brant, Just for clarification, Spring Vault is a separate project from > Spring Framework, following its own version numbering strategy, so Spring > Vault 3. 1. 1 is the latest version. If you could provide some additional > details on the use case > > Brant, > > > > Just for clarification, Spring Vault is a separate project from Spring > Framework, following its own version numbering strategy, so Spring Vault > 3.1.1 is the latest version. > > > > If you could provide some additional details on the use case and any > particular errors, that might be helpful. > > > > Regards, > > David Handermann > > > > On Wed, May 8, 2024 at 2:26 PM Brant Gardner <bcgard...@solventum.com> > wrote: > > Right, which is the one making us sad. :P > > > > *Brant Gardner* > > Software Developer – BI & Analytics > > Time: GMT -6:00 > > bcgard...@solventum.com > [image: A black background with green text Description automatically > generated] > > > > *From:* Patrick Timmins <ptimm...@cox.net> > *Sent:* Wednesday, May 8, 2024 11:45 > *To:* users@nifi.apache.org > *Subject:* [EXTERNAL] Re: IMDSv2 + Hashicorp Vault > > > > In my best Rosanne Rosanadana .. . never mind .. . I see the only outlier > for using the latest Spring is the spring-vault-core-3. 1. 0. jar !! On > 5/8/2024 11: 20 AM, Brant Gardner wrote: We’re running 2. 0. 0-M2. Brant > Gardner Software Developer – > > In my best Rosanne Rosanadana ... never mind ... I see the only outlier > for using the latest Spring is the spring-vault-core-3.1.0.jar !! > > On 5/8/2024 11:20 AM, Brant Gardner wrote: > > We’re running 2.0.0-M2. > > > > *Brant Gardner* > > Software Developer – BI & Analytics > > Time: GMT -6:00 > > bcgard...@solventum.com > [image: A black background with green text Description automatically > generated] > > > > *From:* Patrick Timmins <ptimm...@cox.net> <ptimm...@cox.net> > *Sent:* Wednesday, May 8, 2024 11:00 > *To:* users@nifi.apache.org > *Subject:* [EXTERNAL] Re: IMDSv2 + Hashicorp Vault > > > > What version of NiFi are you using? I'm seeing Spring v5. 3. 30 in NiFi 1. 24. > On 5/8/2024 6: 32 AM, Brant Gardner wrote: Good morning, It appears that > the Spring 3. 1. 0 libraries that NiFi uses are unable to work with > IMDSv2 on AWS EC2 instances, > > What version of NiFi are you using? I'm seeing Spring v5.3.30 in NiFi > 1.24. > > > > On 5/8/2024 6:32 AM, Brant Gardner wrote: > > Good morning, > > > > It appears that the Spring 3.1.0 libraries that NiFi uses are unable to > work with IMDSv2 on AWS EC2 instances, so if your company requires IMDSv2 > (which ours does) and you use AWS_EC2 for method/auth, then you cannot > connect to Hashicorp Vault from NiFi. > > > > Any advice? > > > > Thank you, > > > > *Brant Gardner* > > Software Developer – BI & Analytics > Time: GMT -6:00 > > > [image: A black background with green text Description automatically > generated] > > > >
