Enables defining a base path for CredHub credentials (#2521)

Signed-off-by: kvmw <mshamsi@broadcom.com>
spring-cloud · Sep 9, 2024 · 4481536 · 4481536
1 parent 96b5775
commit 4481536
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 4 deletions.
diff --git a/docs/modules/ROOT/pages/server/environment-repository/credhub-backend.adoc b/docs/modules/ROOT/pages/server/environment-repository/credhub-backend.adoc
@@ -106,3 +106,21 @@ spring:
 
 NOTE: The used UAA client-id should have `credhub.read` as scope.
 
+The following table describes the CredHub configuration properties.
+
+|===
+|Property Name |Remarks
+
+|*url*
+|CredHub server URL.
+
+|*path*
+|Base path for all credentials. Optional, defaults to empty.
+
+|*defaultLabel*
+| Default label to use when is not provided by client application. Optional, defaults to `master`.
+
+|*oauth2*
+| OAuth2 configuration to access CredHub. Optional.
+
+|===
diff --git a/...ava/org/springframework/cloud/config/server/environment/CredhubEnvironmentProperties.java b/...ava/org/springframework/cloud/config/server/environment/CredhubEnvironmentProperties.java
@@ -26,18 +26,30 @@
 @ConfigurationProperties("spring.cloud.config.server.credhub")
 public class CredhubEnvironmentProperties implements EnvironmentRepositoryProperties {
 
+	/** The common base path for credentials in CredHub. It is empty by default. */
+	private String path = "";
+
+	/** The default label to be used when is not provided by client applications. */
 	private String defaultLabel = "master";
 
 	private int order = Ordered.LOWEST_PRECEDENCE;
 
-	public void setDefaultLabel(String defaultLabel) {
-		this.defaultLabel = defaultLabel;
+	public String getPath() {
+		return this.path;
+	}
+
+	public void setPath(String path) {
+		this.path = path;
 	}
 
 	public String getDefaultLabel() {
 		return defaultLabel;
 	}
 
+	public void setDefaultLabel(String defaultLabel) {
+		this.defaultLabel = defaultLabel;
+	}
+
 	public int getOrder() {
 		return this.order;
 	}

diff --git a/...ava/org/springframework/cloud/config/server/environment/CredhubEnvironmentRepository.java b/...ava/org/springframework/cloud/config/server/environment/CredhubEnvironmentRepository.java
@@ -16,6 +16,7 @@
 
 package org.springframework.cloud.config.server.environment;
 
+import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@@ -45,6 +46,8 @@ public class CredhubEnvironmentRepository implements EnvironmentRepository, Orde
 
 	private static final String DEFAULT_APPLICATION = "application";
 
+	private final String path;
+
 	private final String defaultLabel;
 
 	private int order;
@@ -58,8 +61,9 @@ public CredhubEnvironmentRepository(CredHubOperations credHubOperations) {
 	public CredhubEnvironmentRepository(CredHubOperations credHubOperations, CredhubEnvironmentProperties properties) {
 		this.credHubOperations = credHubOperations;
 
-		this.order = properties.getOrder();
+		this.path = properties.getPath();
 		this.defaultLabel = properties.getDefaultLabel();
+		this.order = properties.getOrder();
 	}
 
 	@Override
@@ -109,7 +113,7 @@ private void addPropertySource(Environment environment, String application, Stri
 	}
 
 	private Map<Object, Object> findProperties(String application, String profile, String label) {
-		String path = "/" + application + "/" + profile + "/" + label;
+		var path = Path.of("/", this.path, application, profile, label).toString();
 
 		return this.credHubOperations.credentials()
 			.findByPath(path)

diff --git a/...rg/springframework/cloud/config/server/environment/CredhubEnvironmentRepositoryTests.java b/...rg/springframework/cloud/config/server/environment/CredhubEnvironmentRepositoryTests.java
@@ -281,6 +281,28 @@ public void shouldUseCustomDefaultLabelIfProvided() {
 		assertThat(environment.getPropertySources().get(0).getSource()).isEqualTo(Map.of("k2", "v2"));
 	}
 
+	@Test
+	public void shouldUseBasePathIfProvided() {
+		stubCredentials("/base/path/myApp/default/master", credential("c1", "k1", "v1"));
+
+		var credhubOperations = Mockito.mock(CredHubOperations.class);
+		when(credhubOperations.credentials()).thenReturn(this.credhubCredentialOperations);
+
+		var properties = new CredhubEnvironmentProperties();
+		properties.setPath("/base/path");
+
+		var environment = new CredhubEnvironmentRepository(credhubOperations, properties).findOne("myApp", null, null);
+
+		assertThat(environment.getName()).isEqualTo("myApp");
+		assertThat(environment.getProfiles()).containsExactly("default");
+		assertThat(environment.getLabel()).isEqualTo("master");
+
+		assertThat(environment.getPropertySources()).hasSize(1);
+
+		assertThat(environment.getPropertySources().get(0).getName()).isEqualTo("credhub-myApp-default-master");
+		assertThat(environment.getPropertySources().get(0).getSource()).isEqualTo(Map.of("k1", "v1"));
+	}
+
 	@SafeVarargs
 	private void stubCredentials(String path, CredentialDetails<JsonCredential>... details) {
 		when(this.credhubCredentialOperations.findByPath(path)).thenReturn(