feat:support configuration encryption. (#1181)

pull/1185/head
Haotian Zhang 1 year ago committed by GitHub
parent 5a3393debe
commit 7c6e09bbf0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -15,3 +15,4 @@
- [fix:fix retry loadbalancer not working bug.](https://github.com/Tencent/spring-cloud-tencent/pull/1154) - [fix:fix retry loadbalancer not working bug.](https://github.com/Tencent/spring-cloud-tencent/pull/1154)
- [fix:fix header validation when using Chinese char.](https://github.com/Tencent/spring-cloud-tencent/pull/1166) - [fix:fix header validation when using Chinese char.](https://github.com/Tencent/spring-cloud-tencent/pull/1166)
- [fix:remove bcprov-jdk15on dependency.](https://github.com/Tencent/spring-cloud-tencent/pull/1177) - [fix:remove bcprov-jdk15on dependency.](https://github.com/Tencent/spring-cloud-tencent/pull/1177)
- [feat:support configuration encryption.](https://github.com/Tencent/spring-cloud-tencent/pull/1181)

@ -19,14 +19,17 @@
package com.tencent.cloud.polaris.config; package com.tencent.cloud.polaris.config;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections;
import java.util.List; import java.util.List;
import com.tencent.cloud.common.constant.OrderConstant; import com.tencent.cloud.common.constant.OrderConstant;
import com.tencent.cloud.common.util.AddressUtils; import com.tencent.cloud.common.util.AddressUtils;
import com.tencent.cloud.polaris.config.config.PolarisConfigProperties; import com.tencent.cloud.polaris.config.config.PolarisConfigProperties;
import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties;
import com.tencent.cloud.polaris.context.PolarisConfigModifier; import com.tencent.cloud.polaris.context.PolarisConfigModifier;
import com.tencent.cloud.polaris.context.config.PolarisContextProperties; import com.tencent.cloud.polaris.context.config.PolarisContextProperties;
import com.tencent.polaris.factory.config.ConfigurationImpl; import com.tencent.polaris.factory.config.ConfigurationImpl;
import com.tencent.polaris.factory.config.configuration.ConfigFilterConfigImpl;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -47,11 +50,15 @@ public class ConfigurationModifier implements PolarisConfigModifier {
private final PolarisConfigProperties polarisConfigProperties; private final PolarisConfigProperties polarisConfigProperties;
private final PolarisCryptoConfigProperties polarisCryptoConfigProperties;
private final PolarisContextProperties polarisContextProperties; private final PolarisContextProperties polarisContextProperties;
public ConfigurationModifier(PolarisConfigProperties polarisConfigProperties, public ConfigurationModifier(PolarisConfigProperties polarisConfigProperties,
PolarisCryptoConfigProperties polarisCryptoConfigProperties,
PolarisContextProperties polarisContextProperties) { PolarisContextProperties polarisContextProperties) {
this.polarisConfigProperties = polarisConfigProperties; this.polarisConfigProperties = polarisConfigProperties;
this.polarisCryptoConfigProperties = polarisCryptoConfigProperties;
this.polarisContextProperties = polarisContextProperties; this.polarisContextProperties = polarisContextProperties;
} }
@ -66,6 +73,13 @@ public class ConfigurationModifier implements PolarisConfigModifier {
else { else {
throw new RuntimeException("Unsupported config data source"); throw new RuntimeException("Unsupported config data source");
} }
ConfigFilterConfigImpl configFilterConfig = configuration.getConfigFile().getConfigFilterConfig();
configFilterConfig.setEnable(polarisCryptoConfigProperties.isEnabled());
if (polarisCryptoConfigProperties.isEnabled()) {
configFilterConfig.getChain().add("crypto");
configFilterConfig.getPlugin().put("crypto", Collections.singletonMap("type", "AES"));
}
} }
private void initByLocalDataSource(ConfigurationImpl configuration) { private void initByLocalDataSource(ConfigurationImpl configuration) {

