I have Spring Boot based application deployed to AWS EC2 instances. The application is a Spring Cloud Config Client.
I would like to configure the URL to my Spring Cloud Config Server via AWS user data (using Spring Cloud AWS).
I can already access the user data via #Value annotations. However if I try to refer to user data inside bootstrap.yml, it's not able to resolve it.
spring:
application:
name: network-device-service
cloud:
config:
uri: ${SPRING_CONFIG_URI}
Any ideas if this it at all possible in bootstrap.yml?
Related
I want to add the ability to microservices to allow configuring endpoints and permissions for RBAC via Cloud Config Server. So if there is a service called mordor, then if I add following properties in its application.yml at Cloud Config Server's repo
rbac:
- endpoint: /v1/test1
method: GET
scopes: ["rest-write:all", "read-write:product"]
- endpoint: /v1/test2
method: POST
scopes: ["read-write:product"]
the endpoints mentioned above should be configured for RBAC. As of now, I am passing the scopes and permissions via Auth0 JWT and using it for authentication. But with this, I will be able to add RBAC also based on the permissions I configure in Auth0's dashboard.
What is the best way to proceed with this?
I am able to get the rbac endpoints from Cloud Config Server but the problem is how to add them to Spring Security. I already have a class OAuth2SecurityConfiguerer where httpSecurity is configured but I haven't been able to add endpoints to Spring Security because it might require iterating over the endpoints obtained from Cloud Config Server
I'm using the Azure key vaults just follow this doc.
and spring cloud config server ,
i put the configurations of key vaults in spring cloud config
but found out when application start, the Azure key vaults is load before spring cloud config
so means i can not get the azure configs in spring cloud.
is there a way to change the load sequence?
make the spring cloud configs load in firstly
I have a vault server hosted in Openshift and I have to access secrets from the Vault into my spring application.
My bootstrap.yml looks like this :
spring:
application:
name: application-name
profiles: dev
cloud:
vault:
fail-fast: true
host: HOST
port: 443
scheme: https
token: MY_TOKEN
authentication: TOKEN
kv:
enabled: true
backend: secret
profile-separator: '/'
application-name: application-name
I checked vault logs and able to make connection from spring application to vault.
I can access the secret using Value Property Source.
However, I want to populate the secret's value into application.properties to update properties like spring.datasource.username and spring.datasource.password.
Is there any way to access the secret directly from application.properties?
TL; DR: Yes, you can use Vault properties in application.(properties|yml). It's not recommended to use these in bootstrap.(properties.yml).
Spring Cloud comes with a Bootstrap context where configuration libraries (such as Spring Cloud Consul, Spring Cloud Config and Spring Cloud Vault) are initialized. These integrations fetch configuration and provide these as a parent PropertySources to your application. Spring Boot considers these (you have options to use these PropertySources with the highest/lowest priority) during property binding and when you resolve a property value using Environment.
When bootstrapping an application, then typically one of the first things that happen is property binding in #ConfigurationProperties objects. At the time when bootstrap.(properties|yml) is loaded, typically Spring Cloud Config integrations didn't run yet so at that time you don't see properties contributed by these libraries. Therefore, there's the split between bootstrap context and the actual application context.
I am trying to setup a Spring Boot Admin server on a Cloud foundry. I am using the client Spring Cloud Discovery with SimpleDiscoveryClient configuration. We are not having any Thrid Party service discovery client like eureka. I can see the service getting registered to the spring boot admin server. But when i scale up any service, i see only one instance of that service and the actual number of instances are not reflected. I would like to know if that is possible without Eureka or any other service discovery, if yes how to achieve that without them.
Thanks
I'm having a problem with how to use just Netflix Archaius to work as a config server for multiple Spring Boot microservices. Previously when I applied Eureka and Spring Cloud Config Server in my multiple-services project built with Spring Boot, each microservie would get its own .properties file from the Spring Cloud Config server through the discovery function of the Eureka service. But now I need to change the Spring Cloud Config Server into a Netflix Archaius service, from which the Spring Boot microservices will get .properties file, i have no idea about how to achieve it. Is there any good idea for my reference? Thanks in advance.
Finally I gave up using Netflix Archaius to pull properties file for microservices. Instead, I wrote down required key-value-pair properties into the application.properties of each springboot microservice. Since all the springboot microservices will be deployed in the DCOS platform in the form of docker containers, some inconstant properties were configured into the marathon deployment scripts, which could be populated into the springboot applet. In this way I managed to configure the key-value-pair properties from the outside instead of being hardcoded in the program codes.