From 5be10f27020ae722bf72cdce63d3fe6ab4eaa75f Mon Sep 17 00:00:00 2001 From: Emily Casey Date: Tue, 23 Jun 2020 10:44:29 -0400 Subject: [PATCH] Reads authentication method from secret/method Previously we used provider Signed-off-by: Emily Casey --- README.md | 8 +++--- .../VaultBindingsPropertiesProcessor.java | 10 ++++---- .../boot/VaultPropertiesProcessorTest.java | 25 +++++++++++-------- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 1863f30..1973994 100644 --- a/README.md +++ b/README.md @@ -278,7 +278,7 @@ Any Provider: | `spring.cloud.vault.uri` | `{secret/uri}` | `spring.cloud.vault.namespace` | `{secret/namespace}` -Provider: `approle` +If `{secret/method}` is equal to `approle`: | Property | Value | -------- | ------------------ | `spring.cloud.vault.authentication` | `APPROLE` @@ -287,7 +287,7 @@ Provider: `approle` | `spring.cloud.vault.app-role.role` | `{secret/role}` | `spring.cloud.vault.app-role.app-role-path` | `{secret/app-role-path}` -Provider: `cert` +If `{secret/method}` is equal to `cert`: | Property | Value | -------- | ------------------ | `spring.cloud.vault.authentication` | `CERT` @@ -295,13 +295,13 @@ Provider: `cert` | `spring.cloud.vault.ssl.key-store-password` | `{secret/key-store-password}` | `spring.cloud.vault.ssl.cert-auth-path` | `{secret/cert-auth-path}` -Provider: `cubbyhole` +If `{secret/method}` is equal to `cubbyhole`: | Property | Value | -------- | ------------------ | `spring.cloud.vault.authentication` | `CUBBYHOLE` | `spring.cloud.vault.token` | `{secret/token}` -Provider: `token` +If `{secret/method}` is equal to `token`: | Property | Value | -------- | ------------------ | `spring.cloud.vault.authentication` | `TOKEN` diff --git a/src/main/java/org/springframework/cloud/bindings/boot/VaultBindingsPropertiesProcessor.java b/src/main/java/org/springframework/cloud/bindings/boot/VaultBindingsPropertiesProcessor.java index 6a25318..bf94e17 100644 --- a/src/main/java/org/springframework/cloud/bindings/boot/VaultBindingsPropertiesProcessor.java +++ b/src/main/java/org/springframework/cloud/bindings/boot/VaultBindingsPropertiesProcessor.java @@ -45,13 +45,13 @@ public final class VaultBindingsPropertiesProcessor implements BindingsPropertie map.from("uri").to("spring.cloud.vault.uri"); map.from("namespace").to("spring.cloud.vault.namespace"); // vault enterprise feature - String provider = binding.getProvider(); - if (provider == null) { + String method = binding.getSecret().get("method"); + if (method == null) { return; } - String authentication = provider.toUpperCase(); - properties.put("spring.cloud.vault.authentication", authentication); - switch (authentication) { + String authenticationMethod = method.toUpperCase(); + properties.put("spring.cloud.vault.authentication", authenticationMethod); + switch (authenticationMethod) { case "TOKEN": case "CUBBYHOLE": map.from("token").to("spring.cloud.vault.token"); diff --git a/src/test/java/org/springframework/cloud/bindings/boot/VaultPropertiesProcessorTest.java b/src/test/java/org/springframework/cloud/bindings/boot/VaultPropertiesProcessorTest.java index e957acf..9b80426 100644 --- a/src/test/java/org/springframework/cloud/bindings/boot/VaultPropertiesProcessorTest.java +++ b/src/test/java/org/springframework/cloud/bindings/boot/VaultPropertiesProcessorTest.java @@ -24,7 +24,6 @@ import org.springframework.cloud.bindings.FluentMap; import org.springframework.mock.env.MockEnvironment; import java.nio.file.Paths; -import java.util.Collections; import java.util.HashMap; import static org.assertj.core.api.Assertions.assertThat; @@ -39,21 +38,24 @@ final class VaultPropertiesProcessorTest { .withEntry("namespace", "test-namespace"); } - private FluentMap baseMetadata() { + private FluentMap metadata() { return new FluentMap() .withEntry("kind", KIND); } private final Binding tokenBinding = new Binding( "test-name", Paths.get("test-path"), - baseMetadata().withEntry("provider", "token"), - baseSecret().withEntry("token", "test-token") + metadata(), + baseSecret() + .withEntry("method", "token") + .withEntry("token", "test-token") ); private final Binding appRoleBinding = new Binding( "test-name", Paths.get("test-path"), - baseMetadata().withEntry("provider", "approle"), + metadata(), baseSecret() + .withEntry("method", "approle") .withEntry("role-id", "test-role-id") .withEntry("secret-id", "test-secret-id") .withEntry("role", "test-role") @@ -62,14 +64,17 @@ final class VaultPropertiesProcessorTest { private final Binding cubbyholeBinding = new Binding( "test-name", Paths.get("test-path"), - baseMetadata().withEntry("provider", "cubbyhole"), - baseSecret().withEntry("token", "test-token") + metadata(), + baseSecret() + .withEntry("method", "cubbyhole") + .withEntry("token", "test-token") ); private final Binding certBinding = new Binding( "test-name", Paths.get("test-path"), - baseMetadata().withEntry("provider", "cert"), + metadata(), baseSecret() + .withEntry("method", "cert") .withEntry("keystore.jks", "key store contents!") .withEntry("key-store-password", "test-key-store-password") .withEntry("cert-auth-path", "test-cert-auth-path") @@ -129,12 +134,12 @@ final class VaultPropertiesProcessorTest { } @Test - @DisplayName("Handles missing provider") + @DisplayName("Doesn't fail when method is missing") void testMissingProvider() { new VaultBindingsPropertiesProcessor().process(environment, new Bindings(new Binding( "test-name", Paths.get("test-path"), - baseMetadata(), + metadata(), baseSecret() )), properties); assertThat(properties)