@ -23,6 +23,7 @@ import com.tencent.cloud.polaris.config.adapter.PolarisConfigFileLocator;
import com.tencent.cloud.polaris.config.adapter.PolarisPropertySourceManager; import com.tencent.cloud.polaris.config.adapter.PolarisPropertySourceManager;
import com.tencent.cloud.polaris.config.condition.ConditionalOnReflectRefreshType; import com.tencent.cloud.polaris.config.condition.ConditionalOnReflectRefreshType;
import com.tencent.cloud.polaris.config.config.PolarisConfigProperties; import com.tencent.cloud.polaris.config.config.PolarisConfigProperties;
import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties;
import com.tencent.cloud.polaris.context.PolarisSDKContextManager; import com.tencent.cloud.polaris.context.PolarisSDKContextManager;
import com.tencent.cloud.polaris.context.config.PolarisContextAutoConfiguration; import com.tencent.cloud.polaris.context.config.PolarisContextAutoConfiguration;
import com.tencent.cloud.polaris.context.config.PolarisContextProperties; import com.tencent.cloud.polaris.context.config.PolarisContextProperties;
@ -53,6 +54,11 @@ public class PolarisConfigBootstrapAutoConfiguration {
return new PolarisConfigProperties(); return new PolarisConfigProperties();
} }
@Bean
public PolarisCryptoConfigProperties polarisCryptoConfigProperties() {
return new PolarisCryptoConfigProperties();
}
@Bean @Bean
@ConditionalOnMissingBean @ConditionalOnMissingBean
public PolarisPropertySourceManager polarisPropertySourceManager() { public PolarisPropertySourceManager polarisPropertySourceManager() {
@ -81,8 +87,9 @@ public class PolarisConfigBootstrapAutoConfiguration {
@Bean @Bean
@ConditionalOnConnectRemoteServerEnabled @ConditionalOnConnectRemoteServerEnabled
public ConfigurationModifier configurationModifier(PolarisConfigProperties polarisConfigProperties, public ConfigurationModifier configurationModifier(PolarisConfigProperties polarisConfigProperties,
PolarisCryptoConfigProperties polarisCryptoConfigProperties,
PolarisContextProperties polarisContextProperties) { PolarisContextProperties polarisContextProperties) {
return new ConfigurationModifier(polarisConfigProperties, polarisContextProperties); return new ConfigurationModifier(polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties);
} }
@Bean @Bean

@ -0,0 +1,41 @@
/*
* Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
*
* Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
*
* Licensed under the BSD 3-Clause License (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://opensource.org/licenses/BSD-3-Clause
*
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*
*/
package com.tencent.cloud.polaris.config.config;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* polaris config module bootstrap configs.
*
* @author lepdou 2022-03-10
*/
@ConfigurationProperties("spring.cloud.polaris.config.crypto")
public class PolarisCryptoConfigProperties {
/**
* Whether to open the configuration crypto.
*/
private boolean enabled = true;
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
}

