IMDSv2 + Hashicorp Vault

2024-05-08 Thread Brant Gardner
Good morning, It appears that the Spring 3.1.0 libraries that NiFi uses are unable to work with IMDSv2 on AWS EC2 instances, so if your company requires IMDSv2 (which ours does) and you use AWS_EC2 for method/auth, then you cannot connect to Hashicorp Vault from NiFi. Any advice? Thank you,

Re: IMDSv2 + Hashicorp Vault

2024-05-08 Thread Patrick Timmins
What version of NiFi are you using?  I'm seeing Spring v5.3.30 in NiFi 1.24. On 5/8/2024 6:32 AM, Brant Gardner wrote: Good morning, It appears that the Spring 3.1.0 libraries that NiFi uses are unable to work with IMDSv2 on AWS EC2 instances, so if your company requires IMDSv2 (which ours

RE: Re: IMDSv2 + Hashicorp Vault

2024-05-08 Thread Brant Gardner
We’re running 2.0.0-M2. Brant Gardner Software Developer – BI & Analytics Time: GMT -6:00 bcgard...@solventum.com [A black background with green text Description automatically generated] From: Patrick Timmins Sent: Wednesday, May 8, 2024 11:00 To: users@nifi.apac

Re: IMDSv2 + Hashicorp Vault

2024-05-08 Thread Patrick Timmins
I'm seeing Spring v6.0.16 in NiFi v2.0.0-M2! On 5/8/2024 11:20 AM, Brant Gardner wrote: We’re running 2.0.0-M2. *Brant Gardner* Software Developer – BI & Analytics Time: GMT -6:00 bcgard...@solventum.com* *A black background with green text Description automatically generated *From:*Patri

Re: IMDSv2 + Hashicorp Vault

2024-05-08 Thread Patrick Timmins
In my best Rosanne Rosanadana ... never mind ... I see the only outlier for using the latest Spring is the spring-vault-core-3.1.0.jar !! On 5/8/2024 11:20 AM, Brant Gardner wrote: We’re running 2.0.0-M2. *Brant Gardner* Software Developer – BI & Analytics Time: GMT -6:00 bcgard...@solvent

RE: Re: IMDSv2 + Hashicorp Vault

2024-05-08 Thread Brant Gardner
Right, which is the one making us sad. :P Brant Gardner Software Developer – BI & Analytics Time: GMT -6:00 bcgard...@solventum.com [A black background with green text Description automatically generated] From: Patrick Timmins Sent: Wednesday, May 8, 2024 11:45

Re: Re: IMDSv2 + Hashicorp Vault

2024-05-08 Thread David Handermann
Brant, Just for clarification, Spring Vault is a separate project from Spring Framework, following its own version numbering strategy, so Spring Vault 3.1.1 is the latest version. If you could provide some additional details on the use case and any particular errors, that might be helpful. Regar

RE: Re: Re: IMDSv2 + Hashicorp Vault

2024-05-08 Thread Brant Gardner
Hi David, Sure, we examined the 3.1.1 source code for spring-vault on GitHub and confirmed that it does not appear to have the relevant code for extracting the token as IMDSv2 stipulates. The error message we get lines up with this, and if we use an EC2 instance with IMDSv2 set to “Optional” w

Re: Re: Re: IMDSv2 + Hashicorp Vault

2024-05-08 Thread David Handermann
Brant, Thanks for the additional details. Based on the description, it sounds like it would be worth raising an issue with Spring Vault. The NiFi implementation delegates HashiCorp Vault authentication handling to Spring Vault, so if support were introduced there, that would be ideal. If it is not