How to generate new session token when connecting to Vault

This is my first time using TC so if I am missing something obvious please let me know.

I am using the "Vault (experimental)" VCS plugin when setting up a new VCS Root, which I did a few weeks ago.
Our Vault server is restarted every night.
When I click "Test Connection" in the "Edit VCS Root" page today I get
"Test connection failed in Proj1 :: Main :: BuildWithNoTests
Main {internal id=3}: Exception occurred while trying to connect to Vault server. See original message below:

Session is no longer valid.  Either the server restarted, or your session timed out.  You must login again to re-authenticate."

I didn't explicity login using the VCS plugin so don't know how to do so again. How do I force the Vault plugin to get a new session token from the Vault server?

Also can I configure this to happen say every day at 7am ?


Comment actions Permalink

Yesterday I changed the username & password to a different user & that connected OK and TC could get the code from Vault. Great. However today (given that the Vault server was rebooted overnight as usual) I get the same error. If I change the password to an invalid one and then the correct one it still gives the same error.

When I revert to the first user I used it looks like the plugin uses the cached (and therefore expired) token, giving the same error so I end up going round in circles.

How does anyone ever use a Vault server than has been restarted without creating a new Vault user each time?

Comment actions Permalink

Hi Dave,

What TeamCity and Vault versions do you use? Also please attach teamcity-server.log and teamcity-vcs.log files.
Why do you need to restart Vault server every night?

Comment actions Permalink

Hello, Dave.
Unfrotunatelly to reconnect to restarted Vault server you need to restart TeamCity at the moment.
There is no other ability to provide a new connection.
I have created an issue in our bug tracking system
Please vote for it.

Comment actions Permalink

Thanks for your responses.
I found a workaround which was to change the Vault session timeout to 60 mins. Once this was done the TeamCity Vault plugin would retrieve a fresh token as required and everything worked as required.
The one annoying thing is that I had to use a new Vault user as the users I had previously used (when the timeout was 7 days) still won't connect. I'm guessing the plugin caches the token until it has expired.

Comment actions Permalink

The workaround has stopped working with no changes having been made to Vault.
I now have to add a new Vault user to the plugin every morning (after the 2am Vault restart).

Is it possible to clear the session tokens that the plugin uses? I tried deleting the VCS credential files in C:\ProgramData\JetBrains\TeamCity\config\projects\My_Proj\vcsRoots but this didn't do any good. I need a way to force the plugin to get a new session token (I have tried restarting Team City).

Alternatively can I get the source code for the Vault plugin so that I can update it myself?



Please sign in to leave a comment.