Add support for Vault #42
Conversation
for issue #2
| throw new VaultException("Vault is sealed"); | ||
| } | ||
| } catch (VaultException ignoredException) { | ||
| ignoredException.printStackTrace(); |
There was a problem hiding this comment.
what will happen if the Vault instance will not be initiated here?
| SECRET_DEFAULT_PATH = environmentLoader.loadVariable("VAULT_SECRETS_PATH"); | ||
| } | ||
|
|
||
| public VaultConfigSource(Optional<VaultConfig> config) { |
There was a problem hiding this comment.
add javadocs for environment variables
| return response.getData().entrySet().stream().map(LoadedConfigProperty::withNameAndValue).map(Builder::build) | ||
| .collect(Collectors.toMap(LoadedConfigProperty::name, Function.identity())); | ||
| } catch (VaultException ignoredException) { | ||
| return new HashMap<>(); |
There was a problem hiding this comment.
how will the consumer behave in case of an empty collection is returned? will it try to re-fetch a config property in case the property is missing from the returned map? will propagating the exception will be a better solution here?
more Changes should me made
| throw new VaultException("Missing Vault token"); | ||
| } | ||
| vault = new Vault(cfg.build()); | ||
| checkVaultHealth(); |
There was a problem hiding this comment.
There's no need to call checkVaultHealth() from constructor. Upon bootstrap, at first time, loadConfig() would be called from main thread anyway.
|
|
||
| import static org.hamcrest.CoreMatchers.*; | ||
| import static org.junit.Assert.*; | ||
|
|
There was a problem hiding this comment.
Could you please adjust eclipse settings to not to put those asterisks in imports.
| public Map<String, ConfigProperty> loadConfig() { | ||
| try { | ||
| checkVaultHealth(); | ||
| } catch (VaultException ignoredException) { |
There was a problem hiding this comment.
ignoredException is not that ignored, please rename
| * This class is a {@link ConfigSource} implemented for Vault | ||
| * | ||
| * @author AharonHa | ||
| * @see The Vault Project's site at {@link https://www.vaultproject.io/} |
There was a problem hiding this comment.
This @see is highlighted in read in IDE, looks like wrong @see format
There was a problem hiding this comment.
please no @ author in code need to fix ide to omit this in javadocs
| } finally { | ||
| vaultContainer2.stop(); | ||
| } | ||
|
|
There was a problem hiding this comment.
Please add test scenario for checking Vault 'polling' behaviour:
- Vault container is up and running
- Wait in the tests a time equal to
ConfigRegistrySettings.reloadIntervalSec(by default it's 15 secs but can be overriden) - Check that after succesfull reload props are still at place
This is green scenario, everything should work fine, and successful reloads must not affect loaded props.
Please add test scenario for checking Vault 'connection loss' behavior:
- Vault container is up and running
- Wait in the tests a time equal to
ConfigRegistrySettings.reloadIntervalSec(give it a chance to reload before going offline) - Shutdown Vault container
- Wait in the tests a time equal to
ConfigRegistrySettings.reloadIntervalSec - Check that loaded properties remained unaffected (not returning null, not returning default values )
This is red scenario, something we don't expect often, but want be prepared for; after disconnection to Vault properties which has been loaded and sitting in jvm memory should be unaffected by further disconnections of config source and any issues that config source might face.
| */ | ||
| VaultConfigSource(EnvironmentLoader environmentLoader) { | ||
| this(Optional.of(new VaultConfig().environmentLoader(environmentLoader))); | ||
| SECRET_DEFAULT_PATH = environmentLoader.loadVariable("VAULT_SECRETS_PATH"); |
There was a problem hiding this comment.
Please move "VAULT_SECRETS_PATH" constant to some internal class constant
|
|
||
| private static final Logger LOGGER = LoggerFactory.getLogger(VaultConfigSource.class); | ||
| private Vault vault; | ||
| private String SECRET_DEFAULT_PATH; |
There was a problem hiding this comment.
SECRET_DEFAULT_PATH is not constant, let's lower case it
| * | ||
| */ | ||
|
|
||
| public VaultConfigSource(Optional<VaultConfig> config) { |
There was a problem hiding this comment.
Looks like we need only
- token
- address
- and VAULT_SECRETS_PATH
There was a problem hiding this comment.
+new builder class
(maybe because seal status is stronger?)
| } | ||
|
|
||
| /** | ||
| * Create a new {@link VaultConfigSource} with the given {@link VaultConfig}. <br> |
There was a problem hiding this comment.
This javadoc does not match with constructor signature.
There was a problem hiding this comment.
There are still some outdated javadoc for constructor.
I mean this part "Default configurations can also be used by passing {@link Optional#empty() empty}." and so on.
| * | ||
| */ | ||
|
|
||
| VaultConfigSource(VaultConfigSource.Builder builder) { |
There was a problem hiding this comment.
I guess it's better to make constructor private.
Also you can write just Builder instead of VaultConfigSource.Builder.
There was a problem hiding this comment.
The constructor is package protected because otherwise it would have this warning:
Access to enclosing constructor VaultConfigSource(VaultConfigSource.Builder) is emulated by a synthetic accessor method
fixed the param & javadocs
| this.secretsPath = builder.secretsPath(); | ||
| try { | ||
| vault = new Vault(builder.config); | ||
| checkVaultStatus(); |
There was a problem hiding this comment.
Do we actually need checkVaultStatus() in constructor?
It is called anyway from loadConfig() every time.
| checkVaultStatus(); | ||
| } catch (VaultException exception) { | ||
| LOGGER.error("unable to build vault config source", exception); | ||
| vault = null; |
There was a problem hiding this comment.
I guess it is not good idea to set vault as null, because if VaultException happens in constructor we have instance of VaultConfigSource without correct vault (actually null) and we can't do anything with this.
I mean we can't reinitialize vault one more time in this particular instance of VaultConfigSource so we don't need to create that instance at all.
| } | ||
| } | ||
|
|
||
| private void checkVaultStatus() throws VaultException { |
There was a problem hiding this comment.
Do we actually need to check status this way?
I mean we can just use Logical.read and Vault throws exceptions if something wrong.
Why do we need manually check health if we don't do anything only throw exception.
There was a problem hiding this comment.
read() method does not tell you if vault is currently sealed or not initialized. it throws the REST 404 or 500 wrapped message.
|
Everything is great, but |
artem-v
force-pushed
the
support_secured_properties_#2
branch
from
6a548d9 to
e6e9010
Compare
aharonha
force-pushed
the
support_secured_properties_#2
branch
from
f827842 to
c1bce27
Compare
* Add support for Vault
for issue #2