Bumping versions

This commit is contained in:
buildmaster
2024-07-22 16:56:17 +00:00
parent 9f23f1a4c3
commit bb8741ccf3
55 changed files with 555 additions and 464 deletions

View File

@@ -39,7 +39,7 @@ public class VaultConfigAwsBootstrapConfigurationUnitTests {
properties.setRole("readonly");
SecretBackendMetadataFactory<VaultAwsProperties> factory = new VaultConfigAwsBootstrapConfiguration()
.awsSecretBackendMetadataFactory();
.awsSecretBackendMetadataFactory();
SecretBackendMetadata metadata = factory.createMetadata(properties);
@@ -55,7 +55,7 @@ public class VaultConfigAwsBootstrapConfigurationUnitTests {
properties.setRole("readonly");
SecretBackendMetadataFactory<VaultAwsProperties> factory = new VaultConfigAwsBootstrapConfiguration()
.awsSecretBackendMetadataFactory();
.awsSecretBackendMetadataFactory();
SecretBackendMetadata metadata = factory.createMetadata(properties);
@@ -73,7 +73,7 @@ public class VaultConfigAwsBootstrapConfigurationUnitTests {
properties.setRole("readonly");
SecretBackendMetadataFactory<VaultAwsProperties> factory = new VaultConfigAwsBootstrapConfiguration()
.awsSecretBackendMetadataFactory();
.awsSecretBackendMetadataFactory();
SecretBackendMetadata metadata = factory.createMetadata(properties);

View File

@@ -70,8 +70,9 @@ public class VaultConfigConsulConfigDataTests extends IntegrationTestSupport {
role.put("max_ttl", "3s");
vaultOperations.write(String.format("%s/roles/%s", "consul", "short-readonly"), role);
this.vaultRule.prepare().getVaultOperations().write("secret/VaultConfigConsulConfigDataTests",
Collections.singletonMap("default-key", "default"));
this.vaultRule.prepare()
.getVaultOperations()
.write("secret/VaultConfigConsulConfigDataTests", Collections.singletonMap("default-key", "default"));
SpringApplication application = new SpringApplication(VaultConfigConsulConfigDataTests.Config.class);
application.setWebApplicationType(WebApplicationType.NONE);

View File

@@ -94,7 +94,7 @@ public class CouchbaseSecretIntegrationTests extends IntegrationTestSupport {
public void shouldCreateCredentialsCorrectly() {
Map<String, Object> secretProperties = this.configOperations.read(forDatabase(this.couchbaseProperties))
.getData();
.getData();
assertThat(secretProperties).containsKeys("spring.couchbase.username", "spring.couchbase.password");
}

View File

@@ -50,7 +50,7 @@ public class MongoSecretIntegrationTests extends IntegrationTestSupport {
private static final String MONGODB_HOST = "localhost";
private static final String ROOT_CREDENTIALS = String
.format("mongodb://springvault:springvault@%s:%d/admin?ssl=false", MONGODB_HOST, MONGODB_PORT);
.format("mongodb://springvault:springvault@%s:%d/admin?ssl=false", MONGODB_HOST, MONGODB_PORT);
private static final String ROLES = "[ \"readWrite\", { \"role\": \"read\", \"db\": \"admin\" } ]";

View File

@@ -49,8 +49,8 @@ public class PostgreSqlSecretIntegrationTests extends IntegrationTestSupport {
private static final int POSTGRES_PORT = 5432;
private static final String CONNECTION_URL = String.format(
"postgresql://springvault:springvault@%s:%d/postgres?sslmode=disable", POSTGRES_HOST, POSTGRES_PORT);
private static final String CONNECTION_URL = String
.format("postgresql://springvault:springvault@%s:%d/postgres?sslmode=disable", POSTGRES_HOST, POSTGRES_PORT);
private static final String CREATE_USER_AND_GRANT_SQL = "CREATE ROLE \"{{name}}\" WITH "
+ "LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';\n"

View File

@@ -113,9 +113,11 @@ public class VaultConfigCassandraTests {
@Test
public void shouldConnectUsingCassandraClient() {
try (CqlSession session = CqlSession.builder().withLocalDatacenter("dc1")
.addContactPoint(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT))
.withAuthCredentials(this.username, this.password).build()) {
try (CqlSession session = CqlSession.builder()
.withLocalDatacenter("dc1")
.addContactPoint(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT))
.withAuthCredentials(this.username, this.password)
.build()) {
assertThat(session.getMetadata().getKeyspace("system")).isNotEmpty();
}
}

View File

@@ -33,7 +33,7 @@ public class VaultConfigDatabaseBootstrapConfigurationUnitTests {
public void shouldConsiderCredentialPath() {
VaultConfigDatabaseBootstrapConfiguration.DatabaseSecretBackendMetadataFactory factory = new VaultConfigDatabaseBootstrapConfiguration()
.databaseSecretBackendMetadataFactory();
.databaseSecretBackendMetadataFactory();
VaultDatabaseProperties properties = new VaultDatabaseProperties();
properties.setStaticRole(true);

View File

@@ -63,7 +63,7 @@ public class VaultConfigMongoTests {
private static final String MONGODB_HOST = "localhost";
private static final String ROOT_CREDENTIALS = String
.format("mongodb://springvault:springvault@%s:%d/admin?ssl=false", MONGODB_HOST, MONGODB_PORT);
.format("mongodb://springvault:springvault@%s:%d/admin?ssl=false", MONGODB_HOST, MONGODB_PORT);
private static final String ROLES = "[ \"readWrite\", { \"role\": \"read\", \"db\": \"admin\" } ]";

View File

@@ -60,8 +60,8 @@ public class VaultConfigPostgreSqlTests {
private static final int POSTGRES_PORT = 5432;
private static final String CONNECTION_URL = String.format(
"postgresql://springvault:springvault@%s:%d/postgres?sslmode=disable", POSTGRES_HOST, POSTGRES_PORT);
private static final String CONNECTION_URL = String
.format("postgresql://springvault:springvault@%s:%d/postgres?sslmode=disable", POSTGRES_HOST, POSTGRES_PORT);
private static final String CREATE_USER_AND_GRANT_SQL = "CREATE ROLE \"{{name}}\" WITH "
+ "LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';\n"

View File

@@ -90,7 +90,7 @@ class ClientAuthenticationFactory {
ClientAuthenticationFactory.class.getClassLoader());
private static final boolean googleCredentialsPresent = ClassUtils
.isPresent("com.google.auth.oauth2.GoogleCredentials", ClientAuthenticationFactory.class.getClassLoader());
.isPresent("com.google.auth.oauth2.GoogleCredentials", ClientAuthenticationFactory.class.getClassLoader());
private final VaultProperties vaultProperties;
@@ -159,9 +159,10 @@ class ClientAuthenticationFactory {
Assert.hasText(appId.getUserId(), "UserId (spring.cloud.vault.app-id.user-id) must not be empty");
AppIdAuthenticationOptions authenticationOptions = AppIdAuthenticationOptions.builder()
.appId(vaultProperties.getApplicationName()) //
.path(appId.getAppIdPath()) //
.userIdMechanism(getAppIdMechanism(appId)).build();
.appId(vaultProperties.getApplicationName()) //
.path(appId.getAppIdPath()) //
.userIdMechanism(getAppIdMechanism(appId))
.build();
return new AppIdAuthentication(authenticationOptions, this.restOperations);
}
@@ -209,7 +210,7 @@ class ClientAuthenticationFactory {
AppRoleProperties appRole = vaultProperties.getAppRole();
AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder()
.path(appRole.getAppRolePath());
.path(appRole.getAppRolePath());
if (StringUtils.hasText(appRole.getRole())) {
builder.appRole(appRole.getRole());
@@ -265,11 +266,12 @@ class ClientAuthenticationFactory {
Nonce nonce = StringUtils.hasText(awsEc2.getNonce()) ? Nonce.provided(awsEc2.getNonce().toCharArray())
: Nonce.generated();
AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions.builder().role(awsEc2.getRole()) //
.path(awsEc2.getAwsEc2Path()) //
.nonce(nonce) //
.identityDocumentUri(awsEc2.getIdentityDocument()) //
.build();
AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions.builder()
.role(awsEc2.getRole()) //
.path(awsEc2.getAwsEc2Path()) //
.nonce(nonce) //
.identityDocumentUri(awsEc2.getIdentityDocument()) //
.build();
return new AwsEc2Authentication(authenticationOptions, this.restOperations, this.externalRestOperations);
}
@@ -298,7 +300,7 @@ class ClientAuthenticationFactory {
}
builder.path(awsIam.getAwsPath()) //
.credentialsProvider(credentialsProvider);
.credentialsProvider(credentialsProvider);
AwsIamAuthenticationOptions options = builder.credentialsProvider(credentialsProvider).build();
@@ -312,10 +314,11 @@ class ClientAuthenticationFactory {
Assert.hasText(azureMsi.getRole(), "Azure role (spring.cloud.vault.azure-msi.role) must not be empty");
AzureMsiAuthenticationOptions options = AzureMsiAuthenticationOptions.builder() //
.role(azureMsi.getRole()).path(azureMsi.getAzurePath()) //
.instanceMetadataUri(azureMsi.getMetadataService()) //
.identityTokenServiceUri(azureMsi.getIdentityTokenService()) //
.build();
.role(azureMsi.getRole())
.path(azureMsi.getAzurePath()) //
.instanceMetadataUri(azureMsi.getMetadataService()) //
.identityTokenServiceUri(azureMsi.getIdentityTokenService()) //
.build();
return new AzureMsiAuthentication(options, this.restOperations, this.externalRestOperations);
}
@@ -326,9 +329,9 @@ class ClientAuthenticationFactory {
"Initial Token (spring.cloud.vault.token) for Cubbyhole authentication must not be empty");
CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
.wrapped() //
.initialToken(VaultToken.of(this.vaultProperties.getToken())) //
.build();
.wrapped() //
.initialToken(VaultToken.of(this.vaultProperties.getToken())) //
.build();
return new CubbyholeAuthentication(options, this.restOperations);
}
@@ -340,7 +343,8 @@ class ClientAuthenticationFactory {
Assert.hasText(gcp.getRole(), "Role (spring.cloud.vault.gcp-gce.role) must not be empty");
GcpComputeAuthenticationOptionsBuilder builder = GcpComputeAuthenticationOptions.builder()
.path(gcp.getGcpPath()).role(gcp.getRole());
.path(gcp.getGcpPath())
.role(gcp.getRole());
if (StringUtils.hasText(gcp.getServiceAccount())) {
builder.serviceAccount(gcp.getServiceAccount());
@@ -372,8 +376,10 @@ class ClientAuthenticationFactory {
"Service account token file (spring.cloud.vault.kubernetes.service-account-token-file) must not be empty");
KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions.builder()
.path(kubernetes.getKubernetesPath()).role(kubernetes.getRole())
.jwtSupplier(new KubernetesServiceAccountTokenFile(kubernetes.getServiceAccountTokenFile())).build();
.path(kubernetes.getKubernetesPath())
.role(kubernetes.getRole())
.jwtSupplier(new KubernetesServiceAccountTokenFile(kubernetes.getServiceAccountTokenFile()))
.build();
return new KubernetesAuthentication(options, this.restOperations);
}
@@ -387,7 +393,8 @@ class ClientAuthenticationFactory {
Assert.hasText(pcfProperties.getRole(), "Role (spring.cloud.vault.pcf.role) must not be empty");
PcfAuthenticationOptions.PcfAuthenticationOptionsBuilder builder = PcfAuthenticationOptions.builder()
.role(pcfProperties.getRole()).path(pcfProperties.getPcfPath());
.role(pcfProperties.getRole())
.path(pcfProperties.getPcfPath());
if (pcfProperties.getInstanceCertificate() != null) {
builder.instanceCertificate(new ResourceCredentialSupplier(pcfProperties.getInstanceCertificate()));
@@ -403,7 +410,8 @@ class ClientAuthenticationFactory {
private ClientAuthentication certificateAuthentication(VaultProperties vaultProperties) {
ClientCertificateAuthenticationOptions options = ClientCertificateAuthenticationOptions.builder()
.path(vaultProperties.getSsl().getCertAuthPath()).build();
.path(vaultProperties.getSsl().getCertAuthPath())
.build();
return new ClientCertificateAuthentication(options, this.restOperations);
}

