spring-projects / spring-credhub Goto Github PK
View Code? Open in Web Editor NEWSpring abstractions for Cloud Foundry CredHub
License: Apache License 2.0
Spring abstractions for Cloud Foundry CredHub
License: Apache License 2.0
I'm trying to install spring-credhub in my env but the instructions say:
To build the source you will need to install JDK 1.6.
I don't think I can install JDK 1.6 without being an Oracle customer and when I do a gradlew currently I get nothing in the jar. Is there another option for installing?
I fear some other request entities might be impacted by this.
org.springframework.credhub.core.CredHubException: Error calling CredHub: 500: {"timestamp":1508958226409,"status":500,"error":"Internal Server Error","exception":"org.springframework.beans.BeanInstantiationException","message":"Failed to instantiate [org.springframework.credhub.support.ParametersRequest]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.credhub.support.ParametersRequest.<init>()","path":"/credhub-server-mock/api/v1/data"}
at org.springframework.credhub.core.CredHubTemplate.doWithRest(CredHubTemplate.java:359)
at org.springframework.credhub.core.CredHubTemplate.generate(CredHubTemplate.java:129)
Default to using SimpleClientHttpRequestFactory
for HTTP connections.
trying to deploy spring-credhub-demo on PCF and it fails with the following error:
2020-10-14T21:46:25.21+0000 [APP/PROC/WEB/0] OUT JVM Memory Configuration: -Xmx445227K -Xss1M -XX:ReservedCodeCacheSize=240M -XX:MaxDirectMemorySize=10M -XX:MaxMetaspaceSize=91348K
2020-10-14T21:46:27.84+0000 [APP/PROC/WEB/0] OUT . ____ _ __ _ _
2020-10-14T21:46:27.84+0000 [APP/PROC/WEB/0] OUT /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
2020-10-14T21:46:27.84+0000 [APP/PROC/WEB/0] OUT ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
2020-10-14T21:46:27.84+0000 [APP/PROC/WEB/0] OUT \\/ ___)| |_)| | | | | || (_| | ) ) ) )
2020-10-14T21:46:27.84+0000 [APP/PROC/WEB/0] OUT ' |____| .__|_| |_|_| |_\__, | / / / /
2020-10-14T21:46:27.84+0000 [APP/PROC/WEB/0] OUT =========|_|==============|___/=/_/_/_/
2020-10-14T21:46:27.85+0000 [APP/PROC/WEB/0] OUT :: Spring Boot :: (v2.0.6.RELEASE)
2020-10-14T21:46:28.22+0000 [APP/PROC/WEB/0] OUT 2020-10-14 21:46:28.216 INFO 23 --- [ main] pertySourceApplicationContextInitializer : 'cloud' property source added
2020-10-14T21:46:28.22+0000 [APP/PROC/WEB/0] OUT 2020-10-14 21:46:28.224 INFO 23 --- [ main] nfigurationApplicationContextInitializer : Reconfiguration enabled
2020-10-14T21:46:28.24+0000 [APP/PROC/WEB/0] OUT 2020-10-14 21:46:28.241 INFO 23 --- [ main] o.s.credhub.demo.Application : Starting Application on a43abc4e-ea6a-4e63-6910-b7ed with PID 23 (/home/vcap/app/BOOT-INF/classes started by vcap in /home/vcap/app)
2020-10-14T21:46:28.24+0000 [APP/PROC/WEB/0] OUT 2020-10-14 21:46:28.244 INFO 23 --- [ main] o.s.credhub.demo.Application : The following profiles are active: cloud
2020-10-14T21:46:28.34+0000 [APP/PROC/WEB/0] OUT 2020-10-14 21:46:28.343 INFO 23 --- [ main] onfigReactiveWebServerApplicationContext : Refreshing org.springframework.boot.web.reactive.context.AnnotationConfigReactiveWebServerApplicationContext@6a38e57f: startup date [Wed Oct 14 21:46:28 UTC 2020]; root of context hierarchy
2020-10-14T21:46:28.97+0000 [APP/PROC/WEB/0] OUT 2020-10-14 21:46:28.974 WARN 23 --- [ main] onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.springframework.credhub.demo.Application]; nested exception is java.lang.IllegalArgumentException: Could not find class [org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition]
2020-10-14T21:46:28.98+0000 [APP/PROC/WEB/0] OUT 2020-10-14 21:46:28.988 INFO 23 --- [ main] ConditionEvaluationReportLoggingListener :
2020-10-14T21:46:28.98+0000 [APP/PROC/WEB/0] OUT Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT 2020-10-14 21:46:28.995 ERROR 23 --- [ main] o.s.boot.SpringApplication : Application run failed
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.springframework.credhub.demo.Application]; nested exception is java.lang.IllegalArgumentException: Could not find class [org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConfigurationClassParser.processImports(ConfigurationClassParser.java:646) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConfigurationClassParser.lambda$processDeferredImportSelectors$2(ConfigurationClassParser.java:566) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at java.util.ArrayList.forEach(ArrayList.java:1259) ~[na:1.8.0_265]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConfigurationClassParser.processDeferredImportSelectors(ConfigurationClassParser.java:563) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConfigurationClassParser.parse(ConfigurationClassParser.java:188) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConfigurationClassPostProcessor.processConfigBeanDefinitions(ConfigurationClassPostProcessor.java:316) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanDefinitionRegistry(ConfigurationClassPostProcessor.java:233) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:271) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:91) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:692) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:530) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:67) ~[spring-boot-2.0.6.RELEASE.jar!