-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
error: Username used null #16
Comments
That JSON response is very different from what I get. From running https://github.com/premium-minds/dbeaver-vault/blob/master/docker-postgres-vault-example.sh
|
It looks like our Vault instance is using KV secrets version 2, while yours is using version 1. (Compare https://hvac.readthedocs.io/en/stable/overview.html#kv-secrets-engine-version-2 with https://hvac.readthedocs.io/en/stable/overview.html#kv-secrets-engine-version-1). This also explains why I had to add the "secret/data/" prefix to the path in the Secret field to avoid a ClosedChannelException. It looks like version 2 is now the default. Would it be possible to add support for version 2 as well? |
I missed this. This plugin has only been tested for Postgresql |
I have the impression that that should not make a difference. Both for Postgresql and Oracle there are username and password fields that can be filled with values that are extracted from Vault. |
You are talking about the KV secrets engine, but this is plugin is targeting the database secrets engine. Supporting the KV secrets engine would be problematic due to the lack of schema for the value in each key (someone could use Any reason for not using the database secrets engine ? It does support Oracle |
For the hvac python library the relevant section would be https://hvac.readthedocs.io/en/stable/usage/secrets_engines/database.html#enable-database-secrets-engine |
@froque , thanks for the explanation. I was not aware of the existence of the database secrets engine. Unfortunately that is not enable for our Vault instance (there is nothing I can change about that). So the only way to get this to work would be using the KV secrets engine and a modified version of your plugin. |
I have tried to use dbeaver-vault to connect to an Oracle database, but I got an error message:
When I checked the logs, I noticed this message: "Username used null", which is written by this line:
log.info("Username used " + value.getResponse().getData().getUsername());
( https://github.com/premium-minds/dbeaver-vault/blob/master/plugin/src/com/premiumminds/dbeaver/vault/VaultAuthModel.java#L112)
From the above I understand that the code looks for the field
response['data']['username']
, while the actual Vault secret json has an additional 'data' level:response['data']['data']['username']
. For example:The text was updated successfully, but these errors were encountered: