Commit Graph

106 Commits

Author SHA1 Message Date
Spring Buildmaster
cc8fbadbe0 [artifactory-release] Release version 1.0.0.RELEASE
See gh-72.
2017-04-10 08:20:59 +00:00
Mark Paluch
bc766e7377 Prepare release.
See gh-72.
2017-04-10 10:14:26 +02:00
Mark Paluch
16f9994955 Fix AWS code sample in project sample. 2017-04-09 19:21:05 +02:00
Mark Paluch
c0150cf608 Explain current generic secret backend lease behavior in documentation.
See gh-68.
2017-04-07 17:38:51 +02:00
Mark Paluch
a9c2cf72f8 Provide session context to Vault sealing.
We now call /sys/seal with a token again. The session context got lost due to refactoring from VaultClient to RestTemplate use.

Closes gh-70.
2017-04-07 09:07:48 +02:00
Mark Paluch
9c14c4536a Exclude null-valued properties from Vault PropertySources.
We now remove null-valued properties when transforming properties to their PropertySource representation. Vault can reply with null-valued properties that causes NullPointerException with the ConcurrentHashMap implementations.

Closes gh-69.
2017-04-05 19:32:34 +02:00
Mark Paluch
b6d0b04b18 Polishing.
Replace static imports with qualified use. Add author tags. Add copyright header. Simplify code. Simplify JavaDoc documentation. Rename test class and methods to align with project style.

Original pull request: #64.
2017-03-31 12:22:30 +02:00
Pierre-Jean Vardanega
ba135817fa Allow to create RequestedSecret from mode and path.
Original pull request: #64.
2017-03-31 12:16:08 +02:00
Mark Paluch
8b929011d9 Upgrade to Vault 0.7.
Closes gh-66.
2017-03-31 12:08:50 +02:00
Mark Paluch
1989036d0c Polishing.
Remove Spring 5 buildprofile from TravisCI build because of incompatible breaking changes in optional module support.

See gh-65.
2017-03-30 11:09:12 +02:00
Mark Paluch
b9597c2751 Update to Spring-Next build profile to 4.3.8.
Closes gh-65.
2017-03-30 11:08:15 +02:00
Mark Paluch
1512558958 Add defensive check for empty repository key 2017-03-24 11:04:42 +01:00
Mark Paluch
af61d4de46 Improve discovery and error messages in create_certificates.sh.
Print error message if openssl/keytool cannot be found.

Fixes gh-62.
2017-03-18 17:40:50 +01:00
Mark Paluch
04eb02554e Update site.
* Update supported authentication mechanisms
* Add link to examples repo
* Add VaultPropertySource sample

See gh-60.
2017-03-16 13:58:41 +01:00
Mark Paluch
30ce9667c7 [maven-release-plugin] prepare for next development iteration 2017-03-16 13:09:31 +01:00
Mark Paluch
90250d466e [maven-release-plugin] prepare release 1.0.0.RC1 2017-03-16 13:09:31 +01:00
Mark Paluch
3ac06ad0c4 Prepare release.
Update changelog. Update repository to milestone repo in spring-vault-dependencies.

See gh-60.
2017-03-16 13:08:25 +01:00
Mark Paluch
b0d6350b31 Upgrade dependencies.
httpclient 4.5.2 -> 4.5.3
httpcore 4.4.5 -> 4.4.6
netty 4.1.6.Final -> 4.1.8.Final
OkHttp3 3.5.0 ->3.6.0
Jackson 2.8.2 -> 2.8.7

Closes gh-61.
2017-03-16 12:58:39 +01:00
Mark Paluch
d3d44601a9 Polishing.
Use org.mockito.junit.MockitoJUnitRunner instead of the deprecated org.mockito.runners.MockitoJUnitRunner.
2017-03-16 12:20:41 +01:00
Mark Paluch
6875da1a75 Polishing.
Reformar code.
2017-03-16 12:19:25 +01:00
Mark Paluch
20fda62937 Use TaskScheduler in LifecycleAwareSessionManager.
We now accept TaskScheduler in LifecycleAwareSessionManager to schedule session refresh tasks. Previously, LifecycleAwareSessionManager used AsyncTaskExecutor with Thread.sleep(…) to delay execution. Thread.sleep blocks a thread exclusively which is an inefficient resource usage.