/:2.0.6.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) [spring-boot-2.0.6.RELEASE.jar!/:2.0.6.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:386) [spring-boot-2.0.6.RELEASE.jar!/:2.0.6.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.SpringApplication.run(SpringApplication.java:307) [spring-boot-2.0.6.RELEASE.jar!/:2.0.6.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.SpringApplication.run(SpringApplication.java:1242) [spring-boot-2.0.6.RELEASE.jar!/:2.0.6.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.SpringApplication.run(SpringApplication.java:1230) [spring-boot-2.0.6.RELEASE.jar!/:2.0.6.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.credhub.demo.Application.main(Application.java:26) [classes/:na]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_265]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_265]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_265]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_265]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [app/:na]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [app/:na]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [app/:na]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [app/:na]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT Caused by: java.lang.IllegalArgumentException: Could not find class [org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.util.ClassUtils.resolveClassName(ClassUtils.java:314) ~[spring-core-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConditionEvaluator.getCondition(ConditionEvaluator.java:124) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConditionEvaluator.shouldSkip(ConditionEvaluator.java:96) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConfigurationClassParser.processConfigurationClass(ConfigurationClassParser.java:221) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.context.annotation.ConfigurationClassParser.processImports(ConfigurationClassParser.java:636) ~[spring-context-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT ... 25 common frames omitted
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT Caused by: java.lang.ClassNotFoundException: org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at java.net.URLClassLoader.findClass(URLClassLoader.java:382) ~[na:1.8.0_265]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at java.lang.ClassLoader.loadClass(ClassLoader.java:418) ~[na:1.8.0_265]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:93) ~[app/:na]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at java.lang.ClassLoader.loadClass(ClassLoader.java:351) ~[na:1.8.0_265]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.util.ClassUtils.forName(ClassUtils.java:275) ~[spring-core-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT at org.springframework.util.ClassUtils.resolveClassName(ClassUtils.java:311) ~[spring-core-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
2020-10-14T21:46:28.99+0000 [APP/PROC/WEB/0] OUT ... 29 common frames omitted
2020-10-14T21:46:29.03+0000 [APP/PROC/WEB/0] OUT Exit status 1
2020-10-14T21:46:29.04+0000 [CELL/SSHD/0] OUT Exit status 0
2020-10-14T21:46:34.32+0000 [CELL/0] OUT Cell 6f548901-2590-4dcf-b6da-47b3920771d4 stopping instance a43abc4e-ea6a-4e63-6910-b7ed
2020-10-14T21:46:34.32+0000 [CELL/0] OUT Cell 6f548901-2590-4dcf-b6da-47b3920771d4 destroying container for instance a43abc4e-ea6a-4e63-6910-b7ed
2020-10-14T21:46:34.32+0000 [API/4] OUT Process has crashed with type: "web"
2020-10-14T21:46:34.34+0000 [API/4] OUT App instance exited with guid 0115eec1-2e4a-4f6b-99f2-5d7e4f62fe31 payload: {"instance"=>"a43abc4e-ea6a-4e63-6910-b7ed", "index"=>0, "cell_id"=>"6f548901-2590-4dcf-b6da-47b3920771d4", "reason"=>"CRASHED", "exit_description"=>"APP/PROC/WEB: Exited with status 1", "crash_count"=>1, "crash_timestamp"=>1602711994298684509, "version"=>"e21ec98e-c439-4352-a002-9d1b454a0fca"}
When POSTing to PERMISSIONS_URL_PATH = "/api/v1/permissions", no body is returned as it is a void function setAccessControlEntries
In the spring-credhub adapter, it attempts to get permissions from within the null body. addPermission
The v2 of this function does return a body of permissions, but this release is still using v1.
In the docs at: https://spring.io/projects/spring-credhub
<dependencies>
<dependency>
<groupId>org.springframework.credhub</groupId>
<artifactId>spring-credhub-starter</artifactId>
<version>1.0.1.RELEASE</version>
</dependency>
<dependencies>
</dependencies>
The slash is missing.
