Implement plain text decryption. (spring-cloud#865)#1417
Closed
sstiglitz wants to merge 1 commit intospring-cloud:masterfrom
sstiglitz:rebase-for-publish
Closed
Implement plain text decryption. (spring-cloud#865)#1417sstiglitz wants to merge 1 commit intospring-cloud:masterfrom sstiglitz:rebase-for-publish
sstiglitz wants to merge 1 commit intospring-cloud:masterfrom
sstiglitz:rebase-for-publish
Conversation
This implements the feature request made in GH-865. It adds support to decrypt properties being served as plain text through the ResourcesController. Only JSON, YAML, and Properties file extensions are supported. Add unit tests around the new feature. Add documentation for the new feature.
|
@sstiglitz Please sign the Contributor License Agreement! Click here to manually synchronize the status of this Pull Request. See the FAQ for frequently asked questions. |
|
@sstiglitz Thank you for signing the Contributor License Agreement! |
Codecov Report
@@ Coverage Diff @@
## master #1417 +/- ##
===========================================
+ Coverage 78.19% 78.5% +0.31%
- Complexity 1028 1055 +27
===========================================
Files 126 131 +5
Lines 3697 3783 +86
Branches 522 531 +9
===========================================
+ Hits 2891 2970 +79
- Misses 625 630 +5
- Partials 181 183 +2
Continue to review full report at Codecov.
|
3 similar comments
Codecov Report
@@ Coverage Diff @@
## master #1417 +/- ##
===========================================
+ Coverage 78.19% 78.5% +0.31%
- Complexity 1028 1055 +27
===========================================
Files 126 131 +5
Lines 3697 3783 +86
Branches 522 531 +9
===========================================
+ Hits 2891 2970 +79
- Misses 625 630 +5
- Partials 181 183 +2
Continue to review full report at Codecov.
|
Codecov Report
@@ Coverage Diff @@
## master #1417 +/- ##
===========================================
+ Coverage 78.19% 78.5% +0.31%
- Complexity 1028 1055 +27
===========================================
Files 126 131 +5
Lines 3697 3783 +86
Branches 522 531 +9
===========================================
+ Hits 2891 2970 +79
- Misses 625 630 +5
- Partials 181 183 +2
Continue to review full report at Codecov.
|
Codecov Report
@@ Coverage Diff @@
## master #1417 +/- ##
===========================================
+ Coverage 78.19% 78.5% +0.31%
- Complexity 1028 1055 +27
===========================================
Files 126 131 +5
Lines 3697 3783 +86
Branches 522 531 +9
===========================================
+ Hits 2891 2970 +79
- Misses 625 630 +5
- Partials 181 183 +2
Continue to review full report at Codecov.
|
ryanjbaxter
approved these changes
Jul 3, 2019
Contributor
ryanjbaxter
left a comment
ryanjbaxter
left a comment
There was a problem hiding this comment.
Thanks! This looks pretty good to me!
Contributor
|
@sstiglitz could you update the PR to resolve the merge conflicts? |
Contributor
|
ping @sstiglitz |
Contributor
|
Closed via 8025d7d |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This implements the feature request made in GH-865. It adds support to decrypt properties being served as plain text through the ResourcesController. Only JSON, YAML, and Properties file extensions are
supported.
Design considerations.
On/off of this feature is through setting both
spring.cloud.config.server.encrypt.enabled(existing setting) andspring.cloud.config.server.encrypt.plainTextEncrypt(entirely new setting) totrue. By default, plainTextEncrypt isfalse. This is to ensure backwards compatibility and not break existing users which may be expecting encrypted values. The dual enable is a little clunky to me, but couldn't think of a better way given existing features.spring.cloud.config.server.encrypt.enabledset tofalseis supposed to turn of decryption entirely so a dependency on this setting seemed right to not break the contract. Please let me know your thoughts.Notice I say file extensions above. Not file types. For example, a file with a ".json" extension is assumed to be JSON. If it's just text, the system will end up throwing an error due to not being able to parse JSON. I figured a proper file type check was unnecessary given the precedent already being set within EnvironmentController and this being a system-to-system application targeted at developers/operations who can be trusted to maintain consistency between file extensions and file types.
If a file extension is unsupported, but this new feature is enabled, the unencrypted file will be served and WARN log event will trigger. I see-saw'ed over throwing an exception, but that didn't seem right as a person may want decrypted values when supported, but the untouched file when unsupported. I wasn't sure about the log event either as it might fill up log files on a busy server. Doing nothing at all seems like an equally okay option, but please let me know your thoughts.
There is a new dependency to handle YAML parsing. It's using a Jackson YAML module. SnakeYml has similar parsing capabilities, but using Jackson offered good code reuse in an environment already using Jackson, so this seemed like a better choice.