pvillard31 opened a new pull request, #11396: URL: https://github.com/apache/nifi/pull/11396
# Summary NIFI-16078 - Fix StandardHashiCorpVaultClientService for non-token authentication In NiFi 2.10.0, `spring-vault-core` was upgraded 4.0.1 → 4.1.0. Non-token auth methods now build their client via `AbstractVaultConfiguration.vaultClient()`, which looks up a `clientHttpRequestFactoryWrapper` bean; AWS EC2 / Azure MSI also go through `restClient()` → `getRestTemplateFactory()`. Alsok, NiFi's `getRestTemplateFactory()` override was removed. NiFi configures `HashiCorpVaultConfiguration` programmatically with an empty `StaticApplicationContext`, so these bean lookups fail. Token authentication is unaffected (it needs no Vault client). With this change, `HashiCorpVaultConfiguration.setClientHttpRequestFactory(...)` registers the request factory as the `clientHttpRequestFactoryWrapper` bean. We also restore the `getRestTemplateFactory()` override built from that same factory. And `StandardHashiCorpVaultCommunicationService` passes its configured (SSL Context Service–aware) factory before `clientAuthentication()`, so the auth client uses the same TLS material. Added new unit tests cover Kubernetes and AWS EC2 authentication; both reproduce the reported failure without the fix. # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-00000` - Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-00000` - Pull request contains [commits signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) with a registered key indicating `Verified` status ### Pull Request Formatting - Pull Request based on current revision of the `main` branch - Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [ ] Build completed using `./mvnw clean install -P contrib-check` - [ ] JDK 21 - [ ] JDK 25 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
