feat: support for spring.config.import GCP Secret Manager
#1204
Conversation
...ain/java/com/google/cloud/spring/autoconfigure/secretmanager/GcpSecretManagerProperties.java
Show resolved
Hide resolved
...ava/com/google/cloud/spring/autoconfigure/secretmanager/SecretManagerConfigDataResource.java
Show resolved
Hide resolved
.../google/cloud/spring/autoconfigure/secretmanager/GcpSecretManagerBootstrapConfiguration.java
Outdated
Show resolved
Hide resolved
.../java/com/google/cloud/spring/autoconfigure/secretmanager/SecretManagerConfigDataLoader.java
Outdated
Show resolved
Hide resolved
spring-cloud-gcp-starters/spring-cloud-gcp-starter-secretmanager/pom.xml
Outdated
Show resolved
Hide resolved
.../java/com/google/cloud/spring/autoconfigure/secretmanager/SecretManagerConfigDataLoader.java
Outdated
Show resolved
Hide resolved
...google/cloud/spring/autoconfigure/secretmanager/SecretManagerConfigDataLocationResolver.java
Outdated
Show resolved
Hide resolved
...google/cloud/spring/autoconfigure/secretmanager/SecretManagerConfigDataLocationResolver.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
I've tested everything, and functionality is great -- everything works, even when both legacy and config.data ways work together. Having refresh work is also awesome.
I have a
I've been thinking about the different usage scenarios for Secret Manager, and realized I was missing the one where users don't need property discovery, but still want things like SecretManagerTemplate autoconfigured.
-
Users still on the "old" system of using legacy bootstrap phase. This should be the default, and they should both get
SecretManagerTemplateautoconfigured, and have "sm://property" type values resolved. -
Users on the new system -- they would have "spring.config.import=sm://" in application.properties and "spring.cloud.gcp.secretmanager.legacy=false" in bootstrap.properities. They should get
SecretManagerTemplateautoconfigured, and have "sm://property" type values resolved, just like in (1). -
Users with ""spring.cloud.gcp.secretmanager.legacy=false" and no "spring.config.import=sm://" -- the end result here is that "sm://" properties do not get resolved at all, but these users still need
SecretManagerTemplateto be autoconfigured. Currently, this is a completely contrived scenario because why would someone do that? But once we remove the legacy bootstrap option in the next major release, this will be a common default scenario.
To make sure we are covering these options, could you add an autoconfiguration test similar to SecretManagerBootstrapConfigurationTests where those 3 scenarios are tested?
To do so, you'll need to mock out the real SecretManagerClient. Take a look at SecretManagerBootstrapConfigurationTests.secretManagerClient() -- this works because the boostrap configuration has @ConditionalOnMissingBean. Since you are programmatically registering the client instead, this exact approach won't work, but I think the current implementation using context.getBootstrapContext().registerIfAbsent() will do something similar and avoid creating a real client if a mock one is already present in context. You'll have to test it.
...-gcp-samples/spring-cloud-gcp-secretmanager-sample/src/main/resources/application.properties
Outdated
Show resolved
Hide resolved
...ing-cloud-gcp-secretmanager-sample/src/main/java/com/example/SecretManagerWebController.java
Outdated
Show resolved
Hide resolved
JoeWang1127
force-pushed
the
feature/support-spring-config-import-for-SecretManager
branch
from
e35153c to
f6181b6
Compare
Unit tests on different scenarios are added. |
spring-cloud-gcp-samples/spring-cloud-gcp-secretmanager-sample/README.adoc
Outdated
Show resolved
Hide resolved
spring-cloud-gcp-samples/spring-cloud-gcp-secretmanager-sample/README.adoc
Outdated
Show resolved
Hide resolved
spring-cloud-gcp-samples/spring-cloud-gcp-secretmanager-sample/README.adoc
Outdated
Show resolved
Hide resolved
spring-cloud-gcp-samples/spring-cloud-gcp-secretmanager-sample/README.adoc
Outdated
Show resolved
Hide resolved
...ava/com/google/cloud/spring/autoconfigure/secretmanager/SecretManagerCompatibilityTests.java
Show resolved
Hide resolved
...ud-gcp-samples/spring-cloud-gcp-secretmanager-sample/src/main/resources/templates/index.html
Outdated
Show resolved
Hide resolved
...ava/com/google/cloud/spring/autoconfigure/secretmanager/SecretManagerCompatibilityTests.java
Show resolved
Hide resolved
...ava/com/google/cloud/spring/autoconfigure/secretmanager/SecretManagerCompatibilityTests.java
Outdated
Show resolved
Hide resolved
...ing-cloud-gcp-secretmanager-sample/src/main/java/com/example/SecretManagerWebController.java
Outdated
Show resolved
Hide resolved
…ect template manually.
JoeWang1127
force-pushed
the
feature/support-spring-config-import-for-SecretManager
branch
from
f359552 to
ba52c81
Compare
|
Kudos, SonarCloud Quality Gate passed! |
JoeWang1127
deleted the
feature/support-spring-config-import-for-SecretManager
branch
…oudPlatform#1204) * feat: support for GCP Secret Manager * add copyright info * use auto configuration rather than registering service client and serect template manually. * fix broken unit tests * disable old boostrap way; enable new config data way * deprecate bootstrap configuration for secret manager * remove legacy dependency: spring-cloud-starter-bootstrap * enable for secret manager * restore secret manager resource converter * modify secret manager sample application to enable secret refreshing mechanism * fix broken test * restore sm bootstrap configuration to fix broken uts * add copyright info * add related commit * fix broken unit test * fix broken unit test * fix broken unit test * disable a broken unit test * prevent creating a new client while refreshing * refactor after code review * register sm client lazily * fix broken test * fix broken sm intergration test * change method signature for testing * increase code coverage * modify secret manager sample for integration test in pipeline * remove broken unit test * bring back legacy dependency to avoid breaking changes * refactor code according to code review * instruct the user on how to enable spring boot's config data api * refactor code after code review * disable SecretManagerPropertySourceLocator bean when the user enable * add unit tests to check compatibility of secret manager * add docs on how to refresh secrets * modify sample project for backward compatibility * remove public identifier in test class * add instructions on secret refreshing in docs * change secret value in * modify secret manager sample app to emphasize on refreshing secrets * update docs of secret manager * update wording in secret manager docs Co-authored-by: Elena Felder <41136058+elefeint@users.noreply.github.com>
External resources from GCP Secret Manager can be imported to custom project by add the following line in the
application.properties:spring.config.import=sm://This feature is implemented using Spring Boot’s Config Data API, more info can be found in here
fix #149
Users who want to use this feature should either exclude
<artifactId>spring-cloud-starter-bootstrap</artifactId>from their dependency or to setspring.cloud.gcp.secretmanager.legacy=false