Bumping versions
This commit is contained in:
@@ -39,7 +39,7 @@ public class VaultConfigAwsBootstrapConfigurationUnitTests {
|
||||
properties.setRole("readonly");
|
||||
|
||||
SecretBackendMetadataFactory<VaultAwsProperties> factory = new VaultConfigAwsBootstrapConfiguration()
|
||||
.awsSecretBackendMetadataFactory();
|
||||
.awsSecretBackendMetadataFactory();
|
||||
|
||||
SecretBackendMetadata metadata = factory.createMetadata(properties);
|
||||
|
||||
@@ -55,7 +55,7 @@ public class VaultConfigAwsBootstrapConfigurationUnitTests {
|
||||
properties.setRole("readonly");
|
||||
|
||||
SecretBackendMetadataFactory<VaultAwsProperties> factory = new VaultConfigAwsBootstrapConfiguration()
|
||||
.awsSecretBackendMetadataFactory();
|
||||
.awsSecretBackendMetadataFactory();
|
||||
|
||||
SecretBackendMetadata metadata = factory.createMetadata(properties);
|
||||
|
||||
@@ -73,7 +73,7 @@ public class VaultConfigAwsBootstrapConfigurationUnitTests {
|
||||
properties.setRole("readonly");
|
||||
|
||||
SecretBackendMetadataFactory<VaultAwsProperties> factory = new VaultConfigAwsBootstrapConfiguration()
|
||||
.awsSecretBackendMetadataFactory();
|
||||
.awsSecretBackendMetadataFactory();
|
||||
|
||||
SecretBackendMetadata metadata = factory.createMetadata(properties);
|
||||
|
||||
|
||||
@@ -70,8 +70,9 @@ public class VaultConfigConsulConfigDataTests extends IntegrationTestSupport {
|
||||
role.put("max_ttl", "3s");
|
||||
vaultOperations.write(String.format("%s/roles/%s", "consul", "short-readonly"), role);
|
||||
|
||||
this.vaultRule.prepare().getVaultOperations().write("secret/VaultConfigConsulConfigDataTests",
|
||||
Collections.singletonMap("default-key", "default"));
|
||||
this.vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/VaultConfigConsulConfigDataTests", Collections.singletonMap("default-key", "default"));
|
||||
|
||||
SpringApplication application = new SpringApplication(VaultConfigConsulConfigDataTests.Config.class);
|
||||
application.setWebApplicationType(WebApplicationType.NONE);
|
||||
|
||||
@@ -94,7 +94,7 @@ public class CouchbaseSecretIntegrationTests extends IntegrationTestSupport {
|
||||
public void shouldCreateCredentialsCorrectly() {
|
||||
|
||||
Map<String, Object> secretProperties = this.configOperations.read(forDatabase(this.couchbaseProperties))
|
||||
.getData();
|
||||
.getData();
|
||||
|
||||
assertThat(secretProperties).containsKeys("spring.couchbase.username", "spring.couchbase.password");
|
||||
}
|
||||
|
||||
@@ -50,7 +50,7 @@ public class MongoSecretIntegrationTests extends IntegrationTestSupport {
|
||||
private static final String MONGODB_HOST = "localhost";
|
||||
|
||||
private static final String ROOT_CREDENTIALS = String
|
||||
.format("mongodb://springvault:springvault@%s:%d/admin?ssl=false", MONGODB_HOST, MONGODB_PORT);
|
||||
.format("mongodb://springvault:springvault@%s:%d/admin?ssl=false", MONGODB_HOST, MONGODB_PORT);
|
||||
|
||||
private static final String ROLES = "[ \"readWrite\", { \"role\": \"read\", \"db\": \"admin\" } ]";
|
||||
|
||||
|
||||
@@ -49,8 +49,8 @@ public class PostgreSqlSecretIntegrationTests extends IntegrationTestSupport {
|
||||
|
||||
private static final int POSTGRES_PORT = 5432;
|
||||
|
||||
private static final String CONNECTION_URL = String.format(
|
||||
"postgresql://springvault:springvault@%s:%d/postgres?sslmode=disable", POSTGRES_HOST, POSTGRES_PORT);
|
||||
private static final String CONNECTION_URL = String
|
||||
.format("postgresql://springvault:springvault@%s:%d/postgres?sslmode=disable", POSTGRES_HOST, POSTGRES_PORT);
|
||||
|
||||
private static final String CREATE_USER_AND_GRANT_SQL = "CREATE ROLE \"{{name}}\" WITH "
|
||||
+ "LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';\n"
|
||||
|
||||
@@ -113,9 +113,11 @@ public class VaultConfigCassandraTests {
|
||||
@Test
|
||||
public void shouldConnectUsingCassandraClient() {
|
||||
|
||||
try (CqlSession session = CqlSession.builder().withLocalDatacenter("dc1")
|
||||
.addContactPoint(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT))
|
||||
.withAuthCredentials(this.username, this.password).build()) {
|
||||
try (CqlSession session = CqlSession.builder()
|
||||
.withLocalDatacenter("dc1")
|
||||
.addContactPoint(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT))
|
||||
.withAuthCredentials(this.username, this.password)
|
||||
.build()) {
|
||||
assertThat(session.getMetadata().getKeyspace("system")).isNotEmpty();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -33,7 +33,7 @@ public class VaultConfigDatabaseBootstrapConfigurationUnitTests {
|
||||
public void shouldConsiderCredentialPath() {
|
||||
|
||||
VaultConfigDatabaseBootstrapConfiguration.DatabaseSecretBackendMetadataFactory factory = new VaultConfigDatabaseBootstrapConfiguration()
|
||||
.databaseSecretBackendMetadataFactory();
|
||||
.databaseSecretBackendMetadataFactory();
|
||||
|
||||
VaultDatabaseProperties properties = new VaultDatabaseProperties();
|
||||
properties.setStaticRole(true);
|
||||
|
||||
@@ -63,7 +63,7 @@ public class VaultConfigMongoTests {
|
||||
private static final String MONGODB_HOST = "localhost";
|
||||
|
||||
private static final String ROOT_CREDENTIALS = String
|
||||
.format("mongodb://springvault:springvault@%s:%d/admin?ssl=false", MONGODB_HOST, MONGODB_PORT);
|
||||
.format("mongodb://springvault:springvault@%s:%d/admin?ssl=false", MONGODB_HOST, MONGODB_PORT);
|
||||
|
||||
private static final String ROLES = "[ \"readWrite\", { \"role\": \"read\", \"db\": \"admin\" } ]";
|
||||
|
||||
|
||||
@@ -60,8 +60,8 @@ public class VaultConfigPostgreSqlTests {
|
||||
|
||||
private static final int POSTGRES_PORT = 5432;
|
||||
|
||||
private static final String CONNECTION_URL = String.format(
|
||||
"postgresql://springvault:springvault@%s:%d/postgres?sslmode=disable", POSTGRES_HOST, POSTGRES_PORT);
|
||||
private static final String CONNECTION_URL = String
|
||||
.format("postgresql://springvault:springvault@%s:%d/postgres?sslmode=disable", POSTGRES_HOST, POSTGRES_PORT);
|
||||
|
||||
private static final String CREATE_USER_AND_GRANT_SQL = "CREATE ROLE \"{{name}}\" WITH "
|
||||
+ "LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';\n"
|
||||
|
||||
@@ -90,7 +90,7 @@ class ClientAuthenticationFactory {
|
||||
ClientAuthenticationFactory.class.getClassLoader());
|
||||
|
||||
private static final boolean googleCredentialsPresent = ClassUtils
|
||||
.isPresent("com.google.auth.oauth2.GoogleCredentials", ClientAuthenticationFactory.class.getClassLoader());
|
||||
.isPresent("com.google.auth.oauth2.GoogleCredentials", ClientAuthenticationFactory.class.getClassLoader());
|
||||
|
||||
private final VaultProperties vaultProperties;
|
||||
|
||||
@@ -159,9 +159,10 @@ class ClientAuthenticationFactory {
|
||||
Assert.hasText(appId.getUserId(), "UserId (spring.cloud.vault.app-id.user-id) must not be empty");
|
||||
|
||||
AppIdAuthenticationOptions authenticationOptions = AppIdAuthenticationOptions.builder()
|
||||
.appId(vaultProperties.getApplicationName()) //
|
||||
.path(appId.getAppIdPath()) //
|
||||
.userIdMechanism(getAppIdMechanism(appId)).build();
|
||||
.appId(vaultProperties.getApplicationName()) //
|
||||
.path(appId.getAppIdPath()) //
|
||||
.userIdMechanism(getAppIdMechanism(appId))
|
||||
.build();
|
||||
|
||||
return new AppIdAuthentication(authenticationOptions, this.restOperations);
|
||||
}
|
||||
@@ -209,7 +210,7 @@ class ClientAuthenticationFactory {
|
||||
AppRoleProperties appRole = vaultProperties.getAppRole();
|
||||
|
||||
AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder()
|
||||
.path(appRole.getAppRolePath());
|
||||
.path(appRole.getAppRolePath());
|
||||
|
||||
if (StringUtils.hasText(appRole.getRole())) {
|
||||
builder.appRole(appRole.getRole());
|
||||
@@ -265,11 +266,12 @@ class ClientAuthenticationFactory {
|
||||
Nonce nonce = StringUtils.hasText(awsEc2.getNonce()) ? Nonce.provided(awsEc2.getNonce().toCharArray())
|
||||
: Nonce.generated();
|
||||
|
||||
AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions.builder().role(awsEc2.getRole()) //
|
||||
.path(awsEc2.getAwsEc2Path()) //
|
||||
.nonce(nonce) //
|
||||
.identityDocumentUri(awsEc2.getIdentityDocument()) //
|
||||
.build();
|
||||
AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions.builder()
|
||||
.role(awsEc2.getRole()) //
|
||||
.path(awsEc2.getAwsEc2Path()) //
|
||||
.nonce(nonce) //
|
||||
.identityDocumentUri(awsEc2.getIdentityDocument()) //
|
||||
.build();
|
||||
|
||||
return new AwsEc2Authentication(authenticationOptions, this.restOperations, this.externalRestOperations);
|
||||
}
|
||||
@@ -298,7 +300,7 @@ class ClientAuthenticationFactory {
|
||||
}
|
||||
|
||||
builder.path(awsIam.getAwsPath()) //
|
||||
.credentialsProvider(credentialsProvider);
|
||||
.credentialsProvider(credentialsProvider);
|
||||
|
||||
AwsIamAuthenticationOptions options = builder.credentialsProvider(credentialsProvider).build();
|
||||
|
||||
@@ -312,10 +314,11 @@ class ClientAuthenticationFactory {
|
||||
Assert.hasText(azureMsi.getRole(), "Azure role (spring.cloud.vault.azure-msi.role) must not be empty");
|
||||
|
||||
AzureMsiAuthenticationOptions options = AzureMsiAuthenticationOptions.builder() //
|
||||
.role(azureMsi.getRole()).path(azureMsi.getAzurePath()) //
|
||||
.instanceMetadataUri(azureMsi.getMetadataService()) //
|
||||
.identityTokenServiceUri(azureMsi.getIdentityTokenService()) //
|
||||
.build();
|
||||
.role(azureMsi.getRole())
|
||||
.path(azureMsi.getAzurePath()) //
|
||||
.instanceMetadataUri(azureMsi.getMetadataService()) //
|
||||
.identityTokenServiceUri(azureMsi.getIdentityTokenService()) //
|
||||
.build();
|
||||
|
||||
return new AzureMsiAuthentication(options, this.restOperations, this.externalRestOperations);
|
||||
}
|
||||
@@ -326,9 +329,9 @@ class ClientAuthenticationFactory {
|
||||
"Initial Token (spring.cloud.vault.token) for Cubbyhole authentication must not be empty");
|
||||
|
||||
CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
|
||||
.wrapped() //
|
||||
.initialToken(VaultToken.of(this.vaultProperties.getToken())) //
|
||||
.build();
|
||||
.wrapped() //
|
||||
.initialToken(VaultToken.of(this.vaultProperties.getToken())) //
|
||||
.build();
|
||||
|
||||
return new CubbyholeAuthentication(options, this.restOperations);
|
||||
}
|
||||
@@ -340,7 +343,8 @@ class ClientAuthenticationFactory {
|
||||
Assert.hasText(gcp.getRole(), "Role (spring.cloud.vault.gcp-gce.role) must not be empty");
|
||||
|
||||
GcpComputeAuthenticationOptionsBuilder builder = GcpComputeAuthenticationOptions.builder()
|
||||
.path(gcp.getGcpPath()).role(gcp.getRole());
|
||||
.path(gcp.getGcpPath())
|
||||
.role(gcp.getRole());
|
||||
|
||||
if (StringUtils.hasText(gcp.getServiceAccount())) {
|
||||
builder.serviceAccount(gcp.getServiceAccount());
|
||||
@@ -372,8 +376,10 @@ class ClientAuthenticationFactory {
|
||||
"Service account token file (spring.cloud.vault.kubernetes.service-account-token-file) must not be empty");
|
||||
|
||||
KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions.builder()
