How to generate new session token when connecting to Vault

This is my first time using TC so if I am missing something obvious please let me know.

I am using the "Vault (experimental)" VCS plugin when setting up a new VCS Root, which I did a few weeks ago.
Our Vault server is restarted every night.
When I click "Test Connection" in the "Edit VCS Root" page today I get
"Test connection failed in Proj1 :: Main :: BuildWithNoTests
Main {internal id=3}: Exception occurred while trying to connect to Vault server. See original message below:


Session is no longer valid.  Either the server restarted, or your session timed out.  You must login again to re-authenticate."

I didn't explicity login using the VCS plugin so don't know how to do so again. How do I force the Vault plugin to get a new session token from the Vault server?

Also can I configure this to happen say every day at 7am ?

Thanks

5 comments
Comment actions Permalink

Yesterday I changed the username & password to a different user & that connected OK and TC could get the code from Vault. Great. However today (given that the Vault server was rebooted overnight as usual) I get the same error. If I change the password to an invalid one and then the correct one it still gives the same error.

When I revert to the first user I used it looks like the plugin uses the cached (and therefore expired) token, giving the same error so I end up going round in circles.

How does anyone ever use a Vault server than has been restarted without creating a new Vault user each time?

0
Comment actions Permalink

Hi Dave,

What TeamCity and Vault versions do you use? Also please attach teamcity-server.log and teamcity-vcs.log files.
Why do you need to restart Vault server every night?

0
Comment actions Permalink

Hello, Dave.
Unfrotunatelly to reconnect to restarted Vault server you need to restart TeamCity at the moment.
There is no other ability to provide a new connection.
I have created an issue in our bug tracking system https://youtrack.jetbrains.com/issue/TW-40801.
Please vote for it.

0
Comment actions Permalink

Thanks for your responses.
I found a workaround which was to change the Vault session timeout to 60 mins. Once this was done the TeamCity Vault plugin would retrieve a fresh token as required and everything worked as required.
The one annoying thing is that I had to use a new Vault user as the users I had previously used (when the timeout was 7 days) still won't connect. I'm guessing the plugin caches the token until it has expired.
Dave

0
Comment actions Permalink

The workaround has stopped working with no changes having been made to Vault.
I now have to add a new Vault user to the plugin every morning (after the 2am Vault restart).

Is it possible to clear the session tokens that the plugin uses? I tried deleting the VCS credential files in C:\ProgramData\JetBrains\TeamCity\config\projects\My_Proj\vcsRoots but this didn't do any good. I need a way to force the plugin to get a new session token (I have tried restarting Team City).

Alternatively can I get the source code for the Vault plugin so that I can update it myself?

Thanks

0

Please sign in to leave a comment.