Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FISH-338 Create HashiCorp MicroProfile Config Source #4982

Merged
merged 8 commits into from
Nov 24, 2020
Merged

FISH-338 Create HashiCorp MicroProfile Config Source #4982

merged 8 commits into from
Nov 24, 2020

Conversation

MeroRai
Copy link
Member

@MeroRai MeroRai commented Nov 4, 2020
edited
Loading

Description

This is a feature, that allows you to fetch secrets from HashiCrop Vault to be used as a config source for Payara.

Documentation

https://docs.payara.fish/community/docs/5.2020.7/documentation/microprofile/config/cloud/hashicorp.html

jbee
jbee reviewed Nov 11, 2020
View reviewed changes
Copy link
Contributor

@jbee jbee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't really know what a hashi crop is so I just can reason about general things.

.../java/fish/payara/microprofile/config/extensions/hashicrop/HashiCropSecretsConfigSource.java Outdated Show resolved Hide resolved
.../java/fish/payara/microprofile/config/extensions/hashicrop/HashiCropSecretsConfigSource.java Outdated Show resolved Hide resolved
...s/src/main/java/fish/payara/microprofile/config/extensions/hashicrop/model/SecretHolder.java Outdated Show resolved Hide resolved
@smillidge smillidge changed the title FISH-338 Create HashiCrop MicroProfile Config Source FISH-338 Create HashiCorp MicroProfile Config Source Nov 14, 2020
@cubastanley
Copy link
Contributor

jenkins test please

@payara payara deleted a comment from MattGill98 Nov 17, 2020
@payara payara deleted a comment from cubastanley Nov 17, 2020
@payara payara deleted a comment from MarkWareham Nov 17, 2020
@payara payara deleted a comment from cubastanley Nov 17, 2020
@payara payara deleted a comment from cubastanley Nov 17, 2020
@payara payara deleted a comment from payara-ci Nov 17, 2020
@payara payara deleted a comment from cubastanley Nov 17, 2020
@payara payara deleted a comment from MattGill98 Nov 17, 2020
@jbee
Copy link
Contributor

jbee commented Nov 19, 2020

@MeroRai is this ready to be re-reviewed?

MattGill98 and others added 2 commits November 20, 2020 00:05
@MattGill98 @MeroRai
FISH-338 Write Hashicorp Test
6a7e9af 
Fix deserialisation error and write test for fetching properties from
the config source.

Signed-off-by: Matthew Gill <[email protected]>
@MeroRai
FISH-338 Added support for both version of KV Secrets Engine API
418be82
@MeroRai
Copy link
Member Author

MeroRai commented Nov 20, 2020

jenkins test please

@MeroRai MeroRai requested a review from MattGill98 November 20, 2020 00:06
@MeroRai
Copy link
Member Author

MeroRai commented Nov 20, 2020

@jbee @MattGill98 is reviewing it now. Thank you for your earlier reviews.

@MeroRai
Copy link
Member Author

MeroRai commented Nov 20, 2020

jenkins test please

@MeroRai MeroRai requested a review from MattGill98 November 20, 2020 19:44
@MeroRai
Copy link
Member Author

MeroRai commented Nov 20, 2020

jenkins test please

1 similar comment
@MeroRai
Copy link
Member Author

MeroRai commented Nov 23, 2020

jenkins test please

MattGill98
MattGill98 suggested changes Nov 24, 2020
View reviewed changes
Copy link
Contributor

@MattGill98 MattGill98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking much better, just needs a null check before the HTTP calls

.../java/fish/payara/microprofile/config/extensions/hashicorp/HashiCorpSecretsConfigSource.java Show resolved Hide resolved
MattGill98
MattGill98 approved these changes Nov 24, 2020
View reviewed changes
Copy link
Contributor

@MattGill98 MattGill98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed with Susan and this scenario is unlikely

@MattGill98 MattGill98 merged commit 8783380 into payara:master Nov 24, 2020
Pandrex247 pushed a commit to Pandrex247/Payara that referenced this pull request May 4, 2021
@MattGill98
FISH-338 Create HashiCorp MicroProfile Config Source
3e03658 
Merge pull request payara#4982 from MeroRai/FISH-338
Merge pull request payara#5086 from Cousjava/FISH-876-hashicorp-vault-blocking
@marif1989
Copy link

We have at least 70 Java applications and now trying to use the secrets that is saved from vault. The plan is to create no-root tokens in order to access the secrets from vault.
configured all required settings in payara5 server and able to connect to vault and able to get all the required secrets via non-root token.
The problem is non-root tokens are expiring too soon and payara5 is not renewing non-root token automatically and as soon as the token expire connection breaks and no secrets can be fetched from vault.

Reason to use non-root token is java applications must not see the secrets of each other.

Please suggest the possible ways to achieve requirement

Vault configuration is like:

Non-root token A must access only - /DEV/APP-A
Non-root token B must access only - /DEV/APP-B

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbee jbee jbee left review comments

@MattGill98 MattGill98 MattGill98 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@MeroRai @cubastanley @jbee @marif1989 @MattGill98