Closes gh-59.
2017-03-16 12:17:27 +01:00
Mark Paluch
33c80aea74 Polishing.
Polish JavaDoc wording. Add tests. Prevent lease revocation for secrets without an associated lease.

See gh-50.
2017-03-09 14:56:04 +02:00
Mark Paluch
d8d85e1a67 Polishing.
Align wording in JavaDoc. Provide package-level JavaDoc.
2017-03-08 21:41:03 +01:00
Mark Paluch
51c6a81c25 Add LeaseAwareVaultPropertySource.
We now provide a Lease-aware PropertySource to renew and rotate secrets requested by that PropertySource. Lease renewal is applied per property source to control individual secrets with individual lease durations. A terminal expired lease can be either rotated to obtain new credentials. A non-rotated secret that terminally expires is removed from the property source. LeaseAwareVaultPropertySource is updated by SecretLeaseContainer on a background thread.

Components created with properties retrieved from LeaseAwareVaultPropertySource are not refreshed upon secret rotation.

@VaultPropertySource(value = "aws/creds/s3", renewal = Renewal.ROTATE)
public class Config {
}

@VaultPropertySource(value = "mysql/creds/my-role", renewal = Renewal.RENEW)
public class Config {
}

Closes gh-50.
2017-03-08 21:41:00 +01:00
Mark Paluch
81ade23b8c Add SecretLeaseContainer to renew leases and rotate secrets.
We now provide an event-driven container to request secrets with renewal and rotation on terminal lease expiration.

See gh-50.
2017-03-08 21:18:34 +01:00
Mark Paluch
f8a4e3a4fd Add EnvironmentVaultConfiguration.
Provide a EnvironmentVaultConfiguration for common configuration scenarios to obtain configuration from Spring's Environment. EnvironmentVaultConfiguration supports various authentication mechanisms: Token, AppId, AppRole, AWS EC2, Client-Certificates, and Cubbyhole.

Java-based configuration class:

  @PropertySource("vault.properties")
  @Import(EnvironmentVaultConfiguration.class)
  public class MyConfiguration{
  }

vault.properties

  vault.uri=https://localhost:8200
  vault.token=…

Closes gh-30.
2017-03-02 11:58:44 +01:00
Mark Paluch
64e3f577e6 Upgrade to Spring Framework 4.3.7.
Closes gh-58.
2017-03-02 09:32:54 +01:00
Mark Paluch
7101a38ace Cleanup transit keys after test run.
Remove transit keys before/after testrun to leave a clean state.

See gh-53.
2017-02-20 11:30:31 -05:00
Mark Paluch
d3491dd712 Configure RestTemplate with required HttpMessageConverters.
VaultClients.createRestTemplate() creates a RestTemplate that is configured with ByteArray, String and Jackson 2 message converters to avoid additional message converters to be registered, if they were on available on the classpath.

Fixes gh-47.
2017-02-16 16:23:52 +01:00
Mark Paluch
c9bde5a15f Allow listing transit keys.
VaultTransitOperations exposes now getKeys() to retrieve transit key names.

Closes gh-53.
2017-02-16 16:00:16 +01:00
Mark Paluch
feb12c517c Provide an empty VaultTransitContext.
Provide VaultTransitContext.empty() to create an empty VaultTransitContext for encryption/decryption of binary plaintext without requiring to use VaultTransitContext builder.

