pvillard31 opened a new pull request, #11396:
URL: https://github.com/apache/nifi/pull/11396

   # Summary
   
   NIFI-16078 - Fix StandardHashiCorpVaultClientService for non-token 
authentication
   
   In NiFi 2.10.0, `spring-vault-core` was upgraded 4.0.1 → 4.1.0. Non-token 
auth methods now build their client via 
`AbstractVaultConfiguration.vaultClient()`, which looks up a 
`clientHttpRequestFactoryWrapper` bean; AWS EC2 / Azure MSI also go through 
`restClient()` → `getRestTemplateFactory()`. Alsok, NiFi's 
`getRestTemplateFactory()` override was removed.
   
   NiFi configures `HashiCorpVaultConfiguration` programmatically with an empty 
`StaticApplicationContext`, so these bean lookups fail. Token authentication is 
unaffected (it needs no Vault client).
   
   With this change, 
`HashiCorpVaultConfiguration.setClientHttpRequestFactory(...)` registers the 
request factory as the `clientHttpRequestFactoryWrapper` bean. We also restore 
the `getRestTemplateFactory()` override built from that same factory. And 
`StandardHashiCorpVaultCommunicationService` passes its configured (SSL Context 
Service–aware) factory before `clientAuthentication()`, so the auth client uses 
the same TLS material.
   
   Added new unit tests cover Kubernetes and AWS EC2 authentication; both 
reproduce the reported failure without the fix.
   
   # Tracking
   
   Please complete the following tracking steps prior to pull request creation.
   
   ### Issue Tracking
   
   - [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue 
created
   
   ### Pull Request Tracking
   
   - Pull Request title starts with Apache NiFi Jira issue number, such as 
`NIFI-00000`
   - Pull Request commit message starts with Apache NiFi Jira issue number, as 
such `NIFI-00000`
   - Pull request contains [commits 
signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
 with a registered key indicating `Verified` status
   
   ### Pull Request Formatting
   
   - Pull Request based on current revision of the `main` branch
   - Pull Request refers to a feature branch with one commit containing changes
   
   # Verification
   
   Please indicate the verification steps performed prior to pull request 
creation.
   
   ### Build
   
   - [ ] Build completed using `./mvnw clean install -P contrib-check`
     - [ ] JDK 21
     - [ ] JDK 25
   
   ### Licensing
   
   - [ ] New dependencies are compatible with the [Apache License 
2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License 
Policy](https://www.apache.org/legal/resolved.html)
   - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` 
files
   
   ### Documentation
   
   - [ ] Documentation formatting appears as expected in rendered files
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to