Hello
I'm trying to use Nifi Hashi Corp Vault Parameter Provider with Kubernetes authentication.
- Nifi versions is 2.4.0
- Hashi Corp version is 1.19.5
From my Nifi pod I get to authenticate successfully using the following curl
curl -s -k -X POST -H 'X-Vault-Namespace: DATA/DATAOPE/EC002I002621/' -H 'X-Vault-Request: true' -d '{"jwt": "<content of file /var/run/secrets/kubernetes.io/serviceaccount/token>", "role": "role_k8s_auth_demo_re_ns002i007839"}' https://hvault.staging.my_company/v1/auth/kubernetes_demo_re_ns002i007839/login
From the pod I then get to make a successful secret retrieval with the follwing curl
curl -H "X-Vault-Request: true" -H "X-Vault-Namespace: DATA/DATAOPE/EC002I002621/" -H "X-Vault-Token: <token retrieved by previous command>" https://hvault.staging.my_company/v1/secret/data/test
I try to make sense of the doc and cannot get to a working configuration
I setup my HashiCorp Vault Client with the following properties direct properties
vault.kubernetes.kubernetes-path kubernetes_demo_re_ns002i007839
vault.kubernetes.role role_k8s_auth_demo_re_ns002i007839
vault.namespace DATA/DATAOPE/EC002I002621/
and set up the SSL context service appropriately.
I set up my Parameter Provider with the following direct properties
key value path : DATA/DATAOPE/EC002I002621/secret/
version : kv 2
secret name pattern : .*
I get the following error message :
Error fetching parameters for ParameterProvider[id=xxxx]:
Cannot login using Kubernetes: permission denied
Can someone help me sort out what I'm doing wrong ?
Is there a way to dump the API calls made by the Parameter Provider ?
Regards.
Regards
