如何将 Spring Cloud Config 与 Git 和 Vault 复合环境存储库一起使用? [英] How to use Spring Cloud Config with a Git and Vault composite environment repository?

查看:23
本文介绍了如何将 Spring Cloud Config 与 Git 和 Vault 复合环境存储库一起使用?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直在修改 Spring Cloud Config,但有一个用例,其中配置属性分为两种类型:

I've been tinkering with Spring Cloud Config, but have a use case where config properties are divided into two types:

  1. 非秘密值,开发人员应该能够查看和维护(例如 JDBC URL 等)

  1. Non-secret values, which developers should be able to view and maintain (e.g. JDBC URL's, etc)

秘密值,只能由具有特殊访问权限(例如密码)的指定人员查看和维护

Secret values, which should be viewed and maintained only by designated people with special access (e.g. passwords)

所以我对Composite 的支持很感兴趣环境存储库",目前在快照版本中可用.似乎我可以将 Git 用于开发人员管理的属性,将 Vault 用于机密属性,并对其进行配置,以便在发生冲突时 Vault 始终优先于 Git.

So I'm very interested in the support for "Composite Environment Repositories", currently available in the snapshot versions. It seems like I would be able to use Git for the developer-managed properties, Vault for the secret properties, and configure it such that Vault would always take precedence over Git in the event of a conflict.

但是,我发现 Vault 不仅总是优先……它被用作独家后端.根本不返回来自 Git 的任何属性.

However, I'm finding that not only does Vault always take precedence... it's being used as the exclusive backend. No properties from Git are returned at all.

我的 application.yml 看起来像这样:

My application.yml looks like this:

spring:
  profiles:
    active: git, vault
  cloud:
    config:
      server:
        vault:
          order: 1
        git:
          uri: https://github.com/spring-cloud-samples/config-repo
          basedir: target/config
          order: 2

我已经像这样向 Vault 写入了一个属性:

I have written a property to Vault like this:

vault write secret/foo foo=vault

我像这样调用我的配置服务器:

And I am calling my config server like this:

curl -X "GET" "http://127.0.0.1:8888/foo/default" -H "X-Config-Token: a9384085-f048-7c99-ebd7-e607840bc24e"

但是,JSON 响应负载仅包含 Vault 属性.Git 什么都没有:

However, the JSON response payload only includes the Vault property. Nothing from Git:

{
    "name": "foo",
    "profiles": [
        "default"
    ],
    "label": null,
    "version": null,
    "state": null,
    "propertySources": [
        {
            "name": "vault:foo",
            "source": {
                "foo": "vault"
            }
        }
    ]
}

如果我在 application.yml 中反转 order 设置,给 Git 比 Vault 更高的优先级,这并不重要.只要 Vault 配置文件处于活动状态,它就会充当专有后端.

It doesn't matter if I reverse the order settings in application.yml, to give Git higher priority than Vault. As long as the Vault profile is active, it acts as the exclusive backend.

但是,如果我停用保管库配置文件,则相同的 curl 操作确实会从 Git 后端返回结果:

However, if I deactivate the vault profile, then the same curl operation does return results from the Git backend:

{
    "name": "foo",
    "profiles": [
        "default"
    ],
    "label": "master",
    "version": "30f5f4a144dba41e23575ebe46369222b7cbc90d",
    "state": null,
    "propertySources": [
        {
            "name": "https://github.com/spring-cloud-samples/config-repo/foo.properties",
            "source": {
                "democonfigclient.message": "hello spring io",
                "foo": "from foo props"
            }
        },
        {
            "name": "https://github.com/spring-cloud-samples/config-repo/application.yml",
            "source": {
                "info.description": "Spring Cloud Samples",
                "info.url": "https://github.com/spring-cloud-samples",
                "eureka.client.serviceUrl.defaultZone": "http://localhost:8761/eureka/",
                "foo": "from-default"
            }
        }
    ]
}

有什么我可能遗漏的吗?Git 属性和 Vault 属性没有……好吧,复合"在一起的某些原因?

Is there anything I could be missing? Some reason why the Git properties and Vault properties don't... well, "composite" together?

文档中唯一的示例显示 Git 和 Subversion 一起使用,并且有一条注释警告您所有存储库都应包含相同的标签(例如 master).我想知道这是否是问题所在,因为 Vault 的标签始终为 null.

The only example in the documentation shows Git and Subversion being used together, and there's a note warning you that all repos should contain the same label (e.g. master). I'm wondering if that's the issue, as the label is always null for Vault.

推荐答案

我相信您的依赖项肯定有问题.我还设置了一个带有 git 和 vault 的 spring 云配置服务器,它工作得很好.我认为强制使用 1.3.0-BUILD.SNAPSHOT 是不够的.Spring cloud config 1.3.0-BUILD.SNAPSHOT 依赖于 spring-vault-core.您可能缺少此依赖项.这可能会导致您在评论之一中提到的 bean 创建失败.这是一个链接,指向一个带有 git 和 vault 的示例项目.请随意查看.

I believe there must be something wrong with your dependencies. I also set up a spring cloud config server with git and vault which works just fine. I think forcing usage of 1.3.0-BUILD.SNAPSHOT is not enough. Spring cloud config 1.3.0-BUILD.SNAPSHOT depends on spring-vault-core. You might be missing this dependency. And that might be causing the failing bean creation that you mentioned in one of your comments. Here is a link to a sample project with git and vault. Feel free to check it out.

这篇关于如何将 Spring Cloud Config 与 Git 和 Vault 复合环境存储库一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