View File

@@ -49,8 +49,10 @@ final class GcpIamAuthenticationFactory {
Assert.hasText(gcp.getRole(), "Role (spring.cloud.vault.gcp-iam.role) must not be empty");
GcpIamAuthenticationOptionsBuilder builder = GcpIamAuthenticationOptions.builder().path(gcp.getGcpPath())
.role(gcp.getRole()).jwtValidity(gcp.getJwtValidity());
GcpIamAuthenticationOptionsBuilder builder = GcpIamAuthenticationOptions.builder()
.path(gcp.getGcpPath())
.role(gcp.getRole())
.jwtValidity(gcp.getJwtValidity());
if (StringUtils.hasText(gcp.getProjectId())) {
builder.projectId(gcp.getProjectId());
@@ -76,8 +78,8 @@ final class GcpIamAuthenticationFactory {
}
if (StringUtils.hasText(credentialProperties.getEncodedKey())) {
return GoogleCredential.fromStream(
new ByteArrayInputStream(Base64.getDecoder().decode(credentialProperties.getEncodedKey())));
return GoogleCredential
.fromStream(new ByteArrayInputStream(Base64.getDecoder().decode(credentialProperties.getEncodedKey())));
}
return GoogleCredential.getApplicationDefault();

View File

@@ -51,7 +51,9 @@ final class GcpIamCredentialsAuthenticationFactory {
Assert.hasText(gcp.getRole(), "Role (spring.cloud.vault.gcp-iam.role) must not be empty");
GcpIamCredentialsAuthenticationOptionsBuilder builder = GcpIamCredentialsAuthenticationOptions.builder()
.path(gcp.getGcpPath()).role(gcp.getRole()).jwtValidity(gcp.getJwtValidity());
.path(gcp.getGcpPath())
.role(gcp.getRole())
.jwtValidity(gcp.getJwtValidity());
if (StringUtils.hasText(gcp.getServiceAccountId())) {
builder.serviceAccountId(gcp.getServiceAccountId());
@@ -73,8 +75,8 @@ final class GcpIamCredentialsAuthenticationFactory {
}
if (StringUtils.hasText(credentialProperties.getEncodedKey())) {
return GoogleCredentials.fromStream(
new ByteArrayInputStream(Base64.getDecoder().decode(credentialProperties.getEncodedKey())));
return GoogleCredentials
.fromStream(new ByteArrayInputStream(Base64.getDecoder().decode(credentialProperties.getEncodedKey())));
}
return GoogleCredentials.getApplicationDefault();

View File

@@ -53,7 +53,7 @@ class PropertySourceLocatorConfigurationFactory {
if (this.configurers.isEmpty()) {
secretBackendConfigurer.registerDefaultKeyValueSecretBackends(true)
.registerDefaultDiscoveredSecretBackends(true);
.registerDefaultDiscoveredSecretBackends(true);
}
else {
@@ -75,12 +75,12 @@ class PropertySourceLocatorConfigurationFactory {
for (String context : contexts) {
secretBackendConfigurer
.add(KeyValueSecretBackendMetadata.create(keyValueBackend.getBackend(), context));
.add(KeyValueSecretBackendMetadata.create(keyValueBackend.getBackend(), context));
}
}
Collection<SecretBackendMetadata> backendAccessors = SecretBackendFactories
.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
backendAccessors.forEach(secretBackendConfigurer::add);
}
@@ -88,7 +88,7 @@ class PropertySourceLocatorConfigurationFactory {
if (secretBackendConfigurer.isRegisterDefaultDiscoveredSecretBackends()) {
Collection<SecretBackendMetadata> backendAccessors = SecretBackendFactories
.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
backendAccessors.forEach(secretBackendConfigurer::add);
}

View File

@@ -81,13 +81,14 @@ public class VaultBootstrapPropertySourceConfiguration implements InitializingBe
public void afterPropertiesSet() {
this.vaultSecretBackendDescriptors = this.applicationContext.getBeansOfType(VaultSecretBackendDescriptor.class)
.values();
.values();
this.vaultSecretBackendDescriptorFactories = this.applicationContext
.getBeansOfType(VaultSecretBackendDescriptorFactory.class).values();
.getBeansOfType(VaultSecretBackendDescriptorFactory.class)
.values();
this.factories = (Collection) this.applicationContext.getBeansOfType(SecretBackendMetadataFactory.class)
.values();
.values();
}
@Bean
@@ -101,7 +102,7 @@ public class VaultBootstrapPropertySourceConfiguration implements InitializingBe
VaultConfigTemplate vaultConfigTemplate = new VaultConfigTemplate(operations, vaultProperties);
Collection<VaultConfigurer> vaultConfigurers = this.applicationContext.getBeansOfType(VaultConfigurer.class)
.values();
.values();
List<VaultSecretBackendDescriptor> descriptors = new ArrayList<>(this.vaultSecretBackendDescriptors);
this.vaultSecretBackendDescriptorFactories.forEach(it -> descriptors.addAll(it.create()));

View File

@@ -150,7 +150,7 @@ public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocati
bootstrap.addCloseListener(event -> {
((ApplicationEventPublisherAware) location.getSecretBackendMetadata())
.setApplicationEventPublisher(event.getApplicationContext());
.setApplicationEventPublisher(event.getApplicationContext());
});
}
@@ -502,7 +502,7 @@ public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocati
registerIfAbsent(this.bootstrap, "clientAuthentication", ClientAuthentication.class, ctx -> {
ClientHttpRequestFactory factory = this.bootstrap.get(ClientFactoryWrapper.class)
.getClientHttpRequestFactory();
.getClientHttpRequestFactory();
RestTemplate externalRestTemplate = new RestTemplate(factory);
@@ -546,7 +546,7 @@ public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocati
this.bootstrap = bootstrap;
this.configuration = new VaultReactiveConfiguration(vaultProperties);
this.endpointProvider = SimpleVaultEndpointProvider
.of(new VaultConfiguration(vaultProperties).createVaultEndpoint());
.of(new VaultConfiguration(vaultProperties).createVaultEndpoint());
this.logFactory = logFactory;
}
@@ -601,7 +601,7 @@ public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocati
void registerSessionManager() {
registerIfAbsent(this.bootstrap, "vaultSessionManager", SessionManager.class, ctx -> {
SessionManager sessionManager = this.configuration
.createSessionManager(ctx.get(ReactiveSessionManager.class));
.createSessionManager(ctx.get(ReactiveSessionManager.class));
reconfigureLogger(sessionManager, this.logFactory);
return sessionManager;
});