Closes gh-54.
2017-02-16 15:42:50 +01:00
Mark Paluch
5078a4c133 Remove VaultClient in favor of RestOperations.
Remove VaultClient from VaultTemplate and switch implementations to use RestOperations directly. VaultClient provided an additional abstraction level over RestTemplate with a large API surface adding only little value.

Implementations work directly with RestOperations. Relative URI expansion is handled by DefaultUriTemplateHandler configured with the VaultEndpoint base URI.

Closes gh-49.

Original pull request: gh-57.
2017-02-16 14:34:21 +01:00
Mark Paluch
b1e28c4dae Upgrade LibSSL on TravisCI.
Fixes gh-56.
2017-02-08 08:51:42 +01:00
Mark Paluch
648762d41a Enable Vault output in start.sh. 2017-02-08 08:38:16 +01:00
Mark Paluch
cf0852308e Upgrade to Vault 0.6.5.
Closes gh-55.
2017-02-08 08:34:15 +01:00
Mark Paluch
746fceee0f Polishing.
SPR-14744 was resolved so the netty test can be enabled again.
2017-02-05 17:11:14 +01:00
Mark Paluch
d3af1d49ce Support JVM proxy settings using Apache HttpComponents.
Closes gh-52.
2017-02-05 17:09:22 +01:00
Mark Paluch
f8409e2f80 Support property prefixes with VaultPropertySource.
We now support optional prefixing of property names. Property names coming from Vault are exposed with a prefixed name through VaultPropertySource.

@VaultPropertySource(value = "mysql/creds/readonly", propertyNamePrefix = "database.")
static class Configuration{}

will expose all keys under "mysql/creds/readonly" prefixed with "database." that lead properties known as "database.username" and "database.password".

Closes gh-48.
2017-02-02 17:16:58 +01:00
Mark Paluch
6a98ab9d5a Upgrade to Spring Framework 4.3.6.
Closes gh-46.
2017-01-25 16:56:52 +01:00
Mark Paluch
d0b09912ab Post-release cleanups.
Fixes gh-45.
2017-01-17 10:46:24 +01:00
Mark Paluch
bd91e94ebc [maven-release-plugin] prepare for next development iteration 2017-01-17 10:39:58 +01:00
Mark Paluch
d9ee8d0eb5 [maven-release-plugin] prepare release 1.0.0.M2 2017-01-17 10:39:52 +01:00
Mark Paluch
18f8318014 Polishing.
Add OkHttp3 to reference documentation. Add java hint to code fences.

See gh-45.
2017-01-17 10:34:50 +01:00
Mark Paluch
a114fa244d Prepare release.
See gh-45.
2017-01-17 10:25:00 +01:00
Mark Paluch
53416a19bb Upgrade test dependencies.
Mockito 2.1.0-RC.1 -> 2.6.2
AssertJ 3.5.2 -> 3.6.1

Fixes gh-44.
2017-01-13 16:59:24 +01:00
Mark Paluch
2799fbc115 Upgrade to OkHttp 3.5.0.
Fixes gh-43.
2017-01-10 15:57:21 +01:00
Mark Paluch
50a9aa7d76 Upgrade to Vault 0.6.4
Fixes gh-42.
2017-01-02 12:09:01 +01:00
Mark Paluch
94c416c3a7 Upgrade to Spring 4.3.5.
Fixes gh-41.
2017-01-02 12:07:15 +01:00
Mark Paluch
587394aa97 Polishing.
Enhance JavaDoc.

See gh-40.
2016-12-15 10:48:11 +01:00
Mark Paluch
c387aec23e Flatten hierarchical JSON objects into property paths.
Hierarchical JSON data stored in Vault is flattened to property paths with dot-notation.

  {
    "database": {
      "password": ...
    },
    "items": ["one", "two"],
    "user.name": ...,
  }

results in

  database.password=...
  items[0]=one
  items[1]=two
  user.name=...

Fixes gh-40.
2016-12-15 10:36:19 +01:00