From 7c6e09bbf073eaaa786e3d2f1ed8258db12c5c0d Mon Sep 17 00:00:00 2001 From: Haotian Zhang Date: Mon, 16 Oct 2023 19:57:22 +0800 Subject: [PATCH] feat:support configuration encryption. (#1181) --- CHANGELOG.md | 1 + .../polaris/config/ConfigurationModifier.java | 14 +++++++ ...larisConfigBootstrapAutoConfiguration.java | 9 +++- .../config/PolarisCryptoConfigProperties.java | 41 +++++++++++++++++++ .../PolarisConfigDataLocationResolver.java | 30 ++++++++++---- .../configdata/PolarisConfigDataResource.java | 13 +++++- ...itional-spring-configuration-metadata.json | 7 ++++ 7 files changed, 106 insertions(+), 9 deletions(-) create mode 100644 spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java diff --git a/CHANGELOG.md b/CHANGELOG.md index 276e8aac6..5ed05b509 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,3 +15,4 @@ - [fix:fix retry loadbalancer not working bug.](https://github.com/Tencent/spring-cloud-tencent/pull/1154) - [fix:fix header validation when using Chinese char.](https://github.com/Tencent/spring-cloud-tencent/pull/1166) - [fix:remove bcprov-jdk15on dependency.](https://github.com/Tencent/spring-cloud-tencent/pull/1177) +- [feat:support configuration encryption.](https://github.com/Tencent/spring-cloud-tencent/pull/1181) diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java index 8513ecf7f..4b53d8305 100644 --- a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java +++ b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java @@ -19,14 +19,17 @@ package com.tencent.cloud.polaris.config; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import com.tencent.cloud.common.constant.OrderConstant; import com.tencent.cloud.common.util.AddressUtils; import com.tencent.cloud.polaris.config.config.PolarisConfigProperties; +import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties; import com.tencent.cloud.polaris.context.PolarisConfigModifier; import com.tencent.cloud.polaris.context.config.PolarisContextProperties; import com.tencent.polaris.factory.config.ConfigurationImpl; +import com.tencent.polaris.factory.config.configuration.ConfigFilterConfigImpl; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -47,11 +50,15 @@ public class ConfigurationModifier implements PolarisConfigModifier { private final PolarisConfigProperties polarisConfigProperties; + private final PolarisCryptoConfigProperties polarisCryptoConfigProperties; + private final PolarisContextProperties polarisContextProperties; public ConfigurationModifier(PolarisConfigProperties polarisConfigProperties, + PolarisCryptoConfigProperties polarisCryptoConfigProperties, PolarisContextProperties polarisContextProperties) { this.polarisConfigProperties = polarisConfigProperties; + this.polarisCryptoConfigProperties = polarisCryptoConfigProperties; this.polarisContextProperties = polarisContextProperties; } @@ -66,6 +73,13 @@ public class ConfigurationModifier implements PolarisConfigModifier { else { throw new RuntimeException("Unsupported config data source"); } + + ConfigFilterConfigImpl configFilterConfig = configuration.getConfigFile().getConfigFilterConfig(); + configFilterConfig.setEnable(polarisCryptoConfigProperties.isEnabled()); + if (polarisCryptoConfigProperties.isEnabled()) { + configFilterConfig.getChain().add("crypto"); + configFilterConfig.getPlugin().put("crypto", Collections.singletonMap("type", "AES")); + } } private void initByLocalDataSource(ConfigurationImpl configuration) { diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java index eb2d25325..2383cbf6b 100644 --- a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java +++ b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java @@ -23,6 +23,7 @@ import com.tencent.cloud.polaris.config.adapter.PolarisConfigFileLocator; import com.tencent.cloud.polaris.config.adapter.PolarisPropertySourceManager; import com.tencent.cloud.polaris.config.condition.ConditionalOnReflectRefreshType; import com.tencent.cloud.polaris.config.config.PolarisConfigProperties; +import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties; import com.tencent.cloud.polaris.context.PolarisSDKContextManager; import com.tencent.cloud.polaris.context.config.PolarisContextAutoConfiguration; import com.tencent.cloud.polaris.context.config.PolarisContextProperties; @@ -53,6 +54,11 @@ public class PolarisConfigBootstrapAutoConfiguration { return new PolarisConfigProperties(); } + @Bean + public PolarisCryptoConfigProperties polarisCryptoConfigProperties() { + return new PolarisCryptoConfigProperties(); + } + @Bean @ConditionalOnMissingBean public PolarisPropertySourceManager polarisPropertySourceManager() { @@ -81,8 +87,9 @@ public class PolarisConfigBootstrapAutoConfiguration { @Bean @ConditionalOnConnectRemoteServerEnabled public ConfigurationModifier configurationModifier(PolarisConfigProperties polarisConfigProperties, + PolarisCryptoConfigProperties polarisCryptoConfigProperties, PolarisContextProperties polarisContextProperties) { - return new ConfigurationModifier(polarisConfigProperties, polarisContextProperties); + return new ConfigurationModifier(polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties); } @Bean diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java new file mode 100644 index 000000000..3d891ee4d --- /dev/null +++ b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java @@ -0,0 +1,41 @@ +/* + * Tencent is pleased to support the open source community by making Spring Cloud Tencent available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * Licensed under the BSD 3-Clause License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://opensource.org/licenses/BSD-3-Clause + * + * Unless required by applicable law or agreed to in writing, software distributed + * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + * CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + * + */ +package com.tencent.cloud.polaris.config.config; + +import org.springframework.boot.context.properties.ConfigurationProperties; + +/** + * polaris config module bootstrap configs. + * + * @author lepdou 2022-03-10 + */ +@ConfigurationProperties("spring.cloud.polaris.config.crypto") +public class PolarisCryptoConfigProperties { + /** + * Whether to open the configuration crypto. + */ + private boolean enabled = true; + + public boolean isEnabled() { + return enabled; + } + + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } +} diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/configdata/PolarisConfigDataLocationResolver.java b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/configdata/PolarisConfigDataLocationResolver.java index 82026b1da..f55d0261c 100644 --- a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/configdata/PolarisConfigDataLocationResolver.java +++ b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/configdata/PolarisConfigDataLocationResolver.java @@ -25,6 +25,7 @@ import java.util.Objects; import com.tencent.cloud.polaris.config.ConfigurationModifier; import com.tencent.cloud.polaris.config.adapter.PolarisPropertySourceManager; import com.tencent.cloud.polaris.config.config.PolarisConfigProperties; +import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties; import com.tencent.cloud.polaris.context.ModifyAddress; import com.tencent.cloud.polaris.context.PolarisConfigModifier; import com.tencent.cloud.polaris.context.config.PolarisContextProperties; @@ -118,6 +119,15 @@ public class PolarisConfigDataLocationResolver implements polarisConfigProperties = new PolarisConfigProperties(); } + PolarisCryptoConfigProperties polarisCryptoConfigProperties = loadPolarisConfigProperties( + resolverContext, + PolarisCryptoConfigProperties.class, + POLARIS_PREFIX + ".config.crypto" + ); + if (Objects.isNull(polarisCryptoConfigProperties)) { + polarisCryptoConfigProperties = new PolarisCryptoConfigProperties(); + } + PolarisContextProperties polarisContextProperties = loadPolarisConfigProperties( resolverContext, PolarisContextProperties.class, @@ -128,11 +138,14 @@ public class PolarisConfigDataLocationResolver implements } // prepare and init earlier Polaris SDKContext to pull config files from remote. - prepareAndInitEarlierPolarisSdkContext(resolverContext, polarisConfigProperties, polarisContextProperties); + prepareAndInitEarlierPolarisSdkContext(resolverContext, polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties); bootstrapContext.registerIfAbsent(PolarisConfigProperties.class, BootstrapRegistry.InstanceSupplier.of(polarisConfigProperties)); + bootstrapContext.registerIfAbsent(PolarisCryptoConfigProperties.class, + BootstrapRegistry.InstanceSupplier.of(polarisCryptoConfigProperties)); + bootstrapContext.registerIfAbsent(PolarisContextProperties.class, BootstrapRegistry.InstanceSupplier.of(polarisContextProperties)); @@ -152,7 +165,7 @@ public class PolarisConfigDataLocationResolver implements ); return loadConfigDataResources(resolverContext, - location, profiles, polarisConfigProperties, polarisContextProperties); + location, profiles, polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties); } @Override @@ -189,6 +202,7 @@ public class PolarisConfigDataLocationResolver implements ConfigDataLocation location, Profiles profiles, PolarisConfigProperties polarisConfigProperties, + PolarisCryptoConfigProperties polarisCryptoConfigProperties, PolarisContextProperties polarisContextProperties) { List result = new ArrayList<>(); boolean optional = location.isOptional(); @@ -209,6 +223,7 @@ public class PolarisConfigDataLocationResolver implements } PolarisConfigDataResource polarisConfigDataResource = new PolarisConfigDataResource( polarisConfigProperties, + polarisCryptoConfigProperties, polarisContextProperties, profiles, optional, fileName, groupName, serviceName @@ -246,12 +261,12 @@ public class PolarisConfigDataLocationResolver implements } private void prepareAndInitEarlierPolarisSdkContext(ConfigDataLocationResolverContext resolverContext, - PolarisConfigProperties polarisConfigProperties, + PolarisConfigProperties polarisConfigProperties, PolarisCryptoConfigProperties polarisCryptoConfigProperties, PolarisContextProperties polarisContextProperties) { ConfigurableBootstrapContext bootstrapContext = resolverContext.getBootstrapContext(); if (!bootstrapContext.isRegistered(SDKContext.class)) { SDKContext sdkContext = sdkContext(resolverContext, - polarisConfigProperties, polarisContextProperties); + polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties); sdkContext.init(); bootstrapContext.register(SDKContext.class, BootstrapRegistry.InstanceSupplier.of(sdkContext)); } @@ -259,9 +274,9 @@ public class PolarisConfigDataLocationResolver implements } private SDKContext sdkContext(ConfigDataLocationResolverContext resolverContext, - PolarisConfigProperties polarisConfigProperties, + PolarisConfigProperties polarisConfigProperties, PolarisCryptoConfigProperties polarisCryptoConfigProperties, PolarisContextProperties polarisContextProperties) { - List modifierList = modifierList(polarisConfigProperties, polarisContextProperties); + List modifierList = modifierList(polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties); return SDKContext.initContextByConfig(polarisContextProperties.configuration(modifierList, () -> { return loadPolarisConfigProperties(resolverContext, String.class, "spring.cloud.client.ip-address"); }, () -> { @@ -270,13 +285,14 @@ public class PolarisConfigDataLocationResolver implements } private List modifierList(PolarisConfigProperties polarisConfigProperties, + PolarisCryptoConfigProperties polarisCryptoConfigProperties, PolarisContextProperties polarisContextProperties) { // add ModifyAddress and ConfigurationModifier to load SDKContext List modifierList = new ArrayList<>(); ModifyAddress modifyAddress = new ModifyAddress(polarisContextProperties); ConfigurationModifier configurationModifier = new ConfigurationModifier(polarisConfigProperties, - polarisContextProperties); + polarisCryptoConfigProperties, polarisContextProperties); modifierList.add(modifyAddress); modifierList.add(configurationModifier); return modifierList; diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/configdata/PolarisConfigDataResource.java b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/configdata/PolarisConfigDataResource.java index ee76e9f18..2a2fa45ac 100644 --- a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/configdata/PolarisConfigDataResource.java +++ b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/configdata/PolarisConfigDataResource.java @@ -20,6 +20,7 @@ package com.tencent.cloud.polaris.config.configdata; import java.util.Objects; import com.tencent.cloud.polaris.config.config.PolarisConfigProperties; +import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties; import com.tencent.cloud.polaris.context.config.PolarisContextProperties; import org.springframework.boot.context.config.ConfigData; @@ -35,6 +36,8 @@ public class PolarisConfigDataResource extends ConfigDataResource { private final PolarisConfigProperties polarisConfigProperties; + private final PolarisCryptoConfigProperties polarisCryptoConfigProperties; + private final PolarisContextProperties polarisContextProperties; private final Profiles profiles; @@ -48,10 +51,12 @@ public class PolarisConfigDataResource extends ConfigDataResource { private final String serviceName; public PolarisConfigDataResource(PolarisConfigProperties polarisConfigProperties, + PolarisCryptoConfigProperties polarisCryptoConfigProperties, PolarisContextProperties polarisContextProperties, Profiles profiles, boolean optional, String fileName, String groupName, String serviceName) { this.polarisConfigProperties = polarisConfigProperties; + this.polarisCryptoConfigProperties = polarisCryptoConfigProperties; this.polarisContextProperties = polarisContextProperties; this.profiles = profiles; this.optional = optional; @@ -64,6 +69,10 @@ public class PolarisConfigDataResource extends ConfigDataResource { return polarisConfigProperties; } + public PolarisCryptoConfigProperties getPolarisCryptoConfigProperties() { + return polarisCryptoConfigProperties; + } + public PolarisContextProperties getPolarisContextProperties() { return polarisContextProperties; } @@ -99,6 +108,7 @@ public class PolarisConfigDataResource extends ConfigDataResource { PolarisConfigDataResource that = (PolarisConfigDataResource) o; return optional == that.optional && polarisConfigProperties.equals(that.polarisConfigProperties) && + polarisCryptoConfigProperties.equals(that.polarisCryptoConfigProperties) && polarisContextProperties.equals(that.polarisContextProperties) && profiles.equals(that.profiles) && fileName.equals(that.fileName) && @@ -108,6 +118,7 @@ public class PolarisConfigDataResource extends ConfigDataResource { @Override public int hashCode() { - return Objects.hash(polarisConfigProperties, polarisContextProperties, profiles, optional, fileName, groupName, serviceName); + return Objects.hash(polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties, profiles, + optional, fileName, groupName, serviceName); } } diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/spring-cloud-starter-tencent-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json index 5aeb7a04b..9ca79a7ab 100644 --- a/spring-cloud-starter-tencent-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json +++ b/spring-cloud-starter-tencent-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json @@ -77,6 +77,13 @@ "type": "java.lang.String", "defaultValue": "./polaris/backup/config", "description": "Where to load config file, polaris or local." + }, + { + "name": "spring.cloud.polaris.config.crypto.enabled", + "type": "java.lang.Boolean", + "defaultValue": "true", + "description": "Whether to open the configuration crypto.", + "sourceType": "com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties" } ] }