Spring Cloud Vault 从错误的配置文件中获取属性
Spring Cloud Vault picking up properties from wrong profile
在我的 Spring 引导项目中,我定义了 4 个配置文件 ide、dev、test 和 prod。当我 运行 使用具有配置文件 ide 的 IntelliJ 的项目时,一切正常,并且从 ide[=31 检索属性=] 保险库中的配置文件。但是在开发服务器部署期间,当我 select dev 配置文件使用参数 -Dspring.profiles.active=dev 开发配置文件被 selected 并且 ide 正在检索配置文件属性
CustomVaultConfigurer.java
@Configuration
public class CustomVaultConfigurer implements VaultConfigurer
{
@Override
public void addSecretBackends(SecretBackendConfigurer configurer)
{
configurer.add("secret/app/pres/ide");
configurer.add("secret/app/pres/dev");
configurer.add("secret/app/pres/test");
configurer.add("secret/app/pres/prod");
configurer.registerDefaultGenericSecretBackends(false);
configurer.registerDefaultDiscoveredSecretBackends(true);
}
}
错误日志:
2020-05-27 19:28:25.663 INFO 1 --- [ main] gov.cancer.ccr.oit.pres.PresApplication : The following profiles are active: dev
2020-05-27 19:28:28.495 INFO 1 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFERRED mode.
2020-05-27 19:28:29.710 INFO 1 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 1203ms. Found 55 JPA repository interfaces.
2020-05-27 19:28:30.142 INFO 1 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=87545ee5-101d-3ebb-a79a-d12f99f15e9c
2020-05-27 19:28:31.002 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler@70c53dbe' of type [org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.011 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityConfig' of type [gov.cancer.ccr.oit.pres.security.MethodSecurityConfig$$EnhancerBySpringCGLIB$21baa3] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.033 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityMetadataSource' of type [org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.608 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2020-05-27 19:28:31.635 INFO 1 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-05-27 19:28:31.636 INFO 1 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.35]
2020-05-27 19:28:31.778 INFO 1 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-05-27 19:28:31.778 INFO 1 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 6069 ms
2020-05-27 19:28:32.616 INFO 1 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-05-27 19:28:32.909 INFO 1 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2020-05-27 19:29:03.630 ERROR 1 --- [ main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Exception during pool initialization.
com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host localhost, port 1433 has failed. Error: "Connection refused (Connection refused). Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".
但是当我将 ide 配置文件放在列表的末尾(如下所示)时,它起作用了
configurer.add("secret/app/pres/dev");
configurer.add("secret/app/pres/test");
configurer.add("secret/app/pres/prod");
configurer.add("secret/app/pres/ide");
好的。我的愚蠢部分。根据标记 comment 当您将 configurer.add(…) 与 configurer.registerDefaultGenericSecretBackends(false) 结合使用时,Spring Cloud Vault 根本不会查看 spring.profiles.active 而是使用您的VaultConfigurer 指定。
更新后的 VaultConfigurer 如下所示,活动配置文件是从
中检索的
VaultConfigurer.java
@Configuration
public class CustomVaultConfigurer implements VaultConfigurer
{
@Autowired
private Environment environment;
@Override
public void addSecretBackends(SecretBackendConfigurer configurer)
{
//Get active profile from environment, if none exist select DEV profile
if(environment.getActiveProfiles().length > 0)
configurer.add("secret/app/pres/"+environment.getActiveProfiles()[0]);
else
configurer.add("secret/app/pres/dev");
configurer.registerDefaultGenericSecretBackends(false);
configurer.registerDefaultDiscoveredSecretBackends(true);
}
}
在我的 Spring 引导项目中,我定义了 4 个配置文件 ide、dev、test 和 prod。当我 运行 使用具有配置文件 ide 的 IntelliJ 的项目时,一切正常,并且从 ide[=31 检索属性=] 保险库中的配置文件。但是在开发服务器部署期间,当我 select dev 配置文件使用参数 -Dspring.profiles.active=dev 开发配置文件被 selected 并且 ide 正在检索配置文件属性
CustomVaultConfigurer.java
@Configuration
public class CustomVaultConfigurer implements VaultConfigurer
{
@Override
public void addSecretBackends(SecretBackendConfigurer configurer)
{
configurer.add("secret/app/pres/ide");
configurer.add("secret/app/pres/dev");
configurer.add("secret/app/pres/test");
configurer.add("secret/app/pres/prod");
configurer.registerDefaultGenericSecretBackends(false);
configurer.registerDefaultDiscoveredSecretBackends(true);
}
}
错误日志:
2020-05-27 19:28:25.663 INFO 1 --- [ main] gov.cancer.ccr.oit.pres.PresApplication : The following profiles are active: dev
2020-05-27 19:28:28.495 INFO 1 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFERRED mode.
2020-05-27 19:28:29.710 INFO 1 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 1203ms. Found 55 JPA repository interfaces.
2020-05-27 19:28:30.142 INFO 1 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=87545ee5-101d-3ebb-a79a-d12f99f15e9c
2020-05-27 19:28:31.002 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler@70c53dbe' of type [org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.011 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityConfig' of type [gov.cancer.ccr.oit.pres.security.MethodSecurityConfig$$EnhancerBySpringCGLIB$21baa3] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.033 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityMetadataSource' of type [org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.608 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2020-05-27 19:28:31.635 INFO 1 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-05-27 19:28:31.636 INFO 1 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.35]
2020-05-27 19:28:31.778 INFO 1 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-05-27 19:28:31.778 INFO 1 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 6069 ms
2020-05-27 19:28:32.616 INFO 1 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-05-27 19:28:32.909 INFO 1 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2020-05-27 19:29:03.630 ERROR 1 --- [ main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Exception during pool initialization.
com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host localhost, port 1433 has failed. Error: "Connection refused (Connection refused). Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".
但是当我将 ide 配置文件放在列表的末尾(如下所示)时,它起作用了
configurer.add("secret/app/pres/dev");
configurer.add("secret/app/pres/test");
configurer.add("secret/app/pres/prod");
configurer.add("secret/app/pres/ide");
好的。我的愚蠢部分。根据标记 comment 当您将 configurer.add(…) 与 configurer.registerDefaultGenericSecretBackends(false) 结合使用时,Spring Cloud Vault 根本不会查看 spring.profiles.active 而是使用您的VaultConfigurer 指定。
更新后的 VaultConfigurer 如下所示,活动配置文件是从
中检索的VaultConfigurer.java
@Configuration
public class CustomVaultConfigurer implements VaultConfigurer
{
@Autowired
private Environment environment;
@Override
public void addSecretBackends(SecretBackendConfigurer configurer)
{
//Get active profile from environment, if none exist select DEV profile
if(environment.getActiveProfiles().length > 0)
configurer.add("secret/app/pres/"+environment.getActiveProfiles()[0]);
else
configurer.add("secret/app/pres/dev");
configurer.registerDefaultGenericSecretBackends(false);
configurer.registerDefaultDiscoveredSecretBackends(true);
}
}