Reads authentication method from secret/method

Previously we used provider

Signed-off-by: Emily Casey <ecasey@vmware.com>
This commit is contained in:
Emily Casey
2020-06-23 10:44:29 -04:00
parent 02c0c59d4b
commit 5be10f2702
3 changed files with 24 additions and 19 deletions

View File

@@ -278,7 +278,7 @@ Any Provider:
| `spring.cloud.vault.uri` | `{secret/uri}`
| `spring.cloud.vault.namespace` | `{secret/namespace}`
Provider: `approle`
If `{secret/method}` is equal to `approle`:
| Property | Value
| -------- | ------------------
| `spring.cloud.vault.authentication` | `APPROLE`
@@ -287,7 +287,7 @@ Provider: `approle`
| `spring.cloud.vault.app-role.role` | `{secret/role}`
| `spring.cloud.vault.app-role.app-role-path` | `{secret/app-role-path}`
Provider: `cert`
If `{secret/method}` is equal to `cert`:
| Property | Value
| -------- | ------------------
| `spring.cloud.vault.authentication` | `CERT`
@@ -295,13 +295,13 @@ Provider: `cert`
| `spring.cloud.vault.ssl.key-store-password` | `{secret/key-store-password}`
| `spring.cloud.vault.ssl.cert-auth-path` | `{secret/cert-auth-path}`
Provider: `cubbyhole`
If `{secret/method}` is equal to `cubbyhole`:
| Property | Value
| -------- | ------------------
| `spring.cloud.vault.authentication` | `CUBBYHOLE`
| `spring.cloud.vault.token` | `{secret/token}`
Provider: `token`
If `{secret/method}` is equal to `token`:
| Property | Value
| -------- | ------------------
| `spring.cloud.vault.authentication` | `TOKEN`

View File

@@ -45,13 +45,13 @@ public final class VaultBindingsPropertiesProcessor implements BindingsPropertie
map.from("uri").to("spring.cloud.vault.uri");
map.from("namespace").to("spring.cloud.vault.namespace"); // vault enterprise feature
String provider = binding.getProvider();
if (provider == null) {
String method = binding.getSecret().get("method");
if (method == null) {
return;
}
String authentication = provider.toUpperCase();
properties.put("spring.cloud.vault.authentication", authentication);
switch (authentication) {
String authenticationMethod = method.toUpperCase();
properties.put("spring.cloud.vault.authentication", authenticationMethod);
switch (authenticationMethod) {
case "TOKEN":
case "CUBBYHOLE":
map.from("token").to("spring.cloud.vault.token");

View File

@@ -24,7 +24,6 @@ import org.springframework.cloud.bindings.FluentMap;
import org.springframework.mock.env.MockEnvironment;
import java.nio.file.Paths;
import java.util.Collections;
import java.util.HashMap;
import static org.assertj.core.api.Assertions.assertThat;
@@ -39,21 +38,24 @@ final class VaultPropertiesProcessorTest {
.withEntry("namespace", "test-namespace");
}
private FluentMap baseMetadata() {
private FluentMap metadata() {
return new FluentMap()
.withEntry("kind", KIND);
}
private final Binding tokenBinding = new Binding(
"test-name", Paths.get("test-path"),
baseMetadata().withEntry("provider", "token"),
baseSecret().withEntry("token", "test-token")
metadata(),
baseSecret()
.withEntry("method", "token")
.withEntry("token", "test-token")
);
private final Binding appRoleBinding = new Binding(
"test-name", Paths.get("test-path"),
baseMetadata().withEntry("provider", "approle"),
metadata(),
baseSecret()
.withEntry("method", "approle")
.withEntry("role-id", "test-role-id")
.withEntry("secret-id", "test-secret-id")
.withEntry("role", "test-role")
@@ -62,14 +64,17 @@ final class VaultPropertiesProcessorTest {
private final Binding cubbyholeBinding = new Binding(
"test-name", Paths.get("test-path"),
baseMetadata().withEntry("provider", "cubbyhole"),
baseSecret().withEntry("token", "test-token")
metadata(),
baseSecret()
.withEntry("method", "cubbyhole")
.withEntry("token", "test-token")
);
private final Binding certBinding = new Binding(
"test-name", Paths.get("test-path"),
baseMetadata().withEntry("provider", "cert"),
metadata(),
baseSecret()
.withEntry("method", "cert")
.withEntry("keystore.jks", "key store contents!")
.withEntry("key-store-password", "test-key-store-password")
.withEntry("cert-auth-path", "test-cert-auth-path")
@@ -129,12 +134,12 @@ final class VaultPropertiesProcessorTest {
}
@Test
@DisplayName("Handles missing provider")
@DisplayName("Doesn't fail when method is missing")
void testMissingProvider() {
new VaultBindingsPropertiesProcessor().process(environment, new Bindings(new Binding(
"test-name",
Paths.get("test-path"),
baseMetadata(),
metadata(),
baseSecret()
)), properties);
assertThat(properties)