Reads authentication method from secret/method
Previously we used provider Signed-off-by: Emily Casey <ecasey@vmware.com>
This commit is contained in:
@@ -278,7 +278,7 @@ Any Provider:
|
||||
| `spring.cloud.vault.uri` | `{secret/uri}`
|
||||
| `spring.cloud.vault.namespace` | `{secret/namespace}`
|
||||
|
||||
Provider: `approle`
|
||||
If `{secret/method}` is equal to `approle`:
|
||||
| Property | Value
|
||||
| -------- | ------------------
|
||||
| `spring.cloud.vault.authentication` | `APPROLE`
|
||||
@@ -287,7 +287,7 @@ Provider: `approle`
|
||||
| `spring.cloud.vault.app-role.role` | `{secret/role}`
|
||||
| `spring.cloud.vault.app-role.app-role-path` | `{secret/app-role-path}`
|
||||
|
||||
Provider: `cert`
|
||||
If `{secret/method}` is equal to `cert`:
|
||||
| Property | Value
|
||||
| -------- | ------------------
|
||||
| `spring.cloud.vault.authentication` | `CERT`
|
||||
@@ -295,13 +295,13 @@ Provider: `cert`
|
||||
| `spring.cloud.vault.ssl.key-store-password` | `{secret/key-store-password}`
|
||||
| `spring.cloud.vault.ssl.cert-auth-path` | `{secret/cert-auth-path}`
|
||||
|
||||
Provider: `cubbyhole`
|
||||
If `{secret/method}` is equal to `cubbyhole`:
|
||||
| Property | Value
|
||||
| -------- | ------------------
|
||||
| `spring.cloud.vault.authentication` | `CUBBYHOLE`
|
||||
| `spring.cloud.vault.token` | `{secret/token}`
|
||||
|
||||
Provider: `token`
|
||||
If `{secret/method}` is equal to `token`:
|
||||
| Property | Value
|
||||
| -------- | ------------------
|
||||
| `spring.cloud.vault.authentication` | `TOKEN`
|
||||
|
||||
@@ -45,13 +45,13 @@ public final class VaultBindingsPropertiesProcessor implements BindingsPropertie
|
||||
map.from("uri").to("spring.cloud.vault.uri");
|
||||
map.from("namespace").to("spring.cloud.vault.namespace"); // vault enterprise feature
|
||||
|
||||
String provider = binding.getProvider();
|
||||
if (provider == null) {
|
||||
String method = binding.getSecret().get("method");
|
||||
if (method == null) {
|
||||
return;
|
||||
}
|
||||
String authentication = provider.toUpperCase();
|
||||
properties.put("spring.cloud.vault.authentication", authentication);
|
||||
switch (authentication) {
|
||||
String authenticationMethod = method.toUpperCase();
|
||||
properties.put("spring.cloud.vault.authentication", authenticationMethod);
|
||||
switch (authenticationMethod) {
|
||||
case "TOKEN":
|
||||
case "CUBBYHOLE":
|
||||
map.from("token").to("spring.cloud.vault.token");
|
||||
|
||||
@@ -24,7 +24,6 @@ import org.springframework.cloud.bindings.FluentMap;
|
||||
import org.springframework.mock.env.MockEnvironment;
|
||||
|
||||
import java.nio.file.Paths;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@@ -39,21 +38,24 @@ final class VaultPropertiesProcessorTest {
|
||||
.withEntry("namespace", "test-namespace");
|
||||
}
|
||||
|
||||
private FluentMap baseMetadata() {
|
||||
private FluentMap metadata() {
|
||||
return new FluentMap()
|
||||
.withEntry("kind", KIND);
|
||||
}
|
||||
|
||||
private final Binding tokenBinding = new Binding(
|
||||
"test-name", Paths.get("test-path"),
|
||||
baseMetadata().withEntry("provider", "token"),
|
||||
baseSecret().withEntry("token", "test-token")
|
||||
metadata(),
|
||||
baseSecret()
|
||||
.withEntry("method", "token")
|
||||
.withEntry("token", "test-token")
|
||||
);
|
||||
|
||||
private final Binding appRoleBinding = new Binding(
|
||||
"test-name", Paths.get("test-path"),
|
||||
baseMetadata().withEntry("provider", "approle"),
|
||||
metadata(),
|
||||
baseSecret()
|
||||
.withEntry("method", "approle")
|
||||
.withEntry("role-id", "test-role-id")
|
||||
.withEntry("secret-id", "test-secret-id")
|
||||
.withEntry("role", "test-role")
|
||||
@@ -62,14 +64,17 @@ final class VaultPropertiesProcessorTest {
|
||||
|
||||
private final Binding cubbyholeBinding = new Binding(
|
||||
"test-name", Paths.get("test-path"),
|
||||
baseMetadata().withEntry("provider", "cubbyhole"),
|
||||
baseSecret().withEntry("token", "test-token")
|
||||
metadata(),
|
||||
baseSecret()
|
||||
.withEntry("method", "cubbyhole")
|
||||
.withEntry("token", "test-token")
|
||||
);
|
||||
|
||||
private final Binding certBinding = new Binding(
|
||||
"test-name", Paths.get("test-path"),
|
||||
baseMetadata().withEntry("provider", "cert"),
|
||||
metadata(),
|
||||
baseSecret()
|
||||
.withEntry("method", "cert")
|
||||
.withEntry("keystore.jks", "key store contents!")
|
||||
.withEntry("key-store-password", "test-key-store-password")
|
||||
.withEntry("cert-auth-path", "test-cert-auth-path")
|
||||
@@ -129,12 +134,12 @@ final class VaultPropertiesProcessorTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("Handles missing provider")
|
||||
@DisplayName("Doesn't fail when method is missing")
|
||||
void testMissingProvider() {
|
||||
new VaultBindingsPropertiesProcessor().process(environment, new Bindings(new Binding(
|
||||
"test-name",
|
||||
Paths.get("test-path"),
|
||||
baseMetadata(),
|
||||
metadata(),
|
||||
baseSecret()
|
||||
)), properties);
|
||||
assertThat(properties)
|
||||
|
||||
Reference in New Issue
Block a user