Spring Cloud Config Server with Vault - vault overrides any value from native profile - spring-boot

I am trying to mix native and vault profile with config server backend:
spring:
profiles:
active: native, vault
cloud:
config:
server:
native:
searchLocations: classpath:/abc
vault:
kv-version: 2
when I start config server I curl for properties:
curl -X "GET" "http://localhost:20000/appName/dev" -H "X-Config-Token: xxxxxxxx"
I got empty propertySources list:
{"name":"appName","profiles":["dev"],"label":null,"version":null,"state":null,"propertySources":[]}%
but when I change my bootstrap file (remove vault profile):
spring:
profiles:
active: native
cloud:
config:
server:
native:
searchLocations: classpath:/abc
vault:
kv-version: 2
It works: returning my properties:
{"name":"appName","profiles":["dev"],"label":null,"version":null,"state":null,"propertySources":[{"name":"classpath:/abc/appName-dev.yml","source":{"some.properties":"VALUE","....}
I did tried with "order" flags but still nothing...
The only workaround I found is bootstrap with "composite" profile like this:
spring:
profiles:
active: composite
cloud:
config:
server:
composite:
-
type: vault
kv-version: 2
-
type: native
searchLocations: classpath:/abc
But still don't know why it does not work with multi profile configuration, and why vault is overriding my native properties....

Related

Spring cloud config and Vault Integration

I'm trying to read secret values using spring vault. All the properties for client application is stored in github and spring config server is used to access the properties. When I add the vault configuration to client application bootstrap.yml as below, the values are read properly.
bootstrap.yml
spring:
application:
name: client-app
cloud:
config:
uri: http://config-server:8080
vault:
enabled: true
authentication: APPROLE
app-role:
role-id: 12345
secret-id: 12345
role: pres-read
app-role-path: approle
connection-timeout: 5000
read-timeout: 15000
kv:
enabled: true
backend: secrets
application-name: client-app
uri: https://vault/
application.yml in config server
spring:
cloud:
config:
server:
git :
uri: https://github/repo.git
username: abc
password: pass
refreshRate: 300
Based on https://docs.spring.io/spring-cloud-vault/docs/current/reference/html/config-data.html#vault.configdata , it should be possible to load the vault config from properties yml in github. But if i move the above vault config to my client-app.yml in github, the properties are not read from the vault. How do I achieve this?

How to use application.propeties in spring cloud config client application?

How to use application.yml in spring cloud config client application?
spring:
application:
name: app-cli
profiles:
active: DEV
config:
import: "configserver:"
cloud:
config:
name: ${spring.application.name}
uri: http://192.168.0.12:8888
username: thirumal
password: thirumal
request-read-timeout: 200
request-connect-timeout: 100
fail-fast: true
The client app is configure with all the required properties, still it's not connecting to config-server.
The lib implementation 'org.springframework.cloud:spring-cloud-starter-config'

Spring cloud composite bootstrap.yml

Is there any way how to "build" bootstrap.yml from multiple yaml files?
Here is my scenario, I have a bunch of micro-services and every service had the same bootstrap.yml properties expect spring.application.name.
I would like to split my bootstrap.yml into two files, base-bootstrap.yml which contains config service configuration like URI, password ... etc and then bootstrap.yml which could contain spring.application.name or whatever else.
base-bootstrap.yml file could be externalized in some dependency jar and should be used like default, bootstrap.yml should override any value. Here is some sample:
base-boostrap.yml
spring:
cloud:
config:
label: develop
uri: http://config
password: ${CONFIG_SERVICE_PASSWORD:password}
fail-fast: true
---
spring:
profiles: production
cloud:
config:
label: master
password: ${CONFIG_SERVICE_PASSWORD}
---
spring:
profiles: development
cloud:
config:
uri: http://localhost:8888
bootstrap.yml
spring:
application.name: sample-service
cloud:
config:
label: release/1.0.1
---
spring:
profiles: production
cloud:
config:
label: 1.1.0
Could anyone please guide me how to do it?

Spring Cloud Config Server not enforcing BASIC Authentication when running main()

I have configured a Spring Cloud Config server to force BASIC authentication and here is my application.yml file:
# Config Repo:
spring:
cloud:
config:
server:
git:
uri: file:///${HOME}/microservices_config_repo
# Show sensitive information for endpoints:
endpoints:
sensitive: true
# Security for endpoints:
management:
security:
enabled: true
security:
user:
name: user1
password: changeme
My issue I am having is that when I start the server up as:
mvn spring-boot:run
The server endpoints FORCE BASIC Authentication.
But when I start the Application.main() method, BASIC Authentication is enabled, but NOT enforced.
Meaning I can access configuration on:
http://localhost:8888/client-config
and
http://user1:changeme#localhost:8888/client-config
Can anyone help me understand why this is occuring and how to enforce BASIC Authentication while running the Application.main(), and not just through the Maven spring-boot plugin?
Note, when I use maven to package the app into a jar, then run the generated jar, BASIC Authentication is enforced, but still not through the IDE running just the Application.main directly.
Maybe the format the oy Yaml for example to me seems works like this:
server:
port:9999
spring:
application:
name: config-server-sample
cloud:
config:
name: ${spring.application.name}
fail-fast: true
server:
git:
uri: url
username: xx
password: zz
default-label: master
basedir: '${user.home}/${spring.application.name}/default'
timeout: 10
clone-on-start: true
force-pull: true
security:
basic:
enabled: true
path: /**
ignored: /health**,/info**,/metrics**,/trace**
user:
name: admin
password: tupassword

Spring cloud config local and remote repositories for different profiles

I'm trying to setup my application with multiple repositories - a local file based one for development/testing purpose and a remote git repo for production.
I am using the following yaml for this purpose -
spring:
application:
name: localRepoConfig
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
repos:
development:
pattern:
- '*/development'
- '*/staging'
uri: https://github.com/development/config-repo
native:
searchLocations: classpath:/config
server:
port: 8888
This is not working however, the following works for the local repo -
spring:
application:
name: localRepoConfig
profiles:
active: native
cloud:
config:
server:
native:
searchLocations: classpath:/config
server:
port: 8888
I have not been able to make the two repositories function, after following the Spring documentation and a few posts here.
Would greatly appreciate if someone can point me in the right direction.
I got this working with the following config in bootstrap.yml -
spring:
application:
name: localRepoConfig
profiles:
active: native
cloud:
config:
server:
native:
searchLocations: classpath:/config
server:
port: 8888
---
spring:
profiles: development
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
server:
port: 8989
I am able to switch between the native and development profiles now.
The following guide was quite helpful -
kubecloud.io/guide-spring-cloud-config/
Based on the documentation on Spring Cloud Config it sounds like native and git are mutually exclusive and that you can't use both for a single config server.

Resources