在将Vault与Spring Cloud Config Server集成中不会从Vault中读取属性

时间:2019-09-08 06:30:08

标签: spring spring-boot hashicorp-vault spring-cloud-vault-config spring-vault

我正在尝试将git boot和Vault的Spring Boot配置服务器一起使用,我所有的Spring Boot客户端应用程序都将通过传递Vault配置令牌来通过配置服务器检索Vault属性。

我正在使用spring boot 2.1.8.RELEASE,下面是spring boot配置服务器的POM.xml文件。

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.1.8.RELEASE</version>
    <relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.ps.psc</groupId>
<artifactId>psc-config-server</artifactId>
<version>0.0.1</version>
<name>psc-config-server</name>
<description>Spring configuration server</description>

<properties>
    <java.version>1.8</java.version>
    <spring-cloud.version>Greenwich.SR2</spring-cloud.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-bus-amqp</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-config-server</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-vault-config</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-config-monitor</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-configuration-processor</artifactId>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
    </dependency>
</dependencies>

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-dependencies</artifactId>
            <version>${spring-cloud.version}</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

bootstrap.yml文件

spring:
  profiles:
    active:
    - git
    - vault
  cloud:
    config:
      enabled: true
      server:
        git:
          order: 2
          username: ********
          password: ********
          uri: https://*******@bitbucket.org/krushna/configuration.git
          search-paths:
          - payment*
        vault:
          host: 127.0.0.1
          port: 8200
          scheme: http
          order: 1
          skip-ssl-validation: true
          kv-version: 1
    vault:
      authentication: TOKEN
      token: s.PB5cAJ9WhOuWamIOuFVkzpbl
      scheme: http
      host: 127.0.0.1
      port: 8200
      config:
        order: 1

我的application.yml文件

server:
 port: 7000
spring:
  application:
  name: configserver

通过上述配置,我的配置服务器只能从GIT而不是从Vault中读取属性。

在保管库中,我编写了如下所示的属性。

vault write secret/payment password=test@123

如果我像下面那样进行curl调用

curl -X "GET" "http://127.0.0.1:7000/payment/default" -H "X-Config-Token: s.PB5cAJ9WhOuWamIOuFVkzpbl"

我仅从git中获取属性,请在下面回复。

{
"name": "payment",
"profiles": ["default"],
"label": null,
"version": "e9b941d22f6b7cd3083a731d168f78fa4ec0fc42",
"state": null,
"propertySources": [{
    "name": "https://******@bitbucket.org/krushna/configuration.git/application.properties",
    "source": {
        "foofromGit": "bar"
    }
}]
}

我在这里做什么?我尝试了多种选择,例如不同的KV版本,仅配置spring cloude config Vault等。

编辑:

我使用了如下所示的Vault conf。

backend "file" {
    path = "vault"
}
listener "tcp" {
    tls_disable = 1
}

然后卷曲地直接跳跃,我现在可以读取该值。

curl -X GET -H "X-Vault-Token:s.PB5cAJ9WhOuWamIOuFVkzpbl" http://127.0.0.1:8200/v1/secret/payment/

响应:

{
    "request_id": "35c8793e-3530-81c1-7917-3e922ef4065b",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 2764800,
    "data": {
        "password": "test@123"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

1 个答案:

答案 0 :(得分:0)

我可以通过将git和spring cloude配置库配置详细信息从bootstrap.yml移到application.yml来解决此问题,如下所示。

bootstrap.yml

spring:
  application:
    name: configserver
  cloud:
    vault:
      authentication: TOKEN
      token: s.jyFarEyroi5pJNOxPnhT4f3D
      scheme: http
      host: 127.0.0.1
      port: 8200
      config:
        order: 1

Application.yml

server:
  port: 7000
spring:
  profiles:
    active: git, vault
  cloud:
    config:
      server:
        git:
          uri: https://krushna@bitbucket.org/krushna/configuration.git
          search-paths:
          - payment*
        vault:
          port: 8200
          host: 127.0.01
          skip-ssl-validation: true
          scheme: http

我仍然不清楚如何解决此问题?,只有我知道会首先加载引导程序,并且我正在从Vault中读取git凭据,然后再读取application.yml,其中包含有关Spring Cloud Config Vault的其他详细信息,以及git。

任何对此的解释都将受到欢迎