@ -25,6 +25,7 @@ import java.util.Objects;
import com.tencent.cloud.polaris.config.ConfigurationModifier; import com.tencent.cloud.polaris.config.ConfigurationModifier;
import com.tencent.cloud.polaris.config.adapter.PolarisPropertySourceManager; import com.tencent.cloud.polaris.config.adapter.PolarisPropertySourceManager;
import com.tencent.cloud.polaris.config.config.PolarisConfigProperties; import com.tencent.cloud.polaris.config.config.PolarisConfigProperties;
import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties;
import com.tencent.cloud.polaris.context.ModifyAddress; import com.tencent.cloud.polaris.context.ModifyAddress;
import com.tencent.cloud.polaris.context.PolarisConfigModifier; import com.tencent.cloud.polaris.context.PolarisConfigModifier;
import com.tencent.cloud.polaris.context.config.PolarisContextProperties; import com.tencent.cloud.polaris.context.config.PolarisContextProperties;
@ -118,6 +119,15 @@ public class PolarisConfigDataLocationResolver implements
polarisConfigProperties = new PolarisConfigProperties(); polarisConfigProperties = new PolarisConfigProperties();
} }
PolarisCryptoConfigProperties polarisCryptoConfigProperties = loadPolarisConfigProperties(
resolverContext,
PolarisCryptoConfigProperties.class,
POLARIS_PREFIX + ".config.crypto"
);
if (Objects.isNull(polarisCryptoConfigProperties)) {
polarisCryptoConfigProperties = new PolarisCryptoConfigProperties();
}
PolarisContextProperties polarisContextProperties = loadPolarisConfigProperties( PolarisContextProperties polarisContextProperties = loadPolarisConfigProperties(
resolverContext, resolverContext,
PolarisContextProperties.class, PolarisContextProperties.class,
@ -128,11 +138,14 @@ public class PolarisConfigDataLocationResolver implements
} }
// prepare and init earlier Polaris SDKContext to pull config files from remote. // prepare and init earlier Polaris SDKContext to pull config files from remote.
prepareAndInitEarlierPolarisSdkContext(resolverContext, polarisConfigProperties, polarisContextProperties); prepareAndInitEarlierPolarisSdkContext(resolverContext, polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties);
bootstrapContext.registerIfAbsent(PolarisConfigProperties.class, bootstrapContext.registerIfAbsent(PolarisConfigProperties.class,
BootstrapRegistry.InstanceSupplier.of(polarisConfigProperties)); BootstrapRegistry.InstanceSupplier.of(polarisConfigProperties));
bootstrapContext.registerIfAbsent(PolarisCryptoConfigProperties.class,
BootstrapRegistry.InstanceSupplier.of(polarisCryptoConfigProperties));
bootstrapContext.registerIfAbsent(PolarisContextProperties.class, bootstrapContext.registerIfAbsent(PolarisContextProperties.class,
BootstrapRegistry.InstanceSupplier.of(polarisContextProperties)); BootstrapRegistry.InstanceSupplier.of(polarisContextProperties));
@ -152,7 +165,7 @@ public class PolarisConfigDataLocationResolver implements
); );
return loadConfigDataResources(resolverContext, return loadConfigDataResources(resolverContext,
location, profiles, polarisConfigProperties, polarisContextProperties); location, profiles, polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties);
} }
@Override @Override
@ -189,6 +202,7 @@ public class PolarisConfigDataLocationResolver implements
ConfigDataLocation location, ConfigDataLocation location,
Profiles profiles, Profiles profiles,
PolarisConfigProperties polarisConfigProperties, PolarisConfigProperties polarisConfigProperties,
PolarisCryptoConfigProperties polarisCryptoConfigProperties,
PolarisContextProperties polarisContextProperties) { PolarisContextProperties polarisContextProperties) {
List<PolarisConfigDataResource> result = new ArrayList<>(); List<PolarisConfigDataResource> result = new ArrayList<>();
boolean optional = location.isOptional(); boolean optional = location.isOptional();
@ -209,6 +223,7 @@ public class PolarisConfigDataLocationResolver implements
} }
PolarisConfigDataResource polarisConfigDataResource = new PolarisConfigDataResource( PolarisConfigDataResource polarisConfigDataResource = new PolarisConfigDataResource(
polarisConfigProperties, polarisConfigProperties,
polarisCryptoConfigProperties,
polarisContextProperties, polarisContextProperties,
profiles, optional, profiles, optional,
fileName, groupName, serviceName fileName, groupName, serviceName
@ -246,12 +261,12 @@ public class PolarisConfigDataLocationResolver implements
} }
private void prepareAndInitEarlierPolarisSdkContext(ConfigDataLocationResolverContext resolverContext, private void prepareAndInitEarlierPolarisSdkContext(ConfigDataLocationResolverContext resolverContext,
PolarisConfigProperties polarisConfigProperties, PolarisConfigProperties polarisConfigProperties, PolarisCryptoConfigProperties polarisCryptoConfigProperties,
PolarisContextProperties polarisContextProperties) { PolarisContextProperties polarisContextProperties) {
ConfigurableBootstrapContext bootstrapContext = resolverContext.getBootstrapContext(); ConfigurableBootstrapContext bootstrapContext = resolverContext.getBootstrapContext();
if (!bootstrapContext.isRegistered(SDKContext.class)) { if (!bootstrapContext.isRegistered(SDKContext.class)) {
SDKContext sdkContext = sdkContext(resolverContext, SDKContext sdkContext = sdkContext(resolverContext,
polarisConfigProperties, polarisContextProperties); polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties);
sdkContext.init(); sdkContext.init();
bootstrapContext.register(SDKContext.class, BootstrapRegistry.InstanceSupplier.of(sdkContext)); bootstrapContext.register(SDKContext.class, BootstrapRegistry.InstanceSupplier.of(sdkContext));
} }
@ -259,9 +274,9 @@ public class PolarisConfigDataLocationResolver implements
} }
private SDKContext sdkContext(ConfigDataLocationResolverContext resolverContext, private SDKContext sdkContext(ConfigDataLocationResolverContext resolverContext,
PolarisConfigProperties polarisConfigProperties, PolarisConfigProperties polarisConfigProperties, PolarisCryptoConfigProperties polarisCryptoConfigProperties,
PolarisContextProperties polarisContextProperties) { PolarisContextProperties polarisContextProperties) {