View File

@@ -109,8 +109,9 @@ public class VaultConfigDataLocationResolver implements ConfigDataLocationResolv
if (location.getValue().equals(VaultConfigLocation.VAULT_PREFIX)
|| location.getValue().equals(VaultConfigLocation.VAULT_PREFIX + "//")) {
List<SecretBackendMetadata> sorted = getSecretBackends(context, profiles);
return sorted.stream().map(it -> new VaultConfigLocation(it, location.isOptional()))
.collect(Collectors.toList());
return sorted.stream()
.map(it -> new VaultConfigLocation(it, location.isOptional()))
.collect(Collectors.toList());
}
String contextPath = location.getValue().substring(VaultConfigLocation.VAULT_PREFIX.length());
@@ -139,11 +140,12 @@ public class VaultConfigDataLocationResolver implements ConfigDataLocationResolv
context.getBootstrapContext().registerIfAbsent(VaultProperties.class, ignore -> {
VaultProperties vaultProperties = context.getBinder().bindOrCreate(VaultProperties.PREFIX,
VaultProperties.class);
VaultProperties vaultProperties = context.getBinder()
.bindOrCreate(VaultProperties.PREFIX, VaultProperties.class);
vaultProperties.setApplicationName(context.getBinder().bind("spring.application.name", String.class)
.orElse(vaultProperties.getApplicationName()));
vaultProperties.setApplicationName(context.getBinder()
.bind("spring.application.name", String.class)
.orElse(vaultProperties.getApplicationName()));
return vaultProperties;
});
@@ -187,15 +189,15 @@ public class VaultConfigDataLocationResolver implements ConfigDataLocationResolv
Profiles profiles) {
VaultKeyValueBackendProperties kvProperties = context.getBinder()
.bindOrCreate(VaultKeyValueBackendProperties.PREFIX, VaultKeyValueBackendProperties.class);
.bindOrCreate(VaultKeyValueBackendProperties.PREFIX, VaultKeyValueBackendProperties.class);
Binder binder = context.getBinder();
kvProperties.setApplicationName(binder.bind("spring.cloud.vault.kv.application-name", String.class)
.orElseGet(() -> binder.bind("spring.cloud.vault.application-name", String.class)
.orElseGet(() -> binder.bind("spring.application.name", String.class).orElse(""))));
.orElseGet(() -> binder.bind("spring.cloud.vault.application-name", String.class)
.orElseGet(() -> binder.bind("spring.application.name", String.class).orElse(""))));
kvProperties.setProfiles(binder.bind("spring.cloud.vault.kv.profiles", Bindable.listOf(String.class))
.orElseGet(profiles::getActive));
.orElseGet(profiles::getActive));
return kvProperties;
}

View File

@@ -156,8 +156,9 @@ final class VaultConfiguration {
RestTemplateBuilder createRestTemplateBuilder(ClientHttpRequestFactory requestFactory,
VaultEndpointProvider endpointProvider, List<RestTemplateCustomizer> customizers,
List<RestTemplateRequestCustomizer<?>> requestCustomizers) {
RestTemplateBuilder builder = RestTemplateBuilder.builder().requestFactory(requestFactory)
.endpointProvider(endpointProvider);
RestTemplateBuilder builder = RestTemplateBuilder.builder()
.requestFactory(requestFactory)
.endpointProvider(endpointProvider);
customizers.forEach(builder::customizers);
requestCustomizers.forEach(builder::requestCustomizers);

View File

@@ -44,7 +44,8 @@ public class VaultObservationAutoConfiguration {
@ConditionalOnSingleCandidate(ObservationRegistry.class)
public RestTemplateCustomizer observationVaultRestTemplateCustomizer(ObservationRegistry observationRegistry) {
return restTemplate -> new ObservationRestTemplateCustomizer(observationRegistry,
new DefaultClientRequestObservationConvention()).customize(restTemplate);
new DefaultClientRequestObservationConvention())
.customize(restTemplate);
}
}

View File

@@ -124,7 +124,7 @@ public class VaultReactiveAutoConfiguration implements InitializingBean {
if (this.reactiveEndpointProvider == null) {
this.endpointProvider = endpointProvider.getIfAvailable(() -> SimpleVaultEndpointProvider
.of(new VaultConfiguration(vaultProperties).createVaultEndpoint()));
.of(new VaultConfiguration(vaultProperties).createVaultEndpoint()));
}
else {
this.endpointProvider = null;

View File

@@ -79,8 +79,9 @@ final class VaultReactiveConfiguration {
WebClientBuilder createWebClientBuilder(ClientHttpConnector connector,
ReactiveVaultEndpointProvider endpointProvider, List<WebClientCustomizer> customizers) {
WebClientBuilder builder = WebClientBuilder.builder().httpConnector(connector)
.endpointProvider(endpointProvider);
WebClientBuilder builder = WebClientBuilder.builder()
.httpConnector(connector)
.endpointProvider(endpointProvider);
return applyCustomizer(customizers, builder);
}
@@ -88,8 +89,9 @@ final class VaultReactiveConfiguration {
WebClientBuilder createWebClientBuilder(ClientHttpConnector connector, VaultEndpointProvider endpointProvider,
List<WebClientCustomizer> customizers) {
WebClientBuilder builder = WebClientBuilder.builder().httpConnector(connector)
.endpointProvider(endpointProvider);
WebClientBuilder builder = WebClientBuilder.builder()
.httpConnector(connector)
.endpointProvider(endpointProvider);
return applyCustomizer(customizers, builder);
}

View File

@@ -72,10 +72,10 @@ public class VaultReactiveHealthIndicator extends AbstractReactiveHealthIndicato
protected Mono<Health> doHealthCheck(Builder builder) {
return this.vaultOperations
.doWithVault((it) -> it.get().uri("sys/health").header(VaultHttpHeaders.VAULT_NAMESPACE, "").exchange())
.flatMap((it) -> it.bodyToMono(VaultHealthImpl.class))
.onErrorResume(WebClientResponseException.class, VaultReactiveHealthIndicator::deserializeError)
.map((vaultHealthResponse) -> getHealth(builder, vaultHealthResponse));
.doWithVault((it) -> it.get().uri("sys/health").header(VaultHttpHeaders.VAULT_NAMESPACE, "").exchange())
.flatMap((it) -> it.bodyToMono(VaultHealthImpl.class))
.onErrorResume(WebClientResponseException.class, VaultReactiveHealthIndicator::deserializeError)
.map((vaultHealthResponse) -> getHealth(builder, vaultHealthResponse));
}
@JsonIgnoreProperties(ignoreUnknown = true)

View File

@@ -46,7 +46,8 @@ public class VaultReactiveObservationAutoConfiguration {
@ConditionalOnSingleCandidate(ObservationRegistry.class)
public WebClientCustomizer observationVaultWebClientCustomizer(ObservationRegistry observationRegistry) {
return webClientBuilder -> new ObservationWebClientCustomizer(observationRegistry,
new DefaultClientRequestObservationConvention()).customize(webClientBuilder);
new DefaultClientRequestObservationConvention())
.customize(webClientBuilder);
}
}

View File

@@ -47,15 +47,19 @@ class VaultRuntimeHints implements RuntimeHintsRegistrar {
ReflectionHints reflection = hints.reflection();
// reflection required for ConfigDataLoader, early logging capture
reflection.registerTypes(Arrays.asList(SimpleSessionManager.class, LifecycleAwareSessionManager.class,
LifecycleAwareSessionManagerSupport.class, ClientHttpRequestFactoryFactory.class,
org.springframework.vault.core.env.VaultPropertySource.class, LeaseAwareVaultPropertySource.class)
.stream().map(TypeReference::of).collect(Collectors.toList()),
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
reflection.registerTypes(Arrays
.asList(SimpleSessionManager.class, LifecycleAwareSessionManager.class,
LifecycleAwareSessionManagerSupport.class, ClientHttpRequestFactoryFactory.class,
org.springframework.vault.core.env.VaultPropertySource.class, LeaseAwareVaultPropertySource.class)
.stream()
.map(TypeReference::of)
.collect(Collectors.toList()), builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
reflection.registerTypes(
Arrays.asList(VaultKeyValueBackendProperties.class).stream().map(TypeReference::of)
.collect(Collectors.toList()),
Arrays.asList(VaultKeyValueBackendProperties.class)
.stream()
.map(TypeReference::of)
.collect(Collectors.toList()),
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
MemberCategory.INTROSPECT_DECLARED_METHODS, MemberCategory.INVOKE_DECLARED_METHODS,
MemberCategory.INTROSPECT_DECLARED_CONSTRUCTORS, MemberCategory.INVOKE_DECLARED_CONSTRUCTORS));
@@ -69,15 +73,14 @@ class VaultRuntimeHints implements RuntimeHintsRegistrar {
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
reflection.registerType(TypeReference
.of("org.springframework.cloud.vault.config.VaultReactiveConfiguration$ReactiveSessionManagerAdapter"),
.of("org.springframework.cloud.vault.config.VaultReactiveConfiguration$ReactiveSessionManagerAdapter"),
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
if (VaultConfigDataLoader.webclientPresent && VaultConfigDataLoader.reactorPresent) {
reflection
.registerTypes(
Arrays.asList(ReactiveLifecycleAwareSessionManager.class).stream().map(TypeReference::of)
.collect(Collectors.toList()),
builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
reflection.registerTypes(Arrays.asList(ReactiveLifecycleAwareSessionManager.class)
.stream()
.map(TypeReference::of)
.collect(Collectors.toList()), builder -> builder.withMembers(MemberCategory.DECLARED_FIELDS));
}
// presence checks
@@ -96,14 +99,16 @@ class VaultRuntimeHints implements RuntimeHintsRegistrar {
List<Object> pluggableDescriptors = new ArrayList<>();
pluggableDescriptors
.addAll(SpringFactoriesLoader.loadFactories(SecretBackendMetadataFactory.class, classLoader));
.addAll(SpringFactoriesLoader.loadFactories(SecretBackendMetadataFactory.class, classLoader));
pluggableDescriptors
.addAll(SpringFactoriesLoader.loadFactories(VaultSecretBackendDescriptor.class, classLoader));
.addAll(SpringFactoriesLoader.loadFactories(VaultSecretBackendDescriptor.class, classLoader));
pluggableDescriptors
.addAll(SpringFactoriesLoader.loadFactories(VaultSecretBackendDescriptorFactory.class, classLoader));
.addAll(SpringFactoriesLoader.loadFactories(VaultSecretBackendDescriptorFactory.class, classLoader));
List<TypeReference> pluggableDescriptorReferences = pluggableDescriptors.stream().map(Object::getClass)
.map(TypeReference::of).collect(Collectors.toList());
List<TypeReference> pluggableDescriptorReferences = pluggableDescriptors.stream()
.map(Object::getClass)
.map(TypeReference::of)
.collect(Collectors.toList());
reflection.registerTypes(pluggableDescriptorReferences, builder -> {
builder.withMembers(MemberCategory.INTROSPECT_DECLARED_CONSTRUCTORS,

View File

@@ -37,9 +37,9 @@ public class ApplicationFailFastTests {
@Test
public void contextLoadsWithFailFastUsingLeasing() {
try {
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class).run("--server.port=0",
"--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=true",
"--spring.cloud.vault.config.lifecycle.enabled=true", "--spring.cloud.vault.port=9999");
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class)
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=true",
"--spring.cloud.vault.config.lifecycle.enabled=true", "--spring.cloud.vault.port=9999");
fail("failFast option did not produce an exception");
}
catch (Exception e) {
@@ -50,10 +50,10 @@ public class ApplicationFailFastTests {
@Test
public void contextLoadsWithFailFastWithoutLeasing() {
try {
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class).run("--server.port=0",
"--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=true",
"--spring.cloud.vault.config.lifecycle.enabled=false",
"--spring.cloud.vault.session.lifecycle.enabled=false", "--spring.cloud.vault.port=9999");
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class)
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=true",
"--spring.cloud.vault.config.lifecycle.enabled=false",
"--spring.cloud.vault.session.lifecycle.enabled=false", "--spring.cloud.vault.port=9999");
fail("failFast option did not produce an exception");
}
catch (Exception e) {
@@ -64,9 +64,9 @@ public class ApplicationFailFastTests {
@Test
@Ignore("Fails because of method errors in Discovery health check")
public void contextLoadsWithoutFailFast() {
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class).run("--server.port=0",
"--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=false",
"--spring.cloud.vault.port=9999");
new SpringApplicationBuilder().sources(ApplicationFailFastTests.class)
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=true", "--spring.cloud.vault.failFast=false",
"--spring.cloud.vault.port=9999");
}
}

View File

@@ -69,7 +69,7 @@ public class ClientAuthenticationFactoryUnitTests {
new RestTemplate());
AwsIamAuthentication authentication = (AwsIamAuthentication) factory.awsIamAuthentication(properties);
AwsIamAuthenticationOptions options = (AwsIamAuthenticationOptions) ReflectionTestUtils
.getField(authentication, "options");
.getField(authentication, "options");
assertThat(options.getRegionProvider().getRegion()).isEqualTo(Region.AWS_GLOBAL);
}
@@ -177,7 +177,7 @@ public class ClientAuthenticationFactoryUnitTests {
VaultProperties properties = new VaultProperties();
assertThatThrownBy(() -> ClientAuthenticationFactory.getAppRoleAuthenticationOptions(properties))
.isInstanceOf(IllegalArgumentException.class);
.isInstanceOf(IllegalArgumentException.class);
}
@Test
@@ -187,7 +187,7 @@ public class ClientAuthenticationFactoryUnitTests {
properties.getAppRole().setRole("my-role");
assertThatThrownBy(() -> ClientAuthenticationFactory.getAppRoleAuthenticationOptions(properties))
.isInstanceOf(IllegalArgumentException.class);
.isInstanceOf(IllegalArgumentException.class);
}
@Test
@@ -200,7 +200,8 @@ public class ClientAuthenticationFactoryUnitTests {
properties.getPcf().setInstanceCertificate(new ClassPathResource("bootstrap.yml"));
ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(properties, new RestTemplate(),
new RestTemplate()).createClientAuthentication();
new RestTemplate())
.createClientAuthentication();
assertThat(clientAuthentication).isInstanceOf(PcfAuthentication.class);
}
@@ -213,7 +214,8 @@ public class ClientAuthenticationFactoryUnitTests {
properties.getSsl().setCertAuthPath("bert");
ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(properties, new RestTemplate(),
new RestTemplate()).createClientAuthentication();
new RestTemplate())
.createClientAuthentication();
assertThat(clientAuthentication).isInstanceOf(ClientCertificateAuthentication.class);
}
@@ -229,7 +231,8 @@ public class ClientAuthenticationFactoryUnitTests {
StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.CREATE);
try {
ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(properties, new RestTemplate(),
new RestTemplate()).createClientAuthentication();
new RestTemplate())
.createClientAuthentication();
assertThat(clientAuthentication).isInstanceOf(TokenAuthentication.class);
VaultToken token = clientAuthentication.login();

View File

@@ -39,8 +39,8 @@ public class ConfigDataShutdownTests extends IntegrationTestSupport {
@Test
public void contextShutdownDestroysSecretLeaseContainer() {
ConfigurableApplicationContext context = new SpringApplicationBuilder().sources(ConfigDataShutdownTests.class)
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=false", "--spring.cloud.vault.failFast=true",
"--spring.cloud.vault.config.lifecycle.enabled=true", "--spring.config.import=vault://");
.run("--server.port=0", "--spring.cloud.bootstrap.enabled=false", "--spring.cloud.vault.failFast=true",
"--spring.cloud.vault.config.lifecycle.enabled=true", "--spring.config.import=vault://");
SecretLeaseContainer container = context.getBean(SecretLeaseContainer.class);

View File

@@ -50,42 +50,42 @@ public class DiscoveryClientVaultBootstrapConfigurationTests {
@Test
public void shouldRegisterDefaultBeans() {
this.contextRunner
.withUserConfiguration(DiscoveryConfiguration.class).withPropertyValues("spring.cloud.vault.token=foo",
"spring.cloud.vault.discovery.enabled=true", "spring.cloud.bootstrap.enabled=true")
.run(context -> {
this.contextRunner.withUserConfiguration(DiscoveryConfiguration.class)
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context.getBean(VaultServiceInstanceProvider.class))
.isInstanceOf(DiscoveryClientVaultServiceInstanceProvider.class);
assertThat(context.getBean(VaultServiceInstanceProvider.class))
.isInstanceOf(DiscoveryClientVaultServiceInstanceProvider.class);
VaultEndpointProvider endpointProvider = context.getBean(VaultEndpointProvider.class);
VaultEndpoint vaultEndpoint = endpointProvider.getVaultEndpoint();
assertThat(vaultEndpoint.getPort()).isEqualTo(1234);
});
VaultEndpointProvider endpointProvider = context.getBean(VaultEndpointProvider.class);
VaultEndpoint vaultEndpoint = endpointProvider.getVaultEndpoint();
assertThat(vaultEndpoint.getPort()).isEqualTo(1234);
});
}
@Test
public void shouldNotRegisterBeansIfDiscoveryDisabled() {
this.contextRunner
.withUserConfiguration(DiscoveryConfiguration.class).withPropertyValues("spring.cloud.vault.token=foo",
"spring.cloud.vault.discovery.enabled=false", "spring.cloud.bootstrap.enabled=true")
.run(context -> {
this.contextRunner.withUserConfiguration(DiscoveryConfiguration.class)
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context.getBeanNamesForType(VaultServiceInstanceProvider.class)).isEmpty();
});
assertThat(context.getBeanNamesForType(VaultServiceInstanceProvider.class)).isEmpty();
});
}
@Test
public void shouldNotRegisterBeansIfVaultDisabled() {
this.contextRunner.withUserConfiguration(DiscoveryConfiguration.class)
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context.getBeanNamesForType(VaultServiceInstanceProvider.class)).isEmpty();
});
assertThat(context.getBeanNamesForType(VaultServiceInstanceProvider.class)).isEmpty();
});
}
@@ -97,7 +97,7 @@ public class DiscoveryClientVaultBootstrapConfigurationTests {
DiscoveryClient mock = Mockito.mock(DiscoveryClient.class);
when(mock.getInstances(anyString()))
.thenReturn(Collections.singletonList(new SimpleServiceInstance(URI.create("https://foo:1234"))));
.thenReturn(Collections.singletonList(new SimpleServiceInstance(URI.create("https://foo:1234"))));
return mock;
}

View File

@@ -59,8 +59,9 @@ public class KeyValueSecretBackendMetadataUnitTests {
List<String> contexts = KeyValueSecretBackendMetadata.buildContexts(this.properties,
Arrays.asList("cloud", "local"));
assertThat(contexts).hasSize(6).containsSequence("my-app/local", "my-app/cloud", "my-app", "application/local",
"application/cloud", "application");
assertThat(contexts).hasSize(6)
.containsSequence("my-app/local", "my-app/cloud", "my-app", "application/local", "application/cloud",
"application");
}
@Test
@@ -92,8 +93,9 @@ public class KeyValueSecretBackendMetadataUnitTests {
List<String> contexts = KeyValueSecretBackendMetadata.buildContexts(this.properties,
Arrays.asList("cloud", "local"));
assertThat(contexts).hasSize(9).containsSequence("bar/local", "bar/cloud", "bar", "foo/local", "foo/cloud",
"foo", "application/local", "application/cloud", "application");
assertThat(contexts).hasSize(9)
.containsSequence("bar/local", "bar/cloud", "bar", "foo/local", "foo/cloud", "foo", "application/local",
"application/cloud", "application");
}
}