|
||||
.path(kubernetes.getKubernetesPath()).role(kubernetes.getRole())
|
||||
.jwtSupplier(new KubernetesServiceAccountTokenFile(kubernetes.getServiceAccountTokenFile())).build();
|
||||
.path(kubernetes.getKubernetesPath())
|
||||
.role(kubernetes.getRole())
|
||||
.jwtSupplier(new KubernetesServiceAccountTokenFile(kubernetes.getServiceAccountTokenFile()))
|
||||
.build();
|
||||
|
||||
return new KubernetesAuthentication(options, this.restOperations);
|
||||
}
|
||||
@@ -387,7 +393,8 @@ class ClientAuthenticationFactory {
|
||||
Assert.hasText(pcfProperties.getRole(), "Role (spring.cloud.vault.pcf.role) must not be empty");
|
||||
|
||||
PcfAuthenticationOptions.PcfAuthenticationOptionsBuilder builder = PcfAuthenticationOptions.builder()
|
||||
.role(pcfProperties.getRole()).path(pcfProperties.getPcfPath());
|
||||
.role(pcfProperties.getRole())
|
||||
.path(pcfProperties.getPcfPath());
|
||||
|
||||
if (pcfProperties.getInstanceCertificate() != null) {
|
||||
builder.instanceCertificate(new ResourceCredentialSupplier(pcfProperties.getInstanceCertificate()));
|
||||
@@ -403,7 +410,8 @@ class ClientAuthenticationFactory {
|
||||
private ClientAuthentication certificateAuthentication(VaultProperties vaultProperties) {
|
||||
|
||||
ClientCertificateAuthenticationOptions options = ClientCertificateAuthenticationOptions.builder()
|
||||
.path(vaultProperties.getSsl().getCertAuthPath()).build();
|
||||
.path(vaultProperties.getSsl().getCertAuthPath())
|
||||
.build();
|
||||
|
||||
return new ClientCertificateAuthentication(options, this.restOperations);
|
||||
}
|
||||
|
||||
@@ -49,8 +49,10 @@ final class GcpIamAuthenticationFactory {
|
||||
|
||||
Assert.hasText(gcp.getRole(), "Role (spring.cloud.vault.gcp-iam.role) must not be empty");
|
||||
|
||||
GcpIamAuthenticationOptionsBuilder builder = GcpIamAuthenticationOptions.builder().path(gcp.getGcpPath())
|
||||
.role(gcp.getRole()).jwtValidity(gcp.getJwtValidity());
|
||||
GcpIamAuthenticationOptionsBuilder builder = GcpIamAuthenticationOptions.builder()
|
||||
.path(gcp.getGcpPath())
|
||||
.role(gcp.getRole())
|
||||
.jwtValidity(gcp.getJwtValidity());
|
||||
|
||||
if (StringUtils.hasText(gcp.getProjectId())) {
|
||||
builder.projectId(gcp.getProjectId());
|
||||
@@ -76,8 +78,8 @@ final class GcpIamAuthenticationFactory {
|
||||
}
|
||||
|
||||
if (StringUtils.hasText(credentialProperties.getEncodedKey())) {
|
||||
return GoogleCredential.fromStream(
|
||||
new ByteArrayInputStream(Base64.getDecoder().decode(credentialProperties.getEncodedKey())));
|
||||
return GoogleCredential
|
||||
.fromStream(new ByteArrayInputStream(Base64.getDecoder().decode(credentialProperties.getEncodedKey())));
|
||||
}
|
||||
|
||||
return GoogleCredential.getApplicationDefault();
|
||||
|
||||
@@ -51,7 +51,9 @@ final class GcpIamCredentialsAuthenticationFactory {
|
||||
Assert.hasText(gcp.getRole(), "Role (spring.cloud.vault.gcp-iam.role) must not be empty");
|
||||
|
||||
GcpIamCredentialsAuthenticationOptionsBuilder builder = GcpIamCredentialsAuthenticationOptions.builder()
|
||||
.path(gcp.getGcpPath()).role(gcp.getRole()).jwtValidity(gcp.getJwtValidity());
|
||||
.path(gcp.getGcpPath())
|
||||
.role(gcp.getRole())
|
||||
.jwtValidity(gcp.getJwtValidity());
|
||||
|
||||
if (StringUtils.hasText(gcp.getServiceAccountId())) {
|
||||
builder.serviceAccountId(gcp.getServiceAccountId());
|
||||
@@ -73,8 +75,8 @@ final class GcpIamCredentialsAuthenticationFactory {
|
||||
}
|
||||
|
||||
if (StringUtils.hasText(credentialProperties.getEncodedKey())) {
|
||||
return GoogleCredentials.fromStream(
|
||||
new ByteArrayInputStream(Base64.getDecoder().decode(credentialProperties.getEncodedKey())));
|
||||
return GoogleCredentials
|
||||
.fromStream(new ByteArrayInputStream(Base64.getDecoder().decode(credentialProperties.getEncodedKey())));
|
||||
}
|
||||
|
||||
return GoogleCredentials.getApplicationDefault();
|
||||
|
||||
@@ -53,7 +53,7 @@ class PropertySourceLocatorConfigurationFactory {
|
||||
|
||||
if (this.configurers.isEmpty()) {
|
||||
secretBackendConfigurer.registerDefaultKeyValueSecretBackends(true)
|
||||
.registerDefaultDiscoveredSecretBackends(true);
|
||||
.registerDefaultDiscoveredSecretBackends(true);
|
||||
}
|
||||
else {
|
||||
|
||||
@@ -75,12 +75,12 @@ class PropertySourceLocatorConfigurationFactory {
|
||||
|
||||
for (String context : contexts) {
|
||||
secretBackendConfigurer
|
||||
.add(KeyValueSecretBackendMetadata.create(keyValueBackend.getBackend(), context));
|
||||
.add(KeyValueSecretBackendMetadata.create(keyValueBackend.getBackend(), context));
|
||||
}
|
||||
}
|
||||
|
||||
Collection<SecretBackendMetadata> backendAccessors = SecretBackendFactories
|
||||
.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
|
||||
.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
|
||||
|
||||
backendAccessors.forEach(secretBackendConfigurer::add);
|
||||
}
|
||||
@@ -88,7 +88,7 @@ class PropertySourceLocatorConfigurationFactory {
|
||||
if (secretBackendConfigurer.isRegisterDefaultDiscoveredSecretBackends()) {
|
||||
|
||||
Collection<SecretBackendMetadata> backendAccessors = SecretBackendFactories
|
||||
.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
|
||||
.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
|
||||
|
||||
backendAccessors.forEach(secretBackendConfigurer::add);
|
||||
}
|
||||
|
||||
@@ -81,13 +81,14 @@ public class VaultBootstrapPropertySourceConfiguration implements InitializingBe
|
||||
public void afterPropertiesSet() {
|
||||
|
||||
this.vaultSecretBackendDescriptors = this.applicationContext.getBeansOfType(VaultSecretBackendDescriptor.class)
|
||||
.values();
|
||||
.values();
|
||||
|
||||
this.vaultSecretBackendDescriptorFactories = this.applicationContext
|
||||
.getBeansOfType(VaultSecretBackendDescriptorFactory.class).values();
|
||||
.getBeansOfType(VaultSecretBackendDescriptorFactory.class)
|
||||
.values();
|
||||
|
||||
this.factories = (Collection) this.applicationContext.getBeansOfType(SecretBackendMetadataFactory.class)
|
||||
.values();
|
||||
.values();
|
||||
}
|
||||
|
||||
@Bean
|
||||
@@ -101,7 +102,7 @@ public class VaultBootstrapPropertySourceConfiguration implements InitializingBe
|
||||
VaultConfigTemplate vaultConfigTemplate = new VaultConfigTemplate(operations, vaultProperties);
|
||||
|
||||
Collection<VaultConfigurer> vaultConfigurers = this.applicationContext.getBeansOfType(VaultConfigurer.class)
|
||||
.values();
|
||||
.values();
|
||||
|
||||
List<VaultSecretBackendDescriptor> descriptors = new ArrayList<>(this.vaultSecretBackendDescriptors);
|
||||
this.vaultSecretBackendDescriptorFactories.forEach(it -> descriptors.addAll(it.create()));
|
||||
|
||||
@@ -150,7 +150,7 @@ public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocati
|
||||
|
||||
bootstrap.addCloseListener(event -> {
|
||||
((ApplicationEventPublisherAware) location.getSecretBackendMetadata())
|
||||
.setApplicationEventPublisher(event.getApplicationContext());
|
||||
.setApplicationEventPublisher(event.getApplicationContext());
|
||||
});
|
||||
}
|
||||
|
||||
@@ -502,7 +502,7 @@ public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocati
|
||||
registerIfAbsent(this.bootstrap, "clientAuthentication", ClientAuthentication.class, ctx -> {
|
||||
|
||||
ClientHttpRequestFactory factory = this.bootstrap.get(ClientFactoryWrapper.class)
|
||||
.getClientHttpRequestFactory();
|
||||
.getClientHttpRequestFactory();
|
||||
|
||||
RestTemplate externalRestTemplate = new RestTemplate(factory);
|
||||
|
||||
@@ -546,7 +546,7 @@ public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocati
|
||||
this.bootstrap = bootstrap;
|
||||
this.configuration = new VaultReactiveConfiguration(vaultProperties);
|
||||
this.endpointProvider = SimpleVaultEndpointProvider
|
||||
.of(new VaultConfiguration(vaultProperties).createVaultEndpoint());
|
||||
.of(new VaultConfiguration(vaultProperties).createVaultEndpoint());
|
||||
this.logFactory = logFactory;
|
||||
}
|
||||
|
||||
@@ -601,7 +601,7 @@ public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocati
|
||||
void registerSessionManager() {
|
||||
registerIfAbsent(this.bootstrap, "vaultSessionManager", SessionManager.class, ctx -> {
|
||||
SessionManager sessionManager = this.configuration
|
||||
.createSessionManager(ctx.get(ReactiveSessionManager.class));
|
||||
.createSessionManager(ctx.get(ReactiveSessionManager.class));
|
||||
reconfigureLogger(sessionManager, this.logFactory);
|
||||
return sessionManager;
|
||||
});
|
||||
|
||||
@@ -109,8 +109,9 @@ public class VaultConfigDataLocationResolver implements ConfigDataLocationResolv
|
||||
if (location.getValue().equals(VaultConfigLocation.VAULT_PREFIX)
|
||||
|| location.getValue().equals(VaultConfigLocation.VAULT_PREFIX + "//")) {
|
||||
List<SecretBackendMetadata> sorted = getSecretBackends(context, profiles);
|
||||
return sorted.stream().map(it -> new VaultConfigLocation(it, location.isOptional()))
|
||||
.collect(Collectors.toList());
|
||||
return sorted.stream()
|
||||
.map(it -> new VaultConfigLocation(it, location.isOptional()))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
String contextPath = location.getValue().substring(VaultConfigLocation.VAULT_PREFIX.length());
|
||||
@@ -139,11 +140,12 @@ public class VaultConfigDataLocationResolver implements ConfigDataLocationResolv
|
||||
|
||||
context.getBootstrapContext().registerIfAbsent(VaultProperties.class, ignore -> {
|
||||
|
||||
VaultProperties vaultProperties = context.getBinder().bindOrCreate(VaultProperties.PREFIX,
|
||||
VaultProperties.class);
|
||||
VaultProperties vaultProperties = context.getBinder()
|
||||
.bindOrCreate(VaultProperties.PREFIX, VaultProperties.class);
|
||||
|
||||
vaultProperties.setApplicationName(context.getBinder().bind("spring.application.name", String.class)
|
||||
.orElse(vaultProperties.getApplicationName()));
|
||||
vaultProperties.setApplicationName(context.getBinder()
|
||||
.bind("spring.application.name", String.class)
|
||||
.orElse(vaultProperties.getApplicationName()));
|
||||
|
||||
return vaultProperties;
|
||||
});
|
||||
@@ -187,15 +189,15 @@ public class VaultConfigDataLocationResolver implements ConfigDataLocationResolv
|
||||
Profiles profiles) {
|
||||
|
||||
VaultKeyValueBackendProperties kvProperties = context.getBinder()
|
||||
.bindOrCreate(VaultKeyValueBackendProperties.PREFIX, VaultKeyValueBackendProperties.class);
|
||||
.bindOrCreate(VaultKeyValueBackendProperties.PREFIX, VaultKeyValueBackendProperties.class);
|
||||
|
||||
Binder binder = context.getBinder();
|
||||
|
||||
kvProperties.setApplicationName(binder.bind("spring.cloud.vault.kv.application-name", String.class)
|
||||
.orElseGet(() -> binder.bind("spring.cloud.vault.application-name", String.class)
|
||||
.orElseGet(() -> binder.bind("spring.application.name", String.class).orElse(""))));
|
||||
.orElseGet(() -> binder.bind("spring.cloud.vault.application-name", String.class)
|
||||
.orElseGet(() -> binder.bind("spring.application.name", String.class).orElse(""))));
|
||||
kvProperties.setProfiles(binder.bind("spring.cloud.vault.kv.profiles", Bindable.listOf(String.class))
|
||||
.orElseGet(profiles::getActive));
|
||||
.orElseGet(profiles::getActive));
|
||||
|
||||
return kvProperties;
|
||||
}
|
||||
|
||||
@@ -156,8 +156,9 @@ final class VaultConfiguration {
|
||||
RestTemplateBuilder createRestTemplateBuilder(ClientHttpRequestFactory requestFactory,
|
||||
VaultEndpointProvider endpointProvider, List<RestTemplateCustomizer> customizers,
|
||||
List<RestTemplateRequestCustomizer<?>> requestCustomizers) {
|
||||
RestTemplateBuilder builder = RestTemplateBuilder.builder().requestFactory(requestFactory)
|
||||
.endpointProvider(endpointProvider);
|
||||
RestTemplateBuilder builder = RestTemplateBuilder.builder()
|
||||
.requestFactory(requestFactory)
|
||||
.endpointProvider(endpointProvider);
|
||||
|
||||
customizers.forEach(builder::customizers);
|
||||
requestCustomizers.forEach(builder::requestCustomizers);
|
||||
|
||||
@@ -44,7 +44,8 @@ public class VaultObservationAutoConfiguration {
|
||||
@ConditionalOnSingleCandidate(ObservationRegistry.class)
|
||||
public RestTemplateCustomizer observationVaultRestTemplateCustomizer(ObservationRegistry observationRegistry) {
|
||||
return restTemplate -> new ObservationRestTemplateCustomizer(observationRegistry,
|
||||
new DefaultClientRequestObservationConvention()).customize(restTemplate);
|
||||
new DefaultClientRequestObservationConvention())
|
||||
.customize(restTemplate);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -124,7 +124,7 @@ public class VaultReactiveAutoConfiguration implements InitializingBean {
|
||||
|
||||
if (this.reactiveEndpointProvider == null) {
|
||||
this.endpointProvider = endpointProvider.getIfAvailable(() -> SimpleVaultEndpointProvider
|
||||
.of(new VaultConfiguration(vaultProperties).createVaultEndpoint()));
|
||||
.of(new VaultConfiguration(vaultProperties).createVaultEndpoint()));
|
||||
}
|
||||
else {
|
||||
this.endpointProvider = null;
|
||||
|
||||
@@ -79,8 +79,9 @@ final class VaultReactiveConfiguration {
|
||||
WebClientBuilder createWebClientBuilder(ClientHttpConnector connector,
|
||||
ReactiveVaultEndpointProvider endpointProvider, List<WebClientCustomizer> customizers) {
|
||||
|
||||
WebClientBuilder builder = WebClientBuilder.builder().httpConnector(connector)
|
||||
.endpointProvider(endpointProvider);
|
||||
WebClientBuilder builder = WebClientBuilder.builder()
|
||||
.httpConnector(connector)
|
||||
.endpointProvider(endpointProvider);
|
||||
|
||||
return applyCustomizer(customizers, builder);
|
||||
}
|
||||
@@ -88,8 +89,9 @@ final class VaultReactiveConfiguration {
|
||||
WebClientBuilder createWebClientBuilder(ClientHttpConnector connector, VaultEndpointProvider endpointProvider,
|
||||
List<WebClientCustomizer> customizers) {
|
||||
|
||||
WebClientBuilder builder = WebClientBuilder.builder().httpConnector(connector)
|
||||
.endpointProvider(endpointProvider);
|
||||
WebClientBuilder builder = WebClientBuilder.builder()
|
||||
.httpConnector(connector)
|
||||
.endpointProvider(endpointProvider);
|
||||
|
||||
return applyCustomizer(customizers, builder);
|
||||
}
|
||||
|
||||
@@ -72,10 +72,10 @@ public class VaultReactiveHealthIndicator extends AbstractReactiveHealthIndicato
|
||||
protected Mono<Health> doHealthCheck(Builder builder) {
|
||||
|
||||
return this.vaultOperations
|
||||
.doWithVault((it) -> it.get().uri("sys/health").header(VaultHttpHeaders.VAULT_NAMESPACE, "").exchange())
|
||||
.flatMap((it) -> it.bodyToMono(VaultHealthImpl.class))
|
||||
.onErrorResume(WebClientResponseException.class, VaultReactiveHealthIndicator::deserializeError)
|
||||
.map((vaultHealthResponse) -> getHealth(builder, vaultHealthResponse));
|
||||
.doWithVault((it) -> it.get().uri("sys/health").header(VaultHttpHeaders.VAULT_NAMESPACE, "").exchange())
|
||||
.flatMap((it) -> it.bodyToMono(VaultHealthImpl.class))
|
||||
.onErrorResume(WebClientResponseException.class, VaultReactiveHealthIndicator::deserializeError)
|
||||
.map((vaultHealthResponse) -> getHealth(builder, vaultHealthResponse));
|
||||
}
|
||||
|
||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||
|
||||
@@ -46,7 +46,8 @@ public class VaultReactiveObservationAutoConfiguration {
|
||||
@ConditionalOnSingleCandidate(ObservationRegistry.class)
|
||||
public WebClientCustomizer observationVaultWebClientCustomizer(ObservationRegistry observationRegistry) {
|
||||
return webClientBuilder -> new ObservationWebClientCustomizer(observationRegistry,
|
||||
new DefaultClientRequestObservationConvention()).customize(webClientBuilder);
|
||||
new DefaultClientRequestObservationConvention())
|
||||
.customize(webClientBuilder);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -47,15 +47,19 @@ class VaultRuntimeHints implements RuntimeHintsRegistrar {
|
||||
ReflectionHints reflection = hints.reflection();
|
||||
|
||||
// reflection required for ConfigDataLoader, early logging capture
|
||||
reflection.registerTypes(Arrays.asList(SimpleSessionManager.class, LifecycleAwareSessionManager.class,
|
||||
LifecycleAwareSessionManagerSupport.class, ClientHttpRequestFactoryFactory.class,
|
||||
org.springframework.vault.core.env.VaultPropertySource.class, LeaseAwareVaultPropertySource.class)
|
||||
.stream().map(TypeReference::of).collect(Collectors.toList()),
|
||||
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
|
||||
reflection.registerTypes(Arrays
|
||||
.asList(SimpleSessionManager.class, LifecycleAwareSessionManager.class,
|
||||
LifecycleAwareSessionManagerSupport.class, ClientHttpRequestFactoryFactory.class,
|
||||
org.springframework.vault.core.env.VaultPropertySource.class, LeaseAwareVaultPropertySource.class)
|
||||
.stream()
|
||||
.map(TypeReference::of)
|
||||
.collect(Collectors.toList()), builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
|
||||
|
||||
reflection.registerTypes(
|
||||
Arrays.asList(VaultKeyValueBackendProperties.class).stream().map(TypeReference::of)
|
||||
.collect(Collectors.toList()),
|
||||
Arrays.asList(VaultKeyValueBackendProperties.class)
|
||||
.stream()
|
||||
.map(TypeReference::of)
|
||||
.collect(Collectors.toList()),
|
||||
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
|
||||
MemberCategory.INTROSPECT_DECLARED_METHODS, MemberCategory.INVOKE_DECLARED_METHODS,
|
||||
MemberCategory.INTROSPECT_DECLARED_CONSTRUCTORS, MemberCategory.INVOKE_DECLARED_CONSTRUCTORS));
|
||||
@@ -69,15 +73,14 @@ class VaultRuntimeHints implements RuntimeHintsRegistrar {
|
||||
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
|
||||
|
||||
reflection.registerType(TypeReference
|
||||
.of("org.springframework.cloud.vault.config.VaultReactiveConfiguration$ReactiveSessionManagerAdapter"),
|
||||
.of("org.springframework.cloud.vault.config.VaultReactiveConfiguration$ReactiveSessionManagerAdapter"),
|
||||
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
|
||||
|
||||
if (VaultConfigDataLoader.webclientPresent && VaultConfigDataLoader.reactorPresent) {
|
||||
reflection
|
||||
.registerTypes(
|
||||
Arrays.asList(ReactiveLifecycleAwareSessionManager.class).stream().map(TypeReference::of)
|
||||
.collect(Collectors.toList()),
|
||||
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
|
||||
reflection.registerTypes(Arrays.asList(ReactiveLifecycleAwareSessionManager.class)
|
||||
.stream()
|
||||
.map(TypeReference::of)
|
||||
.collect(Collectors.toList()), builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
|
||||
}
|
||||
|
||||
// presence checks
|
||||
@@ -96,14 +99,16 @@ class VaultRuntimeHints implements RuntimeHintsRegistrar {
|
||||
List<Object> pluggableDescriptors = new ArrayList<>();
|
||||
|
||||
pluggableDescriptors
|
||||
.addAll(SpringFactoriesLoader.loadFactories(SecretBackendMetadataFactory.class, classLoader));
|
||||
.addAll(SpringFactoriesLoader.loadFactories(SecretBackendMetadataFactory.class, classLoader));
|
||||
pluggableDescriptors
|
||||
.addAll(SpringFactoriesLoader.loadFactories(VaultSecretBackendDescriptor.class, classLoader));
|
||||
.addAll(SpringFactoriesLoader.loadFactories(VaultSecretBackendDescriptor.class, classLoader));
|
||||
pluggableDescriptors
|
||||
.addAll(SpringFactoriesLoader.loadFactories(VaultSecretBackendDescriptorFactory.class, classLoader));
|
||||
.addAll(SpringFactoriesLoader.loadFactories(VaultSecretBackendDescriptorFactory.class, classLoader));
|
||||
|
||||
List<TypeReference> pluggableDescriptorReferences = pluggableDescriptors.stream().map(Object::getClass)
|
||||
.map(TypeReference::of).collect(Collectors.toList());
|
||||
List<TypeReference> pluggableDescriptorReferences = pluggableDescriptors.stream()
|
||||
.map(Object::getClass)
|
||||
.map(TypeReference::of)
|
||||
.collect(Collectors.toList());
|
||||
|
||||
reflection.registerTypes(pluggableDescriptorReferences, builder -> {
|
||||
builder.withMembers(MemberCategory.INTROSPECT_DECLARED_CONSTRUCTORS,
|
||||
|
||||
@@ -37,9 +37,9 @@ public class ApplicationFailFastTests {
|
||||
@Test
|
||||
public void contextLoadsWithFailFastUsingLeasing() {
|
||||
try {
|
||||
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class).run("--server.port=0",
|
||||
"--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=true",
|
||||
"--spring.cloud.vault.config.lifecycle.enabled=true", "--spring.cloud.vault.port=9999");
|
||||
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class)
|
||||
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=true",
|
||||
"--spring.cloud.vault.config.lifecycle.enabled=true", "--spring.cloud.vault.port=9999");
|
||||
fail("failFast option did not produce an exception");
|
||||
}
|
||||
catch (Exception e) {
|
||||
@@ -50,10 +50,10 @@ public class ApplicationFailFastTests {
|
||||
@Test
|
||||
public void contextLoadsWithFailFastWithoutLeasing() {
|
||||
try {
|
||||
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class).run("--server.port=0",
|
||||
"--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=true",
|
||||
"--spring.cloud.vault.config.lifecycle.enabled=false",
|
||||
"--spring.cloud.vault.session.lifecycle.enabled=false", "--spring.cloud.vault.port=9999");
|
||||
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class)
|
||||
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=true",
|
||||
"--spring.cloud.vault.config.lifecycle.enabled=false",
|
||||
"--spring.cloud.vault.session.lifecycle.enabled=false", "--spring.cloud.vault.port=9999");
|
||||
fail("failFast option did not produce an exception");
|
||||
}
|
||||
catch (Exception e) {
|
||||
@@ -64,9 +64,9 @@ public class ApplicationFailFastTests {
|
||||
@Test
|
||||
@Ignore("Fails because of method errors in Discovery health check")
|
||||
public void contextLoadsWithoutFailFast() {
|
||||
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class).run("--server.port=0",
|
||||
"--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=false",
|
||||
"--spring.cloud.vault.port=9999");
|
||||
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class)
|
||||
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=false",
|
||||
"--spring.cloud.vault.port=9999");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -69,7 +69,7 @@ public class ClientAuthenticationFactoryUnitTests {
|
||||
new RestTemplate());
|
||||
AwsIamAuthentication authentication = (AwsIamAuthentication) factory.awsIamAuthentication(properties);
|
||||
AwsIamAuthenticationOptions options = (AwsIamAuthenticationOptions) ReflectionTestUtils
|
||||
.getField(authentication, "options");
|
||||
.getField(authentication, "options");
|
||||
|
||||
assertThat(options.getRegionProvider().getRegion()).isEqualTo(Region.AWS_GLOBAL);
|
||||
}
|
||||
@@ -177,7 +177,7 @@ public class ClientAuthenticationFactoryUnitTests {
|
||||
VaultProperties properties = new VaultProperties();
|
||||
|
||||
assertThatThrownBy(() -> ClientAuthenticationFactory.getAppRoleAuthenticationOptions(properties))
|
||||
.isInstanceOf(IllegalArgumentException.class);
|
||||
.isInstanceOf(IllegalArgumentException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -187,7 +187,7 @@ public class ClientAuthenticationFactoryUnitTests {
|
||||
properties.getAppRole().setRole("my-role");
|
||||
|
||||
assertThatThrownBy(() -> ClientAuthenticationFactory.getAppRoleAuthenticationOptions(properties))
|
||||
.isInstanceOf(IllegalArgumentException.class);
|
||||
.isInstanceOf(IllegalArgumentException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -200,7 +200,8 @@ public class ClientAuthenticationFactoryUnitTests {
|
||||
properties.getPcf().setInstanceCertificate(new ClassPathResource("bootstrap.yml"));
|
||||
|
||||
ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(properties, new RestTemplate(),
|
||||
new RestTemplate()).createClientAuthentication();
|
||||
new RestTemplate())
|
||||
.createClientAuthentication();
|
||||
|
||||
assertThat(clientAuthentication).isInstanceOf(PcfAuthentication.class);
|
||||
}
|
||||
@@ -213,7 +214,8 @@ public class ClientAuthenticationFactoryUnitTests {
|
||||
properties.getSsl().setCertAuthPath("bert");
|
||||
|
||||
ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(properties, new RestTemplate(),
|
||||
new RestTemplate()).createClientAuthentication();
|
||||
new RestTemplate())
|
||||
.createClientAuthentication();
|
||||
|
||||
assertThat(clientAuthentication).isInstanceOf(ClientCertificateAuthentication.class);
|
||||
}
|
||||
@@ -229,7 +231,8 @@ public class ClientAuthenticationFactoryUnitTests {
|
||||
StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.CREATE);
|
||||
try {
|
||||
ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(properties, new RestTemplate(),
|
||||
new RestTemplate()).createClientAuthentication();
|
||||
new RestTemplate())
|
||||
.createClientAuthentication();
|
||||
|
||||
assertThat(clientAuthentication).isInstanceOf(TokenAuthentication.class);
|
||||
VaultToken token = clientAuthentication.login();
|
||||
|
||||
@@ -39,8 +39,8 @@ public class ConfigDataShutdownTests extends IntegrationTestSupport {
|
||||
@Test
|
||||
public void contextShutdownDestroysSecretLeaseContainer() {
|
||||
ConfigurableApplicationContext context = new SpringApplicationBuilder().sources(ConfigDataShutdownTests.class)
|
||||
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=false", "--spring.cloud.vault.failFast=true",
|
||||
"--spring.cloud.vault.config.lifecycle.enabled=true", "--spring.config.import=vault://");
|
||||
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=false", "--spring.cloud.vault.failFast=true",
|
||||
"--spring.cloud.vault.config.lifecycle.enabled=true", "--spring.config.import=vault://");
|
||||
|
||||
SecretLeaseContainer container = context.getBean(SecretLeaseContainer.class);
|
||||
|
||||
|
||||
@@ -50,42 +50,42 @@ public class DiscoveryClientVaultBootstrapConfigurationTests {
|
||||
@Test
|
||||
public void shouldRegisterDefaultBeans() {
|
||||
|
||||
this.contextRunner
|
||||
.withUserConfiguration(DiscoveryConfiguration.class).withPropertyValues("spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.discovery.enabled=true", "spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
this.contextRunner.withUserConfiguration(DiscoveryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context.getBean(VaultServiceInstanceProvider.class))
|
||||
.isInstanceOf(DiscoveryClientVaultServiceInstanceProvider.class);
|
||||
assertThat(context.getBean(VaultServiceInstanceProvider.class))
|
||||
.isInstanceOf(DiscoveryClientVaultServiceInstanceProvider.class);
|
||||
|
||||
VaultEndpointProvider endpointProvider = context.getBean(VaultEndpointProvider.class);
|
||||
VaultEndpoint vaultEndpoint = endpointProvider.getVaultEndpoint();
|
||||
assertThat(vaultEndpoint.getPort()).isEqualTo(1234);
|
||||
});
|
||||
VaultEndpointProvider endpointProvider = context.getBean(VaultEndpointProvider.class);
|
||||
VaultEndpoint vaultEndpoint = endpointProvider.getVaultEndpoint();
|
||||
assertThat(vaultEndpoint.getPort()).isEqualTo(1234);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotRegisterBeansIfDiscoveryDisabled() {
|
||||
|
||||
this.contextRunner
|
||||
.withUserConfiguration(DiscoveryConfiguration.class).withPropertyValues("spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.discovery.enabled=false", "spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
this.contextRunner.withUserConfiguration(DiscoveryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context.getBeanNamesForType(VaultServiceInstanceProvider.class)).isEmpty();
|
||||
});
|
||||
assertThat(context.getBeanNamesForType(VaultServiceInstanceProvider.class)).isEmpty();
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotRegisterBeansIfVaultDisabled() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(DiscoveryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context.getBeanNamesForType(VaultServiceInstanceProvider.class)).isEmpty();
|
||||
});
|
||||
assertThat(context.getBeanNamesForType(VaultServiceInstanceProvider.class)).isEmpty();
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
@@ -97,7 +97,7 @@ public class DiscoveryClientVaultBootstrapConfigurationTests {
|
||||
|
||||
DiscoveryClient mock = Mockito.mock(DiscoveryClient.class);
|
||||
when(mock.getInstances(anyString()))
|
||||
.thenReturn(Collections.singletonList(new SimpleServiceInstance(URI.create("https://foo:1234"))));
|
||||
.thenReturn(Collections.singletonList(new SimpleServiceInstance(URI.create("https://foo:1234"))));
|
||||
|
||||
return mock;
|
||||
}
|
||||
|
||||
@@ -59,8 +59,9 @@ public class KeyValueSecretBackendMetadataUnitTests {
|
||||
List<String> contexts = KeyValueSecretBackendMetadata.buildContexts(this.properties,
|
||||
Arrays.asList("cloud", "local"));
|
||||
|
||||
assertThat(contexts).hasSize(6).containsSequence("my-app/local", "my-app/cloud", "my-app", "application/local",
|
||||
"application/cloud", "application");
|
||||
assertThat(contexts).hasSize(6)
|
||||
.containsSequence("my-app/local", "my-app/cloud", "my-app", "application/local", "application/cloud",
|
||||
"application");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -92,8 +93,9 @@ public class KeyValueSecretBackendMetadataUnitTests {
|
||||
List<String> contexts = KeyValueSecretBackendMetadata.buildContexts(this.properties,
|
||||
Arrays.asList("cloud", "local"));
|
||||
|
||||
assertThat(contexts).hasSize(9).containsSequence("bar/local", "bar/cloud", "bar", "foo/local", "foo/cloud",
|
||||
"foo", "application/local", "application/cloud", "application");
|
||||
assertThat(contexts).hasSize(9)
|
||||
.containsSequence("bar/local", "bar/cloud", "bar", "foo/local", "foo/cloud", "foo", "application/local",
|
||||
"application/cloud", "application");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -51,7 +51,8 @@ public class KeyValueSecretIntegrationTests extends IntegrationTestSupport {
|
||||
public void shouldReturnSecretsCorrectly() {
|
||||
|
||||
Map<String, Object> secretProperties = this.configOperations
|
||||
.read(KeyValueSecretBackendMetadata.create("secret", "app-name")).getData();
|
||||
.read(KeyValueSecretBackendMetadata.create("secret", "app-name"))
|
||||
.getData();
|
||||
|
||||
assertThat(secretProperties).containsAllEntriesOf(createExpectedMap());
|
||||
}
|
||||
|
||||
@@ -98,7 +98,7 @@ public class LeasingVaultPropertySourceLocatorUnitTests {
|
||||
|
||||
verify(this.secretLeaseContainer).addRequestedSecret(rotating);
|
||||
verify(this.secretLeaseContainer)
|
||||
.addRequestedSecret(RequestedSecret.renewable("database/mysql/creds/readonly"));
|
||||
.addRequestedSecret(RequestedSecret.renewable("database/mysql/creds/readonly"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -40,8 +40,8 @@ public class PropertyNameTransformerUnitTests {
|
||||
map.put("old-key", "value");
|
||||
map.put("other-key", "other-value");
|
||||
|
||||
assertThat(transformer.transformProperties(map)).containsEntry("new-key", "value").containsEntry("other-key",
|
||||
"other-value");
|
||||
assertThat(transformer.transformProperties(map)).containsEntry("new-key", "value")
|
||||
.containsEntry("other-key", "other-value");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -47,68 +47,66 @@ import static org.mockito.Mockito.when;
|
||||
public class ReactiveDiscoveryClientVaultBootstrapConfigurationTests {
|
||||
|
||||
private ApplicationContextRunner contextRunner = new ApplicationContextRunner().withConfiguration(AutoConfigurations
|
||||
.of(ReactiveDiscoveryClientVaultBootstrapConfiguration.class, VaultBootstrapConfiguration.class));
|
||||
.of(ReactiveDiscoveryClientVaultBootstrapConfiguration.class, VaultBootstrapConfiguration.class));
|
||||
|
||||
@Test
|
||||
public void shouldRegisterDefaultBeans() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(ReactiveDiscoveryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).hasSingleBean(ReactiveVaultEndpointProvider.class);
|
||||
assertThat(context).hasSingleBean(ReactiveVaultEndpointProvider.class);
|
||||
|
||||
ReactiveVaultEndpointProvider endpointProvider = context
|
||||
.getBean(ReactiveVaultEndpointProvider.class);
|
||||
ReactiveVaultEndpointProvider endpointProvider = context.getBean(ReactiveVaultEndpointProvider.class);
|
||||
|
||||
endpointProvider.getVaultEndpoint().as(StepVerifier::create).assertNext(actual -> {
|
||||
assertThat(actual.getPort()).isEqualTo(1234);
|
||||
}).verifyComplete();
|
||||
});
|
||||
endpointProvider.getVaultEndpoint().as(StepVerifier::create).assertNext(actual -> {
|
||||
assertThat(actual.getPort()).isEqualTo(1234);
|
||||
}).verifyComplete();
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldRegisterVaultEndpointAdapterBean() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(BridgedDiscoveryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).hasSingleBean(ReactiveVaultEndpointProvider.class);
|
||||
assertThat(context).hasSingleBean(ReactiveVaultEndpointProvider.class);
|
||||
|
||||
ReactiveVaultEndpointProvider endpointProvider = context
|
||||
.getBean(ReactiveVaultEndpointProvider.class);
|
||||
ReactiveVaultEndpointProvider endpointProvider = context.getBean(ReactiveVaultEndpointProvider.class);
|
||||
|
||||
endpointProvider.getVaultEndpoint().as(StepVerifier::create).assertNext(actual -> {
|
||||
assertThat(actual.getPort()).isEqualTo(1234);
|
||||
}).verifyComplete();
|
||||
});
|
||||
endpointProvider.getVaultEndpoint().as(StepVerifier::create).assertNext(actual -> {
|
||||
assertThat(actual.getPort()).isEqualTo(1234);
|
||||
}).verifyComplete();
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotRegisterBeansIfDiscoveryDisabled() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(ReactiveDiscoveryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context.getBeanNamesForType(ReactiveVaultEndpointProvider.class)).isEmpty();
|
||||
});
|
||||
assertThat(context.getBeanNamesForType(ReactiveVaultEndpointProvider.class)).isEmpty();
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotRegisterBeansIfVaultDisabled() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(ReactiveDiscoveryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context.getBeanNamesForType(ReactiveVaultEndpointProvider.class)).isEmpty();
|
||||
});
|
||||
assertThat(context.getBeanNamesForType(ReactiveVaultEndpointProvider.class)).isEmpty();
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
@@ -120,7 +118,7 @@ public class ReactiveDiscoveryClientVaultBootstrapConfigurationTests {
|
||||
|
||||
ReactiveDiscoveryClient mock = Mockito.mock(ReactiveDiscoveryClient.class);
|
||||
when(mock.getInstances(anyString()))
|
||||
.thenReturn(Flux.just(new SimpleServiceInstance(URI.create("https://foo:1234"))));
|
||||
.thenReturn(Flux.just(new SimpleServiceInstance(URI.create("https://foo:1234"))));
|
||||
|
||||
return mock;
|
||||
}
|
||||
|
||||
@@ -41,15 +41,17 @@ public class ReactiveVaultBootstrapConfigurationTests {
|
||||
@Test
|
||||
public void shouldConfigureWithoutAuthentication() {
|
||||
|
||||
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
|
||||
"spring.cloud.vault.authentication=NONE", "spring.cloud.bootstrap.enabled=true").run(context -> {
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.authentication=NONE",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).doesNotHaveBean(SessionManager.class);
|
||||
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
|
||||
assertThat(context).doesNotHaveBean(VaultTokenSupplier.class);
|
||||
assertThat(context).doesNotHaveBean(ReactiveSessionManager.class);
|
||||
assertThat(context).hasSingleBean(ReactiveVaultTemplate.class);
|
||||
});
|
||||
assertThat(context).doesNotHaveBean(SessionManager.class);
|
||||
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
|
||||
assertThat(context).doesNotHaveBean(VaultTokenSupplier.class);
|
||||
assertThat(context).doesNotHaveBean(ReactiveSessionManager.class);
|
||||
assertThat(context).hasSingleBean(ReactiveVaultTemplate.class);
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -40,66 +40,70 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
public class VaultBootstrapConfigurationTests {
|
||||
|
||||
private ApplicationContextRunner contextRunner = new ApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(VaultBootstrapConfiguration.class));
|
||||
.withConfiguration(AutoConfigurations.of(VaultBootstrapConfiguration.class));
|
||||
|
||||
@Test
|
||||
public void shouldConfigureWithoutAuthentication() {
|
||||
|
||||
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=true",
|
||||
"spring.cloud.vault.authentication=NONE", "spring.cloud.bootstrap.enabled=true").run(context -> {
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=true", "spring.cloud.vault.authentication=NONE",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).doesNotHaveBean(SessionManager.class);
|
||||
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
|
||||
assertThat(context).hasSingleBean(VaultTemplate.class);
|
||||
assertThat(context).hasSingleBean(RestTemplateFactory.class);
|
||||
});
|
||||
assertThat(context).doesNotHaveBean(SessionManager.class);
|
||||
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
|
||||
assertThat(context).hasSingleBean(VaultTemplate.class);
|
||||
assertThat(context).hasSingleBean(RestTemplateFactory.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldApplySslSettings() {
|
||||
|
||||
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
|
||||
"spring.cloud.vault.authentication=NONE", "spring.cloud.bootstrap.enabled=true",
|
||||
"spring.cloud.vault.ssl.enabled-protocols=TLSv1.2,TLSv1.3",
|
||||
"spring.cloud.vault.ssl.enabled-cipher-suites=one,two").run(context -> {
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.authentication=NONE",
|
||||
"spring.cloud.bootstrap.enabled=true", "spring.cloud.vault.ssl.enabled-protocols=TLSv1.2,TLSv1.3",
|
||||
"spring.cloud.vault.ssl.enabled-cipher-suites=one,two")
|
||||
.run(context -> {
|
||||
|
||||
VaultProperties properties = context.getBean(VaultProperties.class);
|
||||
VaultProperties properties = context.getBean(VaultProperties.class);
|
||||
|
||||
SslConfiguration sslConfiguration = VaultConfiguration.createSslConfiguration(properties.getSsl());
|
||||
SslConfiguration sslConfiguration = VaultConfiguration.createSslConfiguration(properties.getSsl());
|
||||
|
||||
assertThat(sslConfiguration.getEnabledProtocols()).containsExactly("TLSv1.2", "TLSv1.3");
|
||||
assertThat(sslConfiguration.getEnabledCipherSuites()).containsExactly("one", "two");
|
||||
});
|
||||
assertThat(sslConfiguration.getEnabledProtocols()).containsExactly("TLSv1.2", "TLSv1.3");
|
||||
assertThat(sslConfiguration.getEnabledCipherSuites()).containsExactly("one", "two");
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldDisableSessionManagement() {
|
||||
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false", "spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false", "spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
SessionManager bean = context.getBean(SessionManager.class);
|
||||
assertThat(bean).isExactlyInstanceOf(SimpleSessionManager.class);
|
||||
});
|
||||
SessionManager bean = context.getBean(SessionManager.class);
|
||||
assertThat(bean).isExactlyInstanceOf(SimpleSessionManager.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConfigureSessionManagement() {
|
||||
|
||||
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
|
||||
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s", "spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
|
||||
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s", "spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
SessionManager bean = context.getBean(SessionManager.class);
|
||||
SessionManager bean = context.getBean(SessionManager.class);
|
||||
|
||||
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
|
||||
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
|
||||
|
||||
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
|
||||
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
|
||||
});
|
||||
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
|
||||
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -45,44 +45,43 @@ import static org.mockito.Mockito.verify;
|
||||
public class VaultBootstrapPropertySourceConfigurationTests {
|
||||
|
||||
private ApplicationContextRunner contextRunner = new ApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(VaultBootstrapPropertySourceConfiguration.class));
|
||||
.withConfiguration(AutoConfigurations.of(VaultBootstrapPropertySourceConfiguration.class));
|
||||
|
||||
@Test
|
||||
public void shouldConfigureExpiryTimeoutsAndStrategy() {
|
||||
|
||||
this.contextRunner
|
||||
.withUserConfiguration(MockSecretLeaseContainerConfiguration.class,
|
||||
MockVaultOperationsConfiguration.class)
|
||||
.withAllowBeanDefinitionOverriding(true)
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false",
|
||||
"spring.cloud.vault.config.lifecycle.expiry-threshold=5m",
|
||||
"spring.cloud.vault.config.lifecycle.min-renewal=6m",
|
||||
"spring.cloud.vault.config.lifecycle.lease-endpoints=Leases",
|
||||
"spring.cloud.vault.config.lifecycle.lease-strategy=retain-on-error",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withUserConfiguration(MockSecretLeaseContainerConfiguration.class, MockVaultOperationsConfiguration.class)
|
||||
.withAllowBeanDefinitionOverriding(true)
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false",
|
||||
"spring.cloud.vault.config.lifecycle.expiry-threshold=5m",
|
||||
"spring.cloud.vault.config.lifecycle.min-renewal=6m",
|
||||
"spring.cloud.vault.config.lifecycle.lease-endpoints=Leases",
|
||||
"spring.cloud.vault.config.lifecycle.lease-strategy=retain-on-error",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
SecretLeaseContainer container = context.getBean(SecretLeaseContainer.class);
|
||||
verify(container).setExpiryThreshold(Duration.ofMinutes(5));
|
||||
verify(container).setMinRenewal(Duration.ofMinutes(6));
|
||||
verify(container).setLeaseEndpoints(LeaseEndpoints.Leases);
|
||||
verify(container).setLeaseStrategy(LeaseStrategy.retainOnError());
|
||||
});
|
||||
SecretLeaseContainer container = context.getBean(SecretLeaseContainer.class);
|
||||
verify(container).setExpiryThreshold(Duration.ofMinutes(5));
|
||||
verify(container).setMinRenewal(Duration.ofMinutes(6));
|
||||
verify(container).setLeaseEndpoints(LeaseEndpoints.Leases);
|
||||
verify(container).setLeaseStrategy(LeaseStrategy.retainOnError());
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConfigureWithoutAuthentication() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(MockVaultOperationsConfiguration.class)
|
||||
.withAllowBeanDefinitionOverriding(true)
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=true",
|
||||
"spring.cloud.vault.config.lifecycle.enabled=true", "spring.cloud.vault.authentication=NONE",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withAllowBeanDefinitionOverriding(true)
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=true",
|
||||
"spring.cloud.vault.config.lifecycle.enabled=true", "spring.cloud.vault.authentication=NONE",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).doesNotHaveBean(SessionManager.class);
|
||||
assertThat(context).hasSingleBean(SecretLeaseContainer.class);
|
||||
});
|
||||
assertThat(context).doesNotHaveBean(SessionManager.class);
|
||||
assertThat(context).hasSingleBean(SecretLeaseContainer.class);
|
||||
});
|
||||
}
|
||||
|
||||
@EnableConfigurationProperties(VaultProperties.class)
|
||||
|
||||
@@ -44,11 +44,14 @@ public class VaultBootstrapperIntegrationTests extends IntegrationTestSupport {
|
||||
@Before
|
||||
public void before() {
|
||||
|
||||
this.vaultRule.prepare().getVaultOperations().write("secret/VaultBootstrapPropertySourceConfigurationTests",
|
||||
Collections.singletonMap("default-key", "default"));
|
||||
this.vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/VaultBootstrapPropertySourceConfigurationTests",
|
||||
Collections.singletonMap("default-key", "default"));
|
||||
|
||||
this.vaultRule.prepare().getVaultOperations().write("secret/customized",
|
||||
Collections.singletonMap("key", "customized"));
|
||||
this.vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/customized", Collections.singletonMap("key", "customized"));
|
||||
|
||||
SpringApplication application = new SpringApplication(Config.class);
|
||||
application.setWebApplicationType(WebApplicationType.NONE);
|
||||
|
||||
@@ -124,8 +124,9 @@ public class VaultConfigAppIdCustomMechanismTests {
|
||||
RestTemplate restTemplate = TestRestTemplateFactory.create(Settings.createSslConfiguration());
|
||||
|
||||
return new AppIdAuthentication(AppIdAuthenticationOptions.builder()
|
||||
.appId(VaultConfigAppIdCustomMechanismTests.class.getSimpleName())
|
||||
.userIdMechanism(new StaticUserIdMechanism()).build(), restTemplate);
|
||||
.appId(VaultConfigAppIdCustomMechanismTests.class.getSimpleName())
|
||||
.userIdMechanism(new StaticUserIdMechanism())
|
||||
.build(), restTemplate);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -94,11 +94,13 @@ public class VaultConfigAppRoleTests {
|
||||
|
||||
vaultOperations.write("auth/approle/role/with-secret-id", withSecretId);
|
||||
|
||||
String roleId = (String) vaultOperations.read("auth/approle/role/with-secret-id/role-id").getData()
|
||||
.get("role_id");
|
||||
String roleId = (String) vaultOperations.read("auth/approle/role/with-secret-id/role-id")
|
||||
.getData()
|
||||
.get("role_id");
|
||||
String secretId = (String) vaultOperations
|
||||
.write(String.format("auth/approle/role/with-secret-id/secret-id", "with-secret-id"), null).getData()
|
||||
.get("secret_id");
|
||||
.write(String.format("auth/approle/role/with-secret-id/secret-id", "with-secret-id"), null)
|
||||
.getData()
|
||||
.get("secret_id");
|
||||
|
||||
System.setProperty("spring.cloud.vault.app-role.role-id", roleId);
|
||||
System.setProperty("spring.cloud.vault.app-role.secret-id", secretId);
|
||||
|
||||
@@ -42,11 +42,13 @@ public class VaultConfigDataLoaderIntegrationTests extends IntegrationTestSuppor
|
||||
@Before
|
||||
public void before() {
|
||||
|
||||
this.vaultRule.prepare().getVaultOperations().write("secret/my-config-loader",
|
||||
Collections.singletonMap("default-key", "default"));
|
||||
this.vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/my-config-loader", Collections.singletonMap("default-key", "default"));
|
||||
|
||||
this.vaultRule.prepare().getVaultOperations().write("secret/my-config-loader/cloud",
|
||||
Collections.singletonMap("default-key", "cloud"));
|
||||
this.vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/my-config-loader/cloud", Collections.singletonMap("default-key", "cloud"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -65,11 +65,11 @@ public class VaultConfigDataLocationResolverUnitTests {
|
||||
|
||||
assertThat(
|
||||
resolver.resolveProfileSpecific(this.contextMock, ConfigDataLocation.of("vault:"), this.profilesMock))
|
||||
.hasSize(3);
|
||||
.hasSize(3);
|
||||
|
||||
assertThat(
|
||||
resolver.resolveProfileSpecific(this.contextMock, ConfigDataLocation.of("vault://"), this.profilesMock))
|
||||
.hasSize(3);
|
||||
.hasSize(3);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -78,9 +78,9 @@ public class VaultConfigDataLocationResolverUnitTests {
|
||||
VaultConfigDataLocationResolver resolver = new VaultConfigDataLocationResolver();
|
||||
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> resolver.resolveProfileSpecific(this.contextMock,
|
||||
ConfigDataLocation.of("vault://foo/"), this.profilesMock))
|
||||
.withMessage("Location 'vault://foo/' must not end with a trailing slash");
|
||||
.isThrownBy(() -> resolver.resolveProfileSpecific(this.contextMock, ConfigDataLocation.of("vault://foo/"),
|
||||
this.profilesMock))
|
||||
.withMessage("Location 'vault://foo/' must not end with a trailing slash");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -93,8 +93,10 @@ public class VaultConfigDataLocationResolverUnitTests {
|
||||
|
||||
assertThat(locations).hasSize(1);
|
||||
assertThat(locations.get(0)).hasToString("VaultConfigLocation [path='my/context/path', optional=false]");
|
||||
assertThat(locations.get(0).getSecretBackendMetadata().getPropertyTransformer()
|
||||
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("key", "value");
|
||||
assertThat(locations.get(0)
|
||||
.getSecretBackendMetadata()
|
||||
.getPropertyTransformer()
|
||||
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("key", "value");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -106,8 +108,10 @@ public class VaultConfigDataLocationResolverUnitTests {
|
||||
ConfigDataLocation.of("vault://my/context/path?prefix=myPrefix."), this.profilesMock);
|
||||
|
||||
assertThat(locations).hasSize(1);
|
||||
assertThat(locations.get(0).getSecretBackendMetadata().getPropertyTransformer()
|
||||
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("myPrefix.key", "value");
|
||||
assertThat(locations.get(0)
|
||||
.getSecretBackendMetadata()
|
||||
.getPropertyTransformer()
|
||||
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("myPrefix.key", "value");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -119,8 +123,10 @@ public class VaultConfigDataLocationResolverUnitTests {
|
||||
ConfigDataLocation.of("vault://my/context/path?prefix="), this.profilesMock);
|
||||
|
||||
assertThat(locations).hasSize(1);
|
||||
assertThat(locations.get(0).getSecretBackendMetadata().getPropertyTransformer()
|
||||
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("key", "value");
|
||||
assertThat(locations.get(0)
|
||||
.getSecretBackendMetadata()
|
||||
.getPropertyTransformer()
|
||||
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("key", "value");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -134,7 +140,7 @@ public class VaultConfigDataLocationResolverUnitTests {
|
||||
|
||||
assertThat(
|
||||
resolver.resolveProfileSpecific(this.contextMock, ConfigDataLocation.of("vault://"), this.profilesMock))
|
||||
.hasSize(4);
|
||||
.hasSize(4);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -61,8 +61,9 @@ public class VaultConfigDisabledTests {
|
||||
VaultRule vaultRule = new VaultRule();
|
||||
vaultRule.before();
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("secret/testVaultApp",
|
||||
Collections.singletonMap("vault.value", "foo"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/testVaultApp", Collections.singletonMap("vault.value", "foo"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -56,8 +56,9 @@ public class VaultConfigKeyValueBackendDisabledTests {
|
||||
VaultRule vaultRule = new VaultRule();
|
||||
vaultRule.before();
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("secret/testVaultApp",
|
||||
Collections.singletonMap("vault.value", "foo"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/testVaultApp", Collections.singletonMap("vault.value", "foo"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -57,8 +57,10 @@ public class VaultConfigTemplateIntegrationTests extends IntegrationTestSupport
|
||||
|
||||
assumeTrue(this.vaultRule.prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.10.0")));
|
||||
|
||||
this.vaultRule.prepare().getVaultOperations().write("versioned/data/testVaultApp",
|
||||
Collections.singletonMap("data", Collections.singletonMap("key", "value")));
|
||||
this.vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("versioned/data/testVaultApp",
|
||||
Collections.singletonMap("data", Collections.singletonMap("key", "value")));
|
||||
|
||||
VaultProperties vaultProperties = Settings.createVaultProperties();
|
||||
|
||||
|
||||
@@ -69,8 +69,10 @@ public class VaultConfigTlsCertAuthenticationMountPathTests {
|
||||
vaultProperties.getSsl().setCertAuthPath("nonstandard");
|
||||
|
||||
if (!vaultRule.prepare().hasAuth(vaultProperties.getSsl().getCertAuthPath())) {
|
||||
vaultRule.prepare().getVaultOperations().opsForSys().authMount(vaultProperties.getSsl().getCertAuthPath(),
|
||||
VaultMount.builder().type("cert").build());
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.opsForSys()
|
||||
.authMount(vaultProperties.getSsl().getCertAuthPath(), VaultMount.builder().type("cert").build());
|
||||
}
|
||||
|
||||
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
|
||||
|
||||
@@ -36,7 +36,7 @@ import static org.mockito.Mockito.mock;
|
||||
class VaultHealthIndicatorAutoConfigurationTests {
|
||||
|
||||
private final ApplicationContextRunner contextRunner = new ApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(VaultHealthIndicatorAutoConfiguration.class));
|
||||
.withConfiguration(AutoConfigurations.of(VaultHealthIndicatorAutoConfiguration.class));
|
||||
|
||||
@Test
|
||||
void shouldNotConfigureHealthIndicatorWithoutVaultOperations() {
|
||||
@@ -67,11 +67,11 @@ class VaultHealthIndicatorAutoConfigurationTests {
|
||||
void shouldConfigureSingleHealthIndicator() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(ImperativeConfiguration.class, ReactiveConfiguration.class)
|
||||
.run(context -> {
|
||||
assertThat(context).hasBean("vaultHealthIndicator")
|
||||
.hasSingleBean(VaultReactiveHealthIndicator.class)
|
||||
.doesNotHaveBean(VaultHealthIndicator.class);
|
||||
});
|
||||
.run(context -> {
|
||||
assertThat(context).hasBean("vaultHealthIndicator")
|
||||
.hasSingleBean(VaultReactiveHealthIndicator.class)
|
||||
.doesNotHaveBean(VaultHealthIndicator.class);
|
||||
});
|
||||
}
|
||||
|
||||
static class ImperativeConfiguration {
|
||||
|
||||
@@ -63,16 +63,18 @@ public class VaultNamespaceTests {
|
||||
@ClassRule
|
||||
public static VaultRule vaultRule = new VaultRule();
|
||||
|
||||
static final Policy POLICY = Policy
|
||||
.of(Policy.Rule.builder().path("/*").capabilities(Policy.BuiltinCapabilities.READ,
|
||||
Policy.BuiltinCapabilities.CREATE, Policy.BuiltinCapabilities.UPDATE).build());
|
||||
static final Policy POLICY = Policy.of(Policy.Rule.builder()
|
||||
.path("/*")
|
||||
.capabilities(Policy.BuiltinCapabilities.READ, Policy.BuiltinCapabilities.CREATE,
|
||||
Policy.BuiltinCapabilities.UPDATE)
|
||||
.build());
|
||||
|
||||
RestTemplateBuilder maketingRestTemplate;
|
||||
|
||||
WebClientBuilder marketingWebClientBuilder = WebClientBuilder.builder()
|
||||
.httpConnector(ClientHttpConnectorFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
|
||||
.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
|
||||
.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
|
||||
.httpConnector(ClientHttpConnectorFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
|
||||
.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
|
||||
.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
|
||||
|
||||
String marketingToken;
|
||||
|
||||
@@ -90,18 +92,20 @@ public class VaultNamespaceTests {
|
||||
}
|
||||
|
||||
this.maketingRestTemplate = RestTemplateBuilder.builder()
|
||||
.requestFactory(
|
||||
ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
|
||||
.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
|
||||
.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
|
||||
.requestFactory(
|
||||
ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
|
||||
.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
|
||||
.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
|
||||
|
||||
VaultTemplate marketing = new VaultTemplate(this.maketingRestTemplate,
|
||||
new SimpleSessionManager(new TokenAuthentication(Settings.token())));
|
||||
|
||||
mountKv(marketing, "marketing-secrets");
|
||||
marketing.opsForSys().createOrUpdatePolicy("relaxed", POLICY);
|
||||
this.marketingToken = marketing.opsForToken().create(VaultTokenRequest.builder().withPolicy("relaxed").build())
|
||||
.getToken().getToken();
|
||||
this.marketingToken = marketing.opsForToken()
|
||||
.create(VaultTokenRequest.builder().withPolicy("relaxed").build())
|
||||
.getToken()
|
||||
.getToken();
|
||||
}
|
||||
|
||||
private void mountKv(VaultTemplate template, String path) {
|
||||
@@ -136,8 +140,10 @@ public class VaultNamespaceTests {
|
||||
|
||||
Health.Builder builder = Health.unknown();
|
||||
|
||||
new VaultReactiveHealthIndicator(reactiveMarketing).doHealthCheck(builder).as(StepVerifier::create)
|
||||
.assertNext(actual -> assertThat(actual.getStatus()).isEqualTo(Status.UP)).verifyComplete();
|
||||
new VaultReactiveHealthIndicator(reactiveMarketing).doHealthCheck(builder)
|
||||
.as(StepVerifier::create)
|
||||
.assertNext(actual -> assertThat(actual.getStatus()).isEqualTo(Status.UP))
|
||||
.verifyComplete();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -60,8 +60,10 @@ public class VaultPropertySourceIntegrationTests extends IntegrationTestSupport
|
||||
|
||||
assumeTrue(this.vaultRule.prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.10.0")));
|
||||
|
||||
this.vaultRule.prepare().getVaultOperations().write("versioned/data/testVaultApp",
|
||||
Collections.singletonMap("data", Collections.singletonMap("key", "value")));
|
||||
this.vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("versioned/data/testVaultApp",
|
||||
Collections.singletonMap("data", Collections.singletonMap("key", "value")));
|
||||
|
||||
VaultProperties vaultProperties = Settings.createVaultProperties();
|
||||
|
||||
|
||||
@@ -58,20 +58,29 @@ public class VaultPropertySourceLocatorIntegrationTests extends IntegrationTestS
|
||||
VaultRule vaultRule = new VaultRule();
|
||||
vaultRule.before();
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("secret/wintermute",
|
||||
Collections.singletonMap("vault.value", "wintermute"));
|
||||
vaultRule.prepare().getVaultOperations().write("secret/wintermute/integrationtest",
|
||||
Collections.singletonMap("vault.value", "integrationtest wintermute"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/wintermute", Collections.singletonMap("vault.value", "wintermute"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/wintermute/integrationtest",
|
||||
Collections.singletonMap("vault.value", "integrationtest wintermute"));
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("secret/neuromancer",
|
||||
Collections.singletonMap("vault.value", "neuromancer"));
|
||||
vaultRule.prepare().getVaultOperations().write("secret/neuromancer/integrationtest",
|
||||
Collections.singletonMap("vault.value", "integrationtest neuromancer"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/neuromancer", Collections.singletonMap("vault.value", "neuromancer"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/neuromancer/integrationtest",
|
||||
Collections.singletonMap("vault.value", "integrationtest neuromancer"));
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("secret/icebreaker",
|
||||
Collections.singletonMap("icebreaker.value", "icebreaker"));
|
||||
vaultRule.prepare().getVaultOperations().write("secret/icebreaker/integrationtest",
|
||||
Collections.singletonMap("icebreaker.value", "integrationtest icebreaker"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/icebreaker", Collections.singletonMap("icebreaker.value", "icebreaker"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/icebreaker/integrationtest",
|
||||
Collections.singletonMap("icebreaker.value", "integrationtest icebreaker"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -55,14 +55,17 @@ public class VaultPropertySourceLocatorProfilesIntegrationTests extends Integrat
|
||||
VaultRule vaultRule = new VaultRule();
|
||||
vaultRule.before();
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("secret/my-profiles-app/hello",
|
||||
Collections.singletonMap("vault.hello", "true"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/my-profiles-app/hello", Collections.singletonMap("vault.hello", "true"));
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("secret/my-profiles-app/world",
|
||||
Collections.singletonMap("vault.world", "true"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/my-profiles-app/world", Collections.singletonMap("vault.world", "true"));
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("secret/my-profiles-app/other",
|
||||
Collections.singletonMap("vault.other", "true"));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("secret/my-profiles-app/other", Collections.singletonMap("vault.other", "true"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -89,8 +89,8 @@ public class VaultPropertySourceLocatorUnitTests {
|
||||
assertThat(propertySource).isInstanceOf(CompositePropertySource.class);
|
||||
|
||||
CompositePropertySource composite = (CompositePropertySource) propertySource;
|
||||
assertThat(composite.getPropertySources()).extracting("name").containsSequence("secret/application/periwinkle",
|
||||
"secret/application/vermillion");
|
||||
assertThat(composite.getPropertySources()).extracting("name")
|
||||
.containsSequence("secret/application/periwinkle", "secret/application/vermillion");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -108,8 +108,8 @@ public class VaultPropertySourceLocatorUnitTests {
|
||||
assertThat(propertySource).isInstanceOf(CompositePropertySource.class);
|
||||
|
||||
CompositePropertySource composite = (CompositePropertySource) propertySource;
|
||||
assertThat(composite.getPropertySources()).extracting("name").containsSequence("secret/wintermute/periwinkle",
|
||||
"secret/wintermute/vermillion", "secret/wintermute");
|
||||
assertThat(composite.getPropertySources()).extracting("name")
|
||||
.containsSequence("secret/wintermute/periwinkle", "secret/wintermute/vermillion", "secret/wintermute");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -127,10 +127,11 @@ public class VaultPropertySourceLocatorUnitTests {
|
||||
assertThat(propertySource).isInstanceOf(CompositePropertySource.class);
|
||||
|
||||
CompositePropertySource composite = (CompositePropertySource) propertySource;
|
||||
assertThat(composite.getPropertySources()).extracting("name").contains("secret/wintermute", "secret/straylight",
|
||||
"secret/icebreaker/armitage", "secret/wintermute/vermillion", "secret/wintermute/periwinkle",
|
||||
"secret/straylight/vermillion", "secret/straylight/periwinkle", "secret/icebreaker/armitage/vermillion",
|
||||
"secret/icebreaker/armitage/periwinkle");
|
||||
assertThat(composite.getPropertySources()).extracting("name")
|
||||
.contains("secret/wintermute", "secret/straylight", "secret/icebreaker/armitage",
|
||||
"secret/wintermute/vermillion", "secret/wintermute/periwinkle", "secret/straylight/vermillion",
|
||||
"secret/straylight/periwinkle", "secret/icebreaker/armitage/vermillion",
|
||||
"secret/icebreaker/armitage/periwinkle");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -61,150 +61,161 @@ import static org.mockito.Mockito.when;
|
||||
public class VaultReactiveAutoConfigurationTests {
|
||||
|
||||
private final ApplicationContextRunner contextRunner = new ApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(VaultReactiveAutoConfiguration.class));
|
||||
.withConfiguration(AutoConfigurations.of(VaultReactiveAutoConfiguration.class));
|
||||
|
||||
@Test
|
||||
public void shouldConfigureTemplate() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false").run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
|
||||
assertThat(context).hasSingleBean(AuthenticationStepsFactory.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isNotNull()
|
||||
.isNotInstanceOf(LifecycleAwareSessionManager.class)
|
||||
.isNotInstanceOf(SimpleSessionManager.class);
|
||||
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
|
||||
assertThat(context).hasSingleBean(WebClientFactory.class);
|
||||
});
|
||||
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
|
||||
assertThat(context).hasSingleBean(AuthenticationStepsFactory.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isNotNull()
|
||||
.isNotInstanceOf(LifecycleAwareSessionManager.class)
|
||||
.isNotInstanceOf(SimpleSessionManager.class);
|
||||
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
|
||||
assertThat(context).hasSingleBean(WebClientFactory.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotConfigureIfHttpClientIsMissing() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
|
||||
.withClassLoader(new FilteredClassLoader("reactor.netty.http.client.HttpClient")).run(context -> {
|
||||
.withClassLoader(new FilteredClassLoader("reactor.netty.http.client.HttpClient"))
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).doesNotHaveBean(ReactiveVaultOperations.class);
|
||||
});
|
||||
assertThat(context).doesNotHaveBean(ReactiveVaultOperations.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConfigureTemplateWithTokenSupplier() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false").run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isNotNull()
|
||||
.isNotInstanceOf(LifecycleAwareSessionManager.class)
|
||||
.isNotInstanceOf(SimpleSessionManager.class);
|
||||
assertThat(context).doesNotHaveBean(WebClient.class);
|
||||
});
|
||||
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isNotNull()
|
||||
.isNotInstanceOf(LifecycleAwareSessionManager.class)
|
||||
.isNotInstanceOf(SimpleSessionManager.class);
|
||||
assertThat(context).doesNotHaveBean(WebClient.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotConfigureReactiveSupport() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(VaultAutoConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).doesNotHaveBean(ReactiveVaultTemplate.class)
|
||||
.doesNotHaveBean(ReactiveVaultOperations.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
|
||||
});
|
||||
assertThat(context).doesNotHaveBean(ReactiveVaultTemplate.class)
|
||||
.doesNotHaveBean(ReactiveVaultOperations.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sessionManagerBridgeShouldNotCacheTokens() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class, CustomSessionManager.class)
|
||||
.run(context -> {
|
||||
.run(context -> {
|
||||
|
||||
SessionManager sessionManager = context.getBean(SessionManager.class);
|
||||
SessionManager sessionManager = context.getBean(SessionManager.class);
|
||||
|
||||
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
|
||||
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
|
||||
});
|
||||
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
|
||||
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldDisableSessionManagement() {
|
||||
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
|
||||
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
|
||||
assertThat(bean).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
|
||||
});
|
||||
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
|
||||
assertThat(bean).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConfigureSessionManagement() {
|
||||
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
|
||||
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s")
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
|
||||
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s")
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
|
||||
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
|
||||
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
|
||||
|
||||
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
|
||||
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
|
||||
|
||||
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
|
||||
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
|
||||
});
|
||||
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
|
||||
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConfigureEndpointProvider() {
|
||||
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.withUserConfiguration(ReactiveEndpointProviderConfiguration.class)
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.withUserConfiguration(ReactiveEndpointProviderConfiguration.class)
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
|
||||
WebClientFactory factory = context.getBean(WebClientFactory.class);
|
||||
WebClient webClient = factory.create();
|
||||
WebClientFactory factory = context.getBean(WebClientFactory.class);
|
||||
WebClient webClient = factory.create();
|
||||
|
||||
webClient.get().uri("foo").retrieve().bodyToMono(String.class).as(StepVerifier::create)
|
||||
.verifyErrorMatches(throwable -> throwable.getMessage().contains("foobar-1"));
|
||||
webClient.get()
|
||||
.uri("foo")
|
||||
.retrieve()
|
||||
.bodyToMono(String.class)
|
||||
.as(StepVerifier::create)
|
||||
.verifyErrorMatches(throwable -> throwable.getMessage().contains("foobar-1"));
|
||||
|
||||
webClient.get().uri("foo").retrieve().bodyToMono(String.class).as(StepVerifier::create)
|
||||
.verifyErrorMatches(throwable -> throwable.getMessage().contains("foobar-2"));
|
||||
});
|
||||
webClient.get()
|
||||
.uri("foo")
|
||||
.retrieve()
|
||||
.bodyToMono(String.class)
|
||||
.as(StepVerifier::create)
|
||||
.verifyErrorMatches(throwable -> throwable.getMessage().contains("foobar-2"));
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConsiderCustomConnector() {
|
||||
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.withUserConfiguration(CustomConnector.class)
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class,
|
||||
() -> () -> Mono.just(VaultToken.of("foo".toCharArray())))
|
||||
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.withUserConfiguration(CustomConnector.class)
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class,
|
||||
() -> () -> Mono.just(VaultToken.of("foo".toCharArray())))
|
||||
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
|
||||
ReactiveVaultOperations operations = context.getBean(ReactiveVaultOperations.class);
|
||||
operations.delete("foo").as(StepVerifier::create).verifyError(WebClientRequestException.class);
|
||||
});
|
||||
ReactiveVaultOperations operations = context.getBean(ReactiveVaultOperations.class);
|
||||
operations.delete("foo").as(StepVerifier::create).verifyError(WebClientRequestException.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
|
||||
@@ -53,114 +53,115 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
public class VaultReactiveBootstrapConfigurationTests {
|
||||
|
||||
private ApplicationContextRunner contextRunner = new ApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(VaultReactiveBootstrapConfiguration.class))
|
||||
.withAllowBeanDefinitionOverriding(true);
|
||||
.withConfiguration(AutoConfigurations.of(VaultReactiveBootstrapConfiguration.class))
|
||||
.withAllowBeanDefinitionOverriding(true);
|
||||
|
||||
@Test
|
||||
public void shouldConfigureTemplate() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
|
||||
assertThat(context).hasSingleBean(AuthenticationStepsFactory.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isNotNull()
|
||||
.isNotInstanceOf(LifecycleAwareSessionManager.class)
|
||||
.isNotInstanceOf(SimpleSessionManager.class);
|
||||
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
|
||||
assertThat(context).hasSingleBean(WebClientFactory.class);
|
||||
});
|
||||
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
|
||||
assertThat(context).hasSingleBean(AuthenticationStepsFactory.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isNotNull()
|
||||
.isNotInstanceOf(LifecycleAwareSessionManager.class)
|
||||
.isNotInstanceOf(SimpleSessionManager.class);
|
||||
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
|
||||
assertThat(context).hasSingleBean(WebClientFactory.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotConfigureIfHttpClientIsMissing() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
|
||||
.withClassLoader(new FilteredClassLoader("reactor.netty.http.client.HttpClient")).run(context -> {
|
||||
.withClassLoader(new FilteredClassLoader("reactor.netty.http.client.HttpClient"))
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).doesNotHaveBean(ReactiveVaultOperations.class);
|
||||
});
|
||||
assertThat(context).doesNotHaveBean(ReactiveVaultOperations.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConfigureTemplateWithTokenSupplier() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false",
|
||||
"spring.cloud.bootstrap.enabled=true")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isNotNull()
|
||||
.isNotInstanceOf(LifecycleAwareSessionManager.class)
|
||||
.isNotInstanceOf(SimpleSessionManager.class);
|
||||
assertThat(context).doesNotHaveBean(WebClient.class);
|
||||
});
|
||||
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isNotNull()
|
||||
.isNotInstanceOf(LifecycleAwareSessionManager.class)
|
||||
.isNotInstanceOf(SimpleSessionManager.class);
|
||||
assertThat(context).doesNotHaveBean(WebClient.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldNotConfigureReactiveSupport() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(VaultBootstrapConfiguration.class)
|
||||
.withPropertyValues("spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo")
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo")
|
||||
.run(context -> {
|
||||
|
||||
assertThat(context).doesNotHaveBean(ReactiveVaultTemplate.class)
|
||||
.doesNotHaveBean(ReactiveVaultOperations.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
|
||||
});
|
||||
assertThat(context).doesNotHaveBean(ReactiveVaultTemplate.class)
|
||||
.doesNotHaveBean(ReactiveVaultOperations.class);
|
||||
assertThat(context.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sessionManagerBridgeShouldNotCacheTokens() {
|
||||
|
||||
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class, CustomSessionManager.class)
|
||||
.run(context -> {
|
||||
.run(context -> {
|
||||
|
||||
SessionManager sessionManager = context.getBean(SessionManager.class);
|
||||
SessionManager sessionManager = context.getBean(SessionManager.class);
|
||||
|
||||
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
|
||||
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
|
||||
});
|
||||
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
|
||||
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldDisableSessionManagement() {
|
||||
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultBootstrapConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultBootstrapConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.enabled=false")
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultBootstrapConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultBootstrapConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
|
||||
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
|
||||
assertThat(bean).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
|
||||
});
|
||||
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
|
||||
assertThat(bean).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldConfigureSessionManagement() {
|
||||
|
||||
this.contextRunner
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
|
||||
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s")
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultBootstrapConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultBootstrapConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
|
||||
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
|
||||
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s")
|
||||
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
|
||||
.withBean("taskSchedulerWrapper", VaultBootstrapConfiguration.TaskSchedulerWrapper.class,
|
||||
() -> new VaultBootstrapConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
|
||||
.run(context -> {
|
||||
|
||||
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
|
||||
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
|
||||
|
||||
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
|
||||
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
|
||||
|
||||
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
|
||||
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
|
||||
});
|
||||
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
|
||||
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
|
||||
});
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
|
||||
@@ -80,8 +80,9 @@ public class VaultVersionedKvBackendConfigTests {
|
||||
object.put("vault.value", "foo");
|
||||
object.put("nested", Collections.singletonMap("key", "value"));
|
||||
|
||||
vaultRule.prepare().getVaultOperations().write("versioned/data/testVaultApp",
|
||||
Collections.singletonMap("data", object));
|
||||
vaultRule.prepare()
|
||||
.getVaultOperations()
|
||||
.write("versioned/data/testVaultApp", Collections.singletonMap("data", object));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -58,7 +58,7 @@ public class PrepareVault {
|
||||
int requiredKeys = 2;
|
||||
|
||||
VaultInitializationResponse initialized = this.vaultOperations.opsForSys()
|
||||
.initialize(VaultInitializationRequest.create(createKeys, requiredKeys));
|
||||
.initialize(VaultInitializationRequest.create(createKeys, requiredKeys));
|
||||
|
||||
for (int i = 0; i < requiredKeys; i++) {
|
||||
|
||||
|
||||
@@ -86,7 +86,7 @@ public class TestRestTemplateFactory {
|
||||
}
|
||||
|
||||
final ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory
|
||||
.create(new ClientOptions(), sslConfiguration);
|
||||
.create(new ClientOptions(), sslConfiguration);
|
||||
|
||||
if (factoryCache.compareAndSet(null, clientHttpRequestFactory)) {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user