BouncyCastle libraries are currently used to parse the PEM-formatted certificate and key files for mutual TLS authentication. This should be replaced by custom parsing and conversion code.
CF Java Buildpack has code that should provide the certificate parsing, and provide a good start for key parsing
Support OkHttp3ClientHttpRequestFactory
and OkHttpClientHttpRequestFactory
for configuring RestTemplate
.
CredHub API v2 introduces backward-incompatible changes to the permissions API. See http://credhub-api.cfapps.io/version/2.0/#permissions
The certificate and key files provided in an application container for mutual TLS authentication will expire and be replaced by Cloud Foundry on a regular basis. The client request factory needs to support this credential rotation.
Support Netty4ClientHttpRequestFactory
configuration for RestTemplate
.
Provide Spring Boot auto-configuration of Spring CredHub beans instead of requiring @Import(CredHubConfiguration.class)
in client apps.
When CredHub returns a non-200 response code, it often provides a response body that includes details of the error. This information is captured in the CredHubException
in most cases when using CredHubTempate
, but is lost when using ReactiveCredHubTemplate
.
As Open Service Broker specification defines getting (fetching) a service binding
The request provides these query string parameters as useful hints for brokers.
Query-String Field Type Description service_id string ID of the Service Offering from the catalog. If present, MUST be a non-empty string. plan_id string ID of the Service Plan from the catalog. If present, MUST be a non-empty string.
Currently the spring implementation does not support this. Could you please suport them? When using credhub as credential storage, broker needs the serviceOfferingName
to create the ServiceInstanceCredentialName
and it would be helpful to retrieve it from catalog when this parameters would be included in request.
Currently only container certificate auth is supported. OAuth2 should be supported also.
The Cloud Foundry Java buildpack is providing a "container security provider" that automatically sets up a Java SecurityProvider that makes mutual TLS to CredHub automatic for apps staged with the JBP. The code in Spring CredHub that reads the container cert and key to configure mutual TLS can be removed in favor of this.
So we are working with the 1.1.0.BUILD-SNAPSHOT version at the moment and we were wondering if there will be a new RELEASE version soon?
There are (so far) two changes in Spring Security 5.2 that will benefit Spring CredHub:
Spring CredHub has a copy of WebClientReactiveClientCredentialsTokenResponseClient from Spring Security so that the WebClient
can be overridden. This ability has been added to Spring Security and will be available in 5.2, at which time Spring CredHub could delete this copied class.
Currently a client_credentials
grant does not include a refresh token and won't be refreshed automatically by Spring Security when it expires. This has been addressed in Spring Security, and will be available in 5.2.
Blocked on:
If the OAuth2 client registration configured in spring.credhub.oauth2.registration-id
does not match a client registration in spring.security.oauth2.client.registration
, Spring CredHub will throw an NPE on initialization of the RestTemplate
.
For example:
spring:
credhub:
url: [CredHub server URL]
oauth2:
# this does not match the credhub-client registration below
registration-id: bad-credhub-client
security:
oauth2:
client:
registration:
credhub-client:
provider: uaa
client-id: [OAuth2 client ID]
client-secret: [OAuth2 client secret]
authorization-grant-type: client_credentials
provider:
uaa:
token-uri: [UAA token server endpoint]
CredHub v2 API removes the additional_permissions
field from requests to save credentials. This field should be deprecated in the spring-credhub API.
Get Credentials operations should support the versions
request parameter in addition to the name
and current
parameters.
When creating any request with overwrite it fails due to:
Credential 'bosh/main/bla' at index 0 could not be set: The request includes an unrecognized parameter 'overwrite'. Please update or remove this parameter and retry your request
Seems to be deprecated.
Credhub version: 2.0.2
Hi There,
I have located several broken links for CredHub references for the document of this project at Spring CredHub.
Some examples are below.
CredHub configuration works for Client Credentials
grant, but fails for Authorization Code
flow, so using OAuth2 login when CredHub is on the classpath requires overriding the bean manually. Not sure if that is an issue that needs to be fixed or just a matter of documenting the defaults.
When CredHub is on the classpath, CredHubOAuth2AutoConfiguration
is triggered and it registers a bean of type ServerOAuth2AuthorizedClientRepository
with value UnAuthenticatedServerOAuth2AuthorizedClientRepository
.
Spring Boot uses AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
bean for that type.
Steps to reproduce:
There was an unexpected error (type=Internal Server Error, status=500).
serverWebExchange must be null
Creating a user bean of type ServerOAuth2AuthorizedClientRepository
manually (see CredHubOauthConfigApplication.java) in the configuration fixes the problem (as it overrides autoconfiguration).
The overwrite
boolean parameter was replaced with a mode
parameter in API version 1.6. The overwrite
parameter should be deprecated and the mode
parameter added.
See http://credhub-api.cfapps.io/version/2.0/#overwriting-credential-values
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.