View File

@@ -51,7 +51,8 @@ public class KeyValueSecretIntegrationTests extends IntegrationTestSupport {
public void shouldReturnSecretsCorrectly() {
Map<String, Object> secretProperties = this.configOperations
.read(KeyValueSecretBackendMetadata.create("secret", "app-name")).getData();
.read(KeyValueSecretBackendMetadata.create("secret", "app-name"))
.getData();
assertThat(secretProperties).containsAllEntriesOf(createExpectedMap());
}

View File

@@ -98,7 +98,7 @@ public class LeasingVaultPropertySourceLocatorUnitTests {
verify(this.secretLeaseContainer).addRequestedSecret(rotating);
verify(this.secretLeaseContainer)
.addRequestedSecret(RequestedSecret.renewable("database/mysql/creds/readonly"));
.addRequestedSecret(RequestedSecret.renewable("database/mysql/creds/readonly"));
}
}

View File

@@ -40,8 +40,8 @@ public class PropertyNameTransformerUnitTests {
map.put("old-key", "value");
map.put("other-key", "other-value");
assertThat(transformer.transformProperties(map)).containsEntry("new-key", "value").containsEntry("other-key",
"other-value");
assertThat(transformer.transformProperties(map)).containsEntry("new-key", "value")
.containsEntry("other-key", "other-value");
}
}

View File

@@ -47,68 +47,66 @@ import static org.mockito.Mockito.when;
public class ReactiveDiscoveryClientVaultBootstrapConfigurationTests {
private ApplicationContextRunner contextRunner = new ApplicationContextRunner().withConfiguration(AutoConfigurations
.of(ReactiveDiscoveryClientVaultBootstrapConfiguration.class, VaultBootstrapConfiguration.class));
.of(ReactiveDiscoveryClientVaultBootstrapConfiguration.class, VaultBootstrapConfiguration.class));
@Test
public void shouldRegisterDefaultBeans() {
this.contextRunner.withUserConfiguration(ReactiveDiscoveryConfiguration.class)
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context).hasSingleBean(ReactiveVaultEndpointProvider.class);
assertThat(context).hasSingleBean(ReactiveVaultEndpointProvider.class);
ReactiveVaultEndpointProvider endpointProvider = context
.getBean(ReactiveVaultEndpointProvider.class);
ReactiveVaultEndpointProvider endpointProvider = context.getBean(ReactiveVaultEndpointProvider.class);
endpointProvider.getVaultEndpoint().as(StepVerifier::create).assertNext(actual -> {
assertThat(actual.getPort()).isEqualTo(1234);
}).verifyComplete();
});
endpointProvider.getVaultEndpoint().as(StepVerifier::create).assertNext(actual -> {
assertThat(actual.getPort()).isEqualTo(1234);
}).verifyComplete();
});
}
@Test
public void shouldRegisterVaultEndpointAdapterBean() {
this.contextRunner.withUserConfiguration(BridgedDiscoveryConfiguration.class)
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=true",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context).hasSingleBean(ReactiveVaultEndpointProvider.class);
assertThat(context).hasSingleBean(ReactiveVaultEndpointProvider.class);
ReactiveVaultEndpointProvider endpointProvider = context
.getBean(ReactiveVaultEndpointProvider.class);
ReactiveVaultEndpointProvider endpointProvider = context.getBean(ReactiveVaultEndpointProvider.class);
endpointProvider.getVaultEndpoint().as(StepVerifier::create).assertNext(actual -> {
assertThat(actual.getPort()).isEqualTo(1234);
}).verifyComplete();
});
endpointProvider.getVaultEndpoint().as(StepVerifier::create).assertNext(actual -> {
assertThat(actual.getPort()).isEqualTo(1234);
}).verifyComplete();
});
}
@Test
public void shouldNotRegisterBeansIfDiscoveryDisabled() {
this.contextRunner.withUserConfiguration(ReactiveDiscoveryConfiguration.class)
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.discovery.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context.getBeanNamesForType(ReactiveVaultEndpointProvider.class)).isEmpty();
});
assertThat(context.getBeanNamesForType(ReactiveVaultEndpointProvider.class)).isEmpty();
});
}
@Test
public void shouldNotRegisterBeansIfVaultDisabled() {
this.contextRunner.withUserConfiguration(ReactiveDiscoveryConfiguration.class)
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withPropertyValues("spring.cloud.vault.token=foo", "spring.cloud.vault.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context.getBeanNamesForType(ReactiveVaultEndpointProvider.class)).isEmpty();
});
assertThat(context.getBeanNamesForType(ReactiveVaultEndpointProvider.class)).isEmpty();
});
}
@@ -120,7 +118,7 @@ public class ReactiveDiscoveryClientVaultBootstrapConfigurationTests {
ReactiveDiscoveryClient mock = Mockito.mock(ReactiveDiscoveryClient.class);
when(mock.getInstances(anyString()))
.thenReturn(Flux.just(new SimpleServiceInstance(URI.create("https://foo:1234"))));
.thenReturn(Flux.just(new SimpleServiceInstance(URI.create("https://foo:1234"))));
return mock;
}

View File

@@ -41,15 +41,17 @@ public class ReactiveVaultBootstrapConfigurationTests {
@Test
public void shouldConfigureWithoutAuthentication() {
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
"spring.cloud.vault.authentication=NONE", "spring.cloud.bootstrap.enabled=true").run(context -> {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.authentication=NONE",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context).doesNotHaveBean(SessionManager.class);
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
assertThat(context).doesNotHaveBean(VaultTokenSupplier.class);
assertThat(context).doesNotHaveBean(ReactiveSessionManager.class);
assertThat(context).hasSingleBean(ReactiveVaultTemplate.class);
});
assertThat(context).doesNotHaveBean(SessionManager.class);
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
assertThat(context).doesNotHaveBean(VaultTokenSupplier.class);
assertThat(context).doesNotHaveBean(ReactiveSessionManager.class);
assertThat(context).hasSingleBean(ReactiveVaultTemplate.class);
});
}
}

View File

@@ -40,66 +40,70 @@ import static org.assertj.core.api.Assertions.assertThat;
public class VaultBootstrapConfigurationTests {
private ApplicationContextRunner contextRunner = new ApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(VaultBootstrapConfiguration.class));
.withConfiguration(AutoConfigurations.of(VaultBootstrapConfiguration.class));
@Test
public void shouldConfigureWithoutAuthentication() {
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=true",
"spring.cloud.vault.authentication=NONE", "spring.cloud.bootstrap.enabled=true").run(context -> {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=true", "spring.cloud.vault.authentication=NONE",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context).doesNotHaveBean(SessionManager.class);
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
assertThat(context).hasSingleBean(VaultTemplate.class);
assertThat(context).hasSingleBean(RestTemplateFactory.class);
});
assertThat(context).doesNotHaveBean(SessionManager.class);
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
assertThat(context).hasSingleBean(VaultTemplate.class);
assertThat(context).hasSingleBean(RestTemplateFactory.class);
});
}
@Test
public void shouldApplySslSettings() {
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
"spring.cloud.vault.authentication=NONE", "spring.cloud.bootstrap.enabled=true",
"spring.cloud.vault.ssl.enabled-protocols=TLSv1.2,TLSv1.3",
"spring.cloud.vault.ssl.enabled-cipher-suites=one,two").run(context -> {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.authentication=NONE",
"spring.cloud.bootstrap.enabled=true", "spring.cloud.vault.ssl.enabled-protocols=TLSv1.2,TLSv1.3",
"spring.cloud.vault.ssl.enabled-cipher-suites=one,two")
.run(context -> {
VaultProperties properties = context.getBean(VaultProperties.class);
VaultProperties properties = context.getBean(VaultProperties.class);
SslConfiguration sslConfiguration = VaultConfiguration.createSslConfiguration(properties.getSsl());
SslConfiguration sslConfiguration = VaultConfiguration.createSslConfiguration(properties.getSsl());
assertThat(sslConfiguration.getEnabledProtocols()).containsExactly("TLSv1.2", "TLSv1.3");
assertThat(sslConfiguration.getEnabledCipherSuites()).containsExactly("one", "two");
});
assertThat(sslConfiguration.getEnabledProtocols()).containsExactly("TLSv1.2", "TLSv1.3");
assertThat(sslConfiguration.getEnabledCipherSuites()).containsExactly("one", "two");
});
}
@Test
public void shouldDisableSessionManagement() {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false", "spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false", "spring.cloud.bootstrap.enabled=true")
.run(context -> {
SessionManager bean = context.getBean(SessionManager.class);
assertThat(bean).isExactlyInstanceOf(SimpleSessionManager.class);
});
SessionManager bean = context.getBean(SessionManager.class);
assertThat(bean).isExactlyInstanceOf(SimpleSessionManager.class);
});
}
@Test
public void shouldConfigureSessionManagement() {
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s", "spring.cloud.bootstrap.enabled=true")
.run(context -> {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s", "spring.cloud.bootstrap.enabled=true")
.run(context -> {
SessionManager bean = context.getBean(SessionManager.class);
SessionManager bean = context.getBean(SessionManager.class);
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
});
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
});
}
}

View File

@@ -45,44 +45,43 @@ import static org.mockito.Mockito.verify;
public class VaultBootstrapPropertySourceConfigurationTests {
private ApplicationContextRunner contextRunner = new ApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(VaultBootstrapPropertySourceConfiguration.class));
.withConfiguration(AutoConfigurations.of(VaultBootstrapPropertySourceConfiguration.class));
@Test
public void shouldConfigureExpiryTimeoutsAndStrategy() {
this.contextRunner
.withUserConfiguration(MockSecretLeaseContainerConfiguration.class,
MockVaultOperationsConfiguration.class)
.withAllowBeanDefinitionOverriding(true)
.withPropertyValues("spring.cloud.vault.kv.enabled=false",
"spring.cloud.vault.config.lifecycle.expiry-threshold=5m",
"spring.cloud.vault.config.lifecycle.min-renewal=6m",
"spring.cloud.vault.config.lifecycle.lease-endpoints=Leases",
"spring.cloud.vault.config.lifecycle.lease-strategy=retain-on-error",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withUserConfiguration(MockSecretLeaseContainerConfiguration.class, MockVaultOperationsConfiguration.class)
.withAllowBeanDefinitionOverriding(true)
.withPropertyValues("spring.cloud.vault.kv.enabled=false",
"spring.cloud.vault.config.lifecycle.expiry-threshold=5m",
"spring.cloud.vault.config.lifecycle.min-renewal=6m",
"spring.cloud.vault.config.lifecycle.lease-endpoints=Leases",
"spring.cloud.vault.config.lifecycle.lease-strategy=retain-on-error",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
SecretLeaseContainer container = context.getBean(SecretLeaseContainer.class);
verify(container).setExpiryThreshold(Duration.ofMinutes(5));
verify(container).setMinRenewal(Duration.ofMinutes(6));
verify(container).setLeaseEndpoints(LeaseEndpoints.Leases);
verify(container).setLeaseStrategy(LeaseStrategy.retainOnError());
});
SecretLeaseContainer container = context.getBean(SecretLeaseContainer.class);
verify(container).setExpiryThreshold(Duration.ofMinutes(5));
verify(container).setMinRenewal(Duration.ofMinutes(6));
verify(container).setLeaseEndpoints(LeaseEndpoints.Leases);
verify(container).setLeaseStrategy(LeaseStrategy.retainOnError());
});
}
@Test
public void shouldConfigureWithoutAuthentication() {
this.contextRunner.withUserConfiguration(MockVaultOperationsConfiguration.class)
.withAllowBeanDefinitionOverriding(true)
.withPropertyValues("spring.cloud.vault.kv.enabled=true",
"spring.cloud.vault.config.lifecycle.enabled=true", "spring.cloud.vault.authentication=NONE",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withAllowBeanDefinitionOverriding(true)
.withPropertyValues("spring.cloud.vault.kv.enabled=true",
"spring.cloud.vault.config.lifecycle.enabled=true", "spring.cloud.vault.authentication=NONE",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context).doesNotHaveBean(SessionManager.class);
assertThat(context).hasSingleBean(SecretLeaseContainer.class);
});
assertThat(context).doesNotHaveBean(SessionManager.class);
assertThat(context).hasSingleBean(SecretLeaseContainer.class);
});
}
@EnableConfigurationProperties(VaultProperties.class)

View File

@@ -44,11 +44,14 @@ public class VaultBootstrapperIntegrationTests extends IntegrationTestSupport {
@Before
public void before() {
this.vaultRule.prepare().getVaultOperations().write("secret/VaultBootstrapPropertySourceConfigurationTests",
Collections.singletonMap("default-key", "default"));
this.vaultRule.prepare()
.getVaultOperations()
.write("secret/VaultBootstrapPropertySourceConfigurationTests",
Collections.singletonMap("default-key", "default"));
this.vaultRule.prepare().getVaultOperations().write("secret/customized",
Collections.singletonMap("key", "customized"));
this.vaultRule.prepare()
.getVaultOperations()
.write("secret/customized", Collections.singletonMap("key", "customized"));
SpringApplication application = new SpringApplication(Config.class);
application.setWebApplicationType(WebApplicationType.NONE);

View File

@@ -124,8 +124,9 @@ public class VaultConfigAppIdCustomMechanismTests {
RestTemplate restTemplate = TestRestTemplateFactory.create(Settings.createSslConfiguration());
return new AppIdAuthentication(AppIdAuthenticationOptions.builder()
.appId(VaultConfigAppIdCustomMechanismTests.class.getSimpleName())
.userIdMechanism(new StaticUserIdMechanism()).build(), restTemplate);
.appId(VaultConfigAppIdCustomMechanismTests.class.getSimpleName())
.userIdMechanism(new StaticUserIdMechanism())
.build(), restTemplate);
}
}

View File

@@ -94,11 +94,13 @@ public class VaultConfigAppRoleTests {
vaultOperations.write("auth/approle/role/with-secret-id", withSecretId);
String roleId = (String) vaultOperations.read("auth/approle/role/with-secret-id/role-id").getData()
.get("role_id");
String roleId = (String) vaultOperations.read("auth/approle/role/with-secret-id/role-id")
.getData()
.get("role_id");
String secretId = (String) vaultOperations
.write(String.format("auth/approle/role/with-secret-id/secret-id", "with-secret-id"), null).getData()
.get("secret_id");
.write(String.format("auth/approle/role/with-secret-id/secret-id", "with-secret-id"), null)
.getData()
.get("secret_id");
System.setProperty("spring.cloud.vault.app-role.role-id", roleId);
System.setProperty("spring.cloud.vault.app-role.secret-id", secretId);

View File

@@ -42,11 +42,13 @@ public class VaultConfigDataLoaderIntegrationTests extends IntegrationTestSuppor
@Before
public void before() {
this.vaultRule.prepare().getVaultOperations().write("secret/my-config-loader",
Collections.singletonMap("default-key", "default"));
this.vaultRule.prepare()
.getVaultOperations()
.write("secret/my-config-loader", Collections.singletonMap("default-key", "default"));
this.vaultRule.prepare().getVaultOperations().write("secret/my-config-loader/cloud",
Collections.singletonMap("default-key", "cloud"));
this.vaultRule.prepare()
.getVaultOperations()
.write("secret/my-config-loader/cloud", Collections.singletonMap("default-key", "cloud"));
}
@Test

View File

@@ -65,11 +65,11 @@ public class VaultConfigDataLocationResolverUnitTests {
assertThat(
resolver.resolveProfileSpecific(this.contextMock, ConfigDataLocation.of("vault:"), this.profilesMock))
.hasSize(3);
.hasSize(3);
assertThat(
resolver.resolveProfileSpecific(this.contextMock, ConfigDataLocation.of("vault://"), this.profilesMock))
.hasSize(3);
.hasSize(3);
}
@Test
@@ -78,9 +78,9 @@ public class VaultConfigDataLocationResolverUnitTests {
VaultConfigDataLocationResolver resolver = new VaultConfigDataLocationResolver();
assertThatIllegalArgumentException()
.isThrownBy(() -> resolver.resolveProfileSpecific(this.contextMock,
ConfigDataLocation.of("vault://foo/"), this.profilesMock))
.withMessage("Location 'vault://foo/' must not end with a trailing slash");
.isThrownBy(() -> resolver.resolveProfileSpecific(this.contextMock, ConfigDataLocation.of("vault://foo/"),
this.profilesMock))
.withMessage("Location 'vault://foo/' must not end with a trailing slash");
}
@Test
@@ -93,8 +93,10 @@ public class VaultConfigDataLocationResolverUnitTests {
assertThat(locations).hasSize(1);
assertThat(locations.get(0)).hasToString("VaultConfigLocation [path='my/context/path', optional=false]");
assertThat(locations.get(0).getSecretBackendMetadata().getPropertyTransformer()
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("key", "value");
assertThat(locations.get(0)
.getSecretBackendMetadata()
.getPropertyTransformer()
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("key", "value");
}
@Test
@@ -106,8 +108,10 @@ public class VaultConfigDataLocationResolverUnitTests {
ConfigDataLocation.of("vault://my/context/path?prefix=myPrefix."), this.profilesMock);
assertThat(locations).hasSize(1);
assertThat(locations.get(0).getSecretBackendMetadata().getPropertyTransformer()
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("myPrefix.key", "value");
assertThat(locations.get(0)
.getSecretBackendMetadata()
.getPropertyTransformer()
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("myPrefix.key", "value");
}
@Test
@@ -119,8 +123,10 @@ public class VaultConfigDataLocationResolverUnitTests {
ConfigDataLocation.of("vault://my/context/path?prefix="), this.profilesMock);
assertThat(locations).hasSize(1);
assertThat(locations.get(0).getSecretBackendMetadata().getPropertyTransformer()
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("key", "value");
assertThat(locations.get(0)
.getSecretBackendMetadata()
.getPropertyTransformer()
.transformProperties(Collections.singletonMap("key", "value"))).containsEntry("key", "value");
}
@Test
@@ -134,7 +140,7 @@ public class VaultConfigDataLocationResolverUnitTests {
assertThat(
resolver.resolveProfileSpecific(this.contextMock, ConfigDataLocation.of("vault://"), this.profilesMock))
.hasSize(4);
.hasSize(4);
}
}

View File

@@ -61,8 +61,9 @@ public class VaultConfigDisabledTests {
VaultRule vaultRule = new VaultRule();
vaultRule.before();
vaultRule.prepare().getVaultOperations().write("secret/testVaultApp",
Collections.singletonMap("vault.value", "foo"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/testVaultApp", Collections.singletonMap("vault.value", "foo"));
}
@Test

View File

@@ -56,8 +56,9 @@ public class VaultConfigKeyValueBackendDisabledTests {
VaultRule vaultRule = new VaultRule();
vaultRule.before();
vaultRule.prepare().getVaultOperations().write("secret/testVaultApp",
Collections.singletonMap("vault.value", "foo"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/testVaultApp", Collections.singletonMap("vault.value", "foo"));
}
@Test

View File

@@ -57,8 +57,10 @@ public class VaultConfigTemplateIntegrationTests extends IntegrationTestSupport
assumeTrue(this.vaultRule.prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.10.0")));
this.vaultRule.prepare().getVaultOperations().write("versioned/data/testVaultApp",
Collections.singletonMap("data", Collections.singletonMap("key", "value")));
this.vaultRule.prepare()
.getVaultOperations()
.write("versioned/data/testVaultApp",
Collections.singletonMap("data", Collections.singletonMap("key", "value")));
VaultProperties vaultProperties = Settings.createVaultProperties();

View File

@@ -69,8 +69,10 @@ public class VaultConfigTlsCertAuthenticationMountPathTests {
vaultProperties.getSsl().setCertAuthPath("nonstandard");
if (!vaultRule.prepare().hasAuth(vaultProperties.getSsl().getCertAuthPath())) {
vaultRule.prepare().getVaultOperations().opsForSys().authMount(vaultProperties.getSsl().getCertAuthPath(),
VaultMount.builder().type("cert").build());
vaultRule.prepare()
.getVaultOperations()
.opsForSys()
.authMount(vaultProperties.getSsl().getCertAuthPath(), VaultMount.builder().type("cert").build());
}
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

View File

@@ -36,7 +36,7 @@ import static org.mockito.Mockito.mock;
class VaultHealthIndicatorAutoConfigurationTests {
private final ApplicationContextRunner contextRunner = new ApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(VaultHealthIndicatorAutoConfiguration.class));
.withConfiguration(AutoConfigurations.of(VaultHealthIndicatorAutoConfiguration.class));
@Test
void shouldNotConfigureHealthIndicatorWithoutVaultOperations() {
@@ -67,11 +67,11 @@ class VaultHealthIndicatorAutoConfigurationTests {
void shouldConfigureSingleHealthIndicator() {
this.contextRunner.withUserConfiguration(ImperativeConfiguration.class, ReactiveConfiguration.class)
.run(context -> {
assertThat(context).hasBean("vaultHealthIndicator")
.hasSingleBean(VaultReactiveHealthIndicator.class)
.doesNotHaveBean(VaultHealthIndicator.class);
});
.run(context -> {
assertThat(context).hasBean("vaultHealthIndicator")
.hasSingleBean(VaultReactiveHealthIndicator.class)
.doesNotHaveBean(VaultHealthIndicator.class);
});
}
static class ImperativeConfiguration {

View File

@@ -63,16 +63,18 @@ public class VaultNamespaceTests {
@ClassRule
public static VaultRule vaultRule = new VaultRule();
static final Policy POLICY = Policy
.of(Policy.Rule.builder().path("/*").capabilities(Policy.BuiltinCapabilities.READ,
Policy.BuiltinCapabilities.CREATE, Policy.BuiltinCapabilities.UPDATE).build());
static final Policy POLICY = Policy.of(Policy.Rule.builder()
.path("/*")
.capabilities(Policy.BuiltinCapabilities.READ, Policy.BuiltinCapabilities.CREATE,
Policy.BuiltinCapabilities.UPDATE)
.build());
RestTemplateBuilder maketingRestTemplate;
WebClientBuilder marketingWebClientBuilder = WebClientBuilder.builder()
.httpConnector(ClientHttpConnectorFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
.httpConnector(ClientHttpConnectorFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
String marketingToken;
@@ -90,18 +92,20 @@ public class VaultNamespaceTests {
}
this.maketingRestTemplate = RestTemplateBuilder.builder()
.requestFactory(
ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
.requestFactory(
ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
VaultTemplate marketing = new VaultTemplate(this.maketingRestTemplate,
new SimpleSessionManager(new TokenAuthentication(Settings.token())));
mountKv(marketing, "marketing-secrets");
marketing.opsForSys().createOrUpdatePolicy("relaxed", POLICY);
this.marketingToken = marketing.opsForToken().create(VaultTokenRequest.builder().withPolicy("relaxed").build())
.getToken().getToken();
this.marketingToken = marketing.opsForToken()
.create(VaultTokenRequest.builder().withPolicy("relaxed").build())
.getToken()
.getToken();
}
private void mountKv(VaultTemplate template, String path) {
@@ -136,8 +140,10 @@ public class VaultNamespaceTests {
Health.Builder builder = Health.unknown();
new VaultReactiveHealthIndicator(reactiveMarketing).doHealthCheck(builder).as(StepVerifier::create)
.assertNext(actual -> assertThat(actual.getStatus()).isEqualTo(Status.UP)).verifyComplete();
new VaultReactiveHealthIndicator(reactiveMarketing).doHealthCheck(builder)
.as(StepVerifier::create)
.assertNext(actual -> assertThat(actual.getStatus()).isEqualTo(Status.UP))
.verifyComplete();
}
}

View File

@@ -60,8 +60,10 @@ public class VaultPropertySourceIntegrationTests extends IntegrationTestSupport
assumeTrue(this.vaultRule.prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.10.0")));
this.vaultRule.prepare().getVaultOperations().write("versioned/data/testVaultApp",
Collections.singletonMap("data", Collections.singletonMap("key", "value")));
this.vaultRule.prepare()
.getVaultOperations()
.write("versioned/data/testVaultApp",
Collections.singletonMap("data", Collections.singletonMap("key", "value")));
VaultProperties vaultProperties = Settings.createVaultProperties();

View File

@@ -58,20 +58,29 @@ public class VaultPropertySourceLocatorIntegrationTests extends IntegrationTestS
VaultRule vaultRule = new VaultRule();
vaultRule.before();
vaultRule.prepare().getVaultOperations().write("secret/wintermute",
Collections.singletonMap("vault.value", "wintermute"));
vaultRule.prepare().getVaultOperations().write("secret/wintermute/integrationtest",
Collections.singletonMap("vault.value", "integrationtest wintermute"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/wintermute", Collections.singletonMap("vault.value", "wintermute"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/wintermute/integrationtest",
Collections.singletonMap("vault.value", "integrationtest wintermute"));
vaultRule.prepare().getVaultOperations().write("secret/neuromancer",
Collections.singletonMap("vault.value", "neuromancer"));
vaultRule.prepare().getVaultOperations().write("secret/neuromancer/integrationtest",
Collections.singletonMap("vault.value", "integrationtest neuromancer"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/neuromancer", Collections.singletonMap("vault.value", "neuromancer"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/neuromancer/integrationtest",
Collections.singletonMap("vault.value", "integrationtest neuromancer"));
vaultRule.prepare().getVaultOperations().write("secret/icebreaker",
Collections.singletonMap("icebreaker.value", "icebreaker"));
vaultRule.prepare().getVaultOperations().write("secret/icebreaker/integrationtest",
Collections.singletonMap("icebreaker.value", "integrationtest icebreaker"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/icebreaker", Collections.singletonMap("icebreaker.value", "icebreaker"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/icebreaker/integrationtest",
Collections.singletonMap("icebreaker.value", "integrationtest icebreaker"));
}
@Test

View File

@@ -55,14 +55,17 @@ public class VaultPropertySourceLocatorProfilesIntegrationTests extends Integrat
VaultRule vaultRule = new VaultRule();
vaultRule.before();
vaultRule.prepare().getVaultOperations().write("secret/my-profiles-app/hello",
Collections.singletonMap("vault.hello", "true"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/my-profiles-app/hello", Collections.singletonMap("vault.hello", "true"));
vaultRule.prepare().getVaultOperations().write("secret/my-profiles-app/world",
Collections.singletonMap("vault.world", "true"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/my-profiles-app/world", Collections.singletonMap("vault.world", "true"));
vaultRule.prepare().getVaultOperations().write("secret/my-profiles-app/other",
Collections.singletonMap("vault.other", "true"));
vaultRule.prepare()
.getVaultOperations()
.write("secret/my-profiles-app/other", Collections.singletonMap("vault.other", "true"));
}
@Test

View File

@@ -89,8 +89,8 @@ public class VaultPropertySourceLocatorUnitTests {
assertThat(propertySource).isInstanceOf(CompositePropertySource.class);
CompositePropertySource composite = (CompositePropertySource) propertySource;
assertThat(composite.getPropertySources()).extracting("name").containsSequence("secret/application/periwinkle",
"secret/application/vermillion");
assertThat(composite.getPropertySources()).extracting("name")
.containsSequence("secret/application/periwinkle", "secret/application/vermillion");
}
@Test
@@ -108,8 +108,8 @@ public class VaultPropertySourceLocatorUnitTests {
assertThat(propertySource).isInstanceOf(CompositePropertySource.class);
CompositePropertySource composite = (CompositePropertySource) propertySource;
assertThat(composite.getPropertySources()).extracting("name").containsSequence("secret/wintermute/periwinkle",
"secret/wintermute/vermillion", "secret/wintermute");
assertThat(composite.getPropertySources()).extracting("name")
.containsSequence("secret/wintermute/periwinkle", "secret/wintermute/vermillion", "secret/wintermute");
}
@Test
@@ -127,10 +127,11 @@ public class VaultPropertySourceLocatorUnitTests {
assertThat(propertySource).isInstanceOf(CompositePropertySource.class);
CompositePropertySource composite = (CompositePropertySource) propertySource;
assertThat(composite.getPropertySources()).extracting("name").contains("secret/wintermute", "secret/straylight",
"secret/icebreaker/armitage", "secret/wintermute/vermillion", "secret/wintermute/periwinkle",
"secret/straylight/vermillion", "secret/straylight/periwinkle", "secret/icebreaker/armitage/vermillion",
"secret/icebreaker/armitage/periwinkle");
assertThat(composite.getPropertySources()).extracting("name")
.contains("secret/wintermute", "secret/straylight", "secret/icebreaker/armitage",
"secret/wintermute/vermillion", "secret/wintermute/periwinkle", "secret/straylight/vermillion",
"secret/straylight/periwinkle", "secret/icebreaker/armitage/vermillion",
"secret/icebreaker/armitage/periwinkle");
}
@Test

View File

@@ -61,150 +61,161 @@ import static org.mockito.Mockito.when;
public class VaultReactiveAutoConfigurationTests {
private final ApplicationContextRunner contextRunner = new ApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(VaultReactiveAutoConfiguration.class));
.withConfiguration(AutoConfigurations.of(VaultReactiveAutoConfiguration.class));
@Test
public void shouldConfigureTemplate() {
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false").run(context -> {
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false")
.run(context -> {
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
assertThat(context).hasSingleBean(AuthenticationStepsFactory.class);
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
assertThat(context).hasSingleBean(WebClientFactory.class);
});
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
assertThat(context).hasSingleBean(AuthenticationStepsFactory.class);
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
assertThat(context).hasSingleBean(WebClientFactory.class);
});
}
@Test
public void shouldNotConfigureIfHttpClientIsMissing() {
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
.withClassLoader(new FilteredClassLoader("reactor.netty.http.client.HttpClient")).run(context -> {
.withClassLoader(new FilteredClassLoader("reactor.netty.http.client.HttpClient"))
.run(context -> {
assertThat(context).doesNotHaveBean(ReactiveVaultOperations.class);
});
assertThat(context).doesNotHaveBean(ReactiveVaultOperations.class);
});
}
@Test
public void shouldConfigureTemplateWithTokenSupplier() {
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class)
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false").run(context -> {
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false")
.run(context -> {
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context).doesNotHaveBean(WebClient.class);
});
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context).doesNotHaveBean(WebClient.class);
});
}
@Test
public void shouldNotConfigureReactiveSupport() {
this.contextRunner.withUserConfiguration(VaultAutoConfiguration.class)
.withPropertyValues("spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo")
.run(context -> {
.withPropertyValues("spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo")
.run(context -> {
assertThat(context).doesNotHaveBean(ReactiveVaultTemplate.class)
.doesNotHaveBean(ReactiveVaultOperations.class);
assertThat(context.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
});
assertThat(context).doesNotHaveBean(ReactiveVaultTemplate.class)
.doesNotHaveBean(ReactiveVaultOperations.class);
assertThat(context.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
});
}
@Test
public void sessionManagerBridgeShouldNotCacheTokens() {
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class, CustomSessionManager.class)
.run(context -> {
.run(context -> {
SessionManager sessionManager = context.getBean(SessionManager.class);
SessionManager sessionManager = context.getBean(SessionManager.class);
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
});
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
});
}
@Test
public void shouldDisableSessionManagement() {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false")
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false")
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
assertThat(bean).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
});
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
assertThat(bean).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
});
}
@Test
public void shouldConfigureSessionManagement() {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s")
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s")
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
});
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
});
}
@Test
public void shouldConfigureEndpointProvider() {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false")
.withUserConfiguration(ReactiveEndpointProviderConfiguration.class)
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false")
.withUserConfiguration(ReactiveEndpointProviderConfiguration.class)
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
WebClientFactory factory = context.getBean(WebClientFactory.class);
WebClient webClient = factory.create();
WebClientFactory factory = context.getBean(WebClientFactory.class);
WebClient webClient = factory.create();
webClient.get().uri("foo").retrieve().bodyToMono(String.class).as(StepVerifier::create)
.verifyErrorMatches(throwable -> throwable.getMessage().contains("foobar-1"));
webClient.get()
.uri("foo")
.retrieve()
.bodyToMono(String.class)
.as(StepVerifier::create)
.verifyErrorMatches(throwable -> throwable.getMessage().contains("foobar-1"));
webClient.get().uri("foo").retrieve().bodyToMono(String.class).as(StepVerifier::create)
.verifyErrorMatches(throwable -> throwable.getMessage().contains("foobar-2"));
});
webClient.get()
.uri("foo")
.retrieve()
.bodyToMono(String.class)
.as(StepVerifier::create)
.verifyErrorMatches(throwable -> throwable.getMessage().contains("foobar-2"));
});
}
@Test
public void shouldConsiderCustomConnector() {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false")
.withUserConfiguration(CustomConnector.class)
.withBean("vaultTokenSupplier", VaultTokenSupplier.class,
() -> () -> Mono.just(VaultToken.of("foo".toCharArray())))
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false")
.withUserConfiguration(CustomConnector.class)
.withBean("vaultTokenSupplier", VaultTokenSupplier.class,
() -> () -> Mono.just(VaultToken.of("foo".toCharArray())))
.withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class,
() -> new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
ReactiveVaultOperations operations = context.getBean(ReactiveVaultOperations.class);
operations.delete("foo").as(StepVerifier::create).verifyError(WebClientRequestException.class);
});
ReactiveVaultOperations operations = context.getBean(ReactiveVaultOperations.class);
operations.delete("foo").as(StepVerifier::create).verifyError(WebClientRequestException.class);
});
}
@Configuration(proxyBeanMethods = false)

View File

@@ -53,114 +53,115 @@ import static org.assertj.core.api.Assertions.assertThat;
public class VaultReactiveBootstrapConfigurationTests {
private ApplicationContextRunner contextRunner = new ApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(VaultReactiveBootstrapConfiguration.class))
.withAllowBeanDefinitionOverriding(true);
.withConfiguration(AutoConfigurations.of(VaultReactiveBootstrapConfiguration.class))
.withAllowBeanDefinitionOverriding(true);
@Test
public void shouldConfigureTemplate() {
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
assertThat(context).hasSingleBean(AuthenticationStepsFactory.class);
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
assertThat(context).hasSingleBean(WebClientFactory.class);
});
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
assertThat(context).hasSingleBean(AuthenticationStepsFactory.class);
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
assertThat(context).hasSingleBean(WebClientFactory.class);
});
}
@Test
public void shouldNotConfigureIfHttpClientIsMissing() {
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
.withClassLoader(new FilteredClassLoader("reactor.netty.http.client.HttpClient")).run(context -> {
.withClassLoader(new FilteredClassLoader("reactor.netty.http.client.HttpClient"))
.run(context -> {
assertThat(context).doesNotHaveBean(ReactiveVaultOperations.class);
});
assertThat(context).doesNotHaveBean(ReactiveVaultOperations.class);
});
}
@Test
public void shouldConfigureTemplateWithTokenSupplier() {
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class)
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
.withPropertyValues("spring.cloud.vault.session.lifecycle.enabled=false",
"spring.cloud.bootstrap.enabled=true")
.run(context -> {
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context).doesNotHaveBean(WebClient.class);
});
assertThat(context).hasSingleBean(ReactiveVaultOperations.class);
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context).doesNotHaveBean(WebClient.class);
});
}
@Test
public void shouldNotConfigureReactiveSupport() {
this.contextRunner.withUserConfiguration(VaultBootstrapConfiguration.class)
.withPropertyValues("spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo")
.run(context -> {
.withPropertyValues("spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo")
.run(context -> {
assertThat(context).doesNotHaveBean(ReactiveVaultTemplate.class)
.doesNotHaveBean(ReactiveVaultOperations.class);
assertThat(context.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
});
assertThat(context).doesNotHaveBean(ReactiveVaultTemplate.class)
.doesNotHaveBean(ReactiveVaultOperations.class);
assertThat(context.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
});
}
@Test
public void sessionManagerBridgeShouldNotCacheTokens() {
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class, CustomSessionManager.class)
.run(context -> {
.run(context -> {
SessionManager sessionManager = context.getBean(SessionManager.class);
SessionManager sessionManager = context.getBean(SessionManager.class);
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
});
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
});
}
@Test
public void shouldDisableSessionManagement() {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false")
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultBootstrapConfiguration.TaskSchedulerWrapper.class,
() -> new VaultBootstrapConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.enabled=false")
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultBootstrapConfiguration.TaskSchedulerWrapper.class,
() -> new VaultBootstrapConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
assertThat(bean).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
});
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
assertThat(bean).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
});
}
@Test
public void shouldConfigureSessionManagement() {
this.contextRunner
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s")
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultBootstrapConfiguration.TaskSchedulerWrapper.class,
() -> new VaultBootstrapConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
.withPropertyValues("spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo",
"spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s",
"spring.cloud.vault.session.lifecycle.expiry-threshold=12s")
.withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> Mono::empty)
.withBean("taskSchedulerWrapper", VaultBootstrapConfiguration.TaskSchedulerWrapper.class,
() -> new VaultBootstrapConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler()))
.run(context -> {
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
ReactiveSessionManager bean = context.getBean(ReactiveSessionManager.class);
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
Object refreshTrigger = ReflectionTestUtils.getField(bean, "refreshTrigger");
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
});
assertThat(refreshTrigger).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11))
.hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12));
});
}
@Configuration(proxyBeanMethods = false)

View File

@@ -80,8 +80,9 @@ public class VaultVersionedKvBackendConfigTests {
object.put("vault.value", "foo");
object.put("nested", Collections.singletonMap("key", "value"));
vaultRule.prepare().getVaultOperations().write("versioned/data/testVaultApp",
Collections.singletonMap("data", object));
vaultRule.prepare()
.getVaultOperations()
.write("versioned/data/testVaultApp", Collections.singletonMap("data", object));
}
@Test

View File

@@ -58,7 +58,7 @@ public class PrepareVault {
int requiredKeys = 2;
VaultInitializationResponse initialized = this.vaultOperations.opsForSys()
.initialize(VaultInitializationRequest.create(createKeys, requiredKeys));
.initialize(VaultInitializationRequest.create(createKeys, requiredKeys));
for (int i = 0; i < requiredKeys; i++) {

View File

@@ -86,7 +86,7 @@ public class TestRestTemplateFactory {
}
final ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory
.create(new ClientOptions(), sslConfiguration);
.create(new ClientOptions(), sslConfiguration);
if (factoryCache.compareAndSet(null, clientHttpRequestFactory)) {