166 Commits

Author SHA1 Message Date
Mark Paluch
17e0412bf1 Polishing.
Provide readable artifact display names. Interit groupId from parent.
2016-10-10 08:24:29 +02:00
Mark Paluch
b291e9c989 Support lease lifecycle (renewal and revocation).
Spring Cloud Vault now handles lifecycle of obtained secrets by property sources. Secrets associated with a renewable lease are renewed before they expire until terminal expiration. Application shutdown revokes leases so generated credentials can be disabled by Vault.

Fixes gh-40.
2016-10-10 08:24:26 +02:00
Gustavo Monarin de Sousa
3539000c9c Adopt refactoring from Spring Vault.
Use VaultInitializationRequest.create factory method and VaultInitializationResponse.getRootToken in PrepareVault.

Original pull request: gh-43.
2016-10-06 17:40:57 +02:00
Mark Paluch
cae61d63c2 Use LifecycleAwareSessionManager to revoke login token on application shutdown
See gh-40.
2016-10-06 16:45:45 +02:00
Mark Paluch
0543359852 Move assertj-core dependency from bom to parent pom.
assertj-core is dependency not a required during runtime/operations. Move this dependency to the project scope to not affect user dependencies.

Fixes gh-41.
2016-10-02 18:58:05 +02:00
Mark Paluch
ea09b804b0 Polishing.
Adopt Vault 0.6.1 compatibility in tests (disabled generation of root tokens). Fix typos.
2016-09-25 19:37:49 +02:00
Mark Paluch
8bf1e3b0ba Support MongoDB credential generation.
Fixes gh-28.
2016-09-25 19:37:24 +02:00
Mark Paluch
4cbd08ec94 Fix Content-Length handling using Netty.
VaultClient now uses a ClientHttpRequestInterceptor to force marshaling. Outgoing data is buffered and available as byte array. This allows setting a Content-Length header using netty. Previously, requests were streamed to the TCP channel without knowing the request body size in advance. Vault expects a Content-Length header and rejected requests with a body but without a Content-Length header.

Fixes gh-19.
2016-09-24 11:28:50 +02:00
Mark Paluch
90b8f15860 Add support for cubbyhole authentication.
We now support cubbyhole authentication to securely use tokens. Cubbyhole authentication uses Vault primitives to provide a secured authentication workflow. Cubbyhole authentication uses tokens as primary login method.
An ephemeral token is used to obtain a second, login VaultToken from Vault's Cubbyhole secret backend. The login token is usually longer-lived and used to interact with Vault. The login token will be retrieved from a wrapped response stored at `/cubbyhole/response`.

A wrapped token can be created with:
vault token-create -wrap-ttl="10m"

boostrap.yml:
spring.cloud.vault:
    authentication: CUBBYHOLE
    token: (the wrapping token)

Fixes gh-15.
2016-09-21 22:21:31 +02:00
Mark Paluch
b95e8d90eb Upgrade to Spring Boot 1.4 SR1.
Upgrade to 1.4.1.RELEASE. Migrate to SpringBootTest annotation usage.

Fixes gh-38.
2016-09-21 21:29:23 +02:00
Mark Paluch
ff1540e71c Reformat code.
Reformat code and reorganize import using the code formatter settings.
2016-09-21 20:57:10 +02:00
Mark Paluch
7a09c9875f Refactor code to use Spring Vault.
Extract VaultClient and configuration parts into Spring Vault and reimport using the spring-vault-core dependency.

Fixes gh-37
2016-09-21 20:54:29 +02:00
Mark Paluch
bfb0854e91 Polishing
Add author tag. Improve documentation. Regenerate readme.

Original pull request: gh-36
2016-09-21 19:13:24 +02:00
Jean-Philippe Bélanger
bc02b8d3ff Support priority ordering for VaultPropertySourceLocator.
We now support setting a priority for VaultPropertySourceLocator by configuring `spring.cloud.vault.config.order`. Lower values increase priority, higher values decrease priority. Applying a priority can be used to control VaultPropertySourceLocator precedence over other property sources.

Original pull request: gh-36.
2016-09-21 19:08:39 +02:00
Marcin Grzejszczak
caaaaaa056 Updating mvnw for all projects 2016-09-19 19:32:24 +02:00
Marcin Grzejszczak
f8f14735d3 Updating mvnw for all projects 2016-09-19 14:19:36 +02:00
Marcin Grzejszczak
7ab4ae2017 Updating mvnw for all projects 2016-09-19 12:48:00 +02:00
Marcin Grzejszczak
6ab7467eb1 Updating mvnw for all projects 2016-09-15 16:14:26 +02:00
Marcin Grzejszczak
c9edced7ed Removed adoc footer 2016-09-07 18:04:24 +02:00
Marcin Grzejszczak
b185456097 Updating mvnw for all projects 2016-09-07 17:31:16 +02:00
Mark Paluch
d1e710bd7f Polishing
Reformat code. Use state key for health indicator details. Add health method declaration to VaultOperations. Switch actuator dependency to optional dependency. Add tests.

Original pull request: gh-29
Fixes gh-24
2016-08-27 07:51:05 +02:00
Stuart Ingram
a747663447 Added HealthIndicator functionality as well as health API support.
Resolves #24
2016-08-26 15:16:27 -04:00
Mark Paluch
4bfb108c5d Upgrade quickstart/readme with SSL certificate creation
Fixes gh-31
2016-08-25 11:57:27 +02:00
Marcin Grzejszczak
151878d3bf Updating ghpages for all projects 2016-08-22 13:33:12 +02:00
Marcin Grzejszczak
ab72acbf8e Updating ghpages for all projects 2016-08-19 11:47:36 +02:00
Marcin Grzejszczak
34bdfdf63c Updating ghpages for all projects 2016-08-18 13:16:32 +02:00
Marcin Grzejszczak
2fbe7afec4 Updating ghpages for all projects 2016-08-17 12:46:49 +02:00
Marcin Grzejszczak
23ea137363 Deploying documentation to proper folder
What we're missing ATM is different documentation versions for different application versions. What this change does is that it's:

- finding out what is the current branch (e.g. 1.0.x)
- finding out out what is the name of the main adoc file (e.g. spring-cloud-sleuth)
- pulling the changes from gh-pages after checkout
- finding out what is the list of comma separated whitelisted branches (via the `docs.whitelisted.branches` prop)
- in gh-pages creating a folder with name of the branch  (e.g. /1.0.x)
copying all the docs/target/generated-docs/ to that folder
- if the branch from which we're calling the script is NOT master then we're changing the ${main.adoc}.html to index.html so that it's easier to access the docs (e.g. http://cloud.spring.io/spring-cloud-sleuth/1.0.x/)
2016-08-16 15:47:08 +02:00
Mark Paluch
27d1e695ec Upgrade to Spring Boot 1.4 GA
Fixes gh-26
2016-07-29 06:00:45 +02:00
Mark Paluch
33553bf051 Add support for TLS certificate authentication
We now support TLS client certificate authentication. The client needs to enable SSL and configure a keystore containing the client certificate/private key pair.

spring.cloud.vault:
    authentication: CERT
    ssl:
        key-store: classpath:keystore.jks
        key-store-password: changeit

Fixes gh-25
2016-07-21 17:21:49 +02:00
Mark Paluch
5e3eb5d047 Refactor ClientAuthentication to use VaultClient
See gh-23
2016-07-19 16:40:22 +02:00
Mark Paluch
d4f40a1f40 Provide a Vault client API for low-level and higer-order functions
Split functionality from VaultClient and refactor it into VaultConfigOperations/VaultConfigTemplate. The template now holds the authentication state and the property source just uses the template.

Fixes gh-23
2016-07-19 16:39:49 +02:00
Mark Paluch
9b88a0a88b Document AWS secret backend integration
See gh-4
2016-07-16 22:08:25 +02:00
Mark Paluch
c2c4f47545 Document Vault properties and dependencies
Fixes gh-22
2016-07-16 21:58:48 +02:00
Mark Paluch
50f6759452 Fix Consul spelling
Fixes gh-21
2016-07-12 08:13:10 +02:00
Mark Paluch
5475f58bf1 Support AWS-EC2 authentication
We now support AWS-EC2 authentication for applications running on EC2 instances. This authentication method uses the PKCS7 identity document to authenticate against Vault. It provides support for nonce (enabled by default) and roles.

fixes gh-17
2016-07-05 21:31:33 +02:00
Mark Paluch
232aae9ba8 Refactor ClientAuthentication into own component
The authentication API can be provided into VaultClient by implementing a ClientAuthentication.
2016-07-04 22:45:47 +02:00
Mark Paluch
28280f5dae Polishing
Reduce dependencies to Spring Web. Remove amqp test dependency from starter. Remove version property from vault parent pom.
2016-07-04 22:20:11 +02:00
Mark Paluch
d267ecc0df Polishing
Align JavaDoc
2016-07-03 14:04:04 +02:00
Mark Paluch
c99a689ccc Support AWS credential generation
Tests require external provided access and secret keys to run.

fixes gh-4
2016-07-03 14:03:47 +02:00
Mark Paluch
bd7b10aab0 Add code of conduct
fixes gh-14
2016-06-23 09:10:25 +02:00
Mark Paluch
a8e9feff67 Guard test against sealed and uninitialized Vault
Add try/catch to guard test from exception.
2016-06-23 08:58:58 +02:00
Mark Paluch
656c181178 Add possibility to disable generic backend #12 2016-06-23 08:58:58 +02:00
Mark Paluch
915df54325 Create BOM and starter #13
Create a Bill of Materials (spring-cloud-vault-dependencies) and refactor dependencies to the BOM. Create also a starter to simplify adoption.
2016-06-23 08:58:54 +02:00
Mark Paluch
c0da914b00 Split into modules #11
Split Spring Cloud Vault Config into multiple modules: Core, Config, Database/Consul/RabbitMQ integrations.
2016-06-23 00:13:58 +02:00
Mark Paluch
c19d2926de Create download directory in install scripts 2016-06-19 18:14:51 +02:00
Mark Paluch
625e60174f Support RabbitMQ credential generation
fixes gh-10
2016-06-19 17:57:05 +02:00
Mark Paluch
ddf9d9de91 Support Consul credential generation
Fixes gh-5
2016-06-19 17:41:19 +02:00
Mark Paluch
69a4bd2092 Support Consul credential generation
Fixes gh-5
2016-06-19 10:34:28 +02:00
Mark Paluch
7a27b605f7 Upgrade to Vault 0.6.0.
fixes gh-9
2016-06-18 10:21:16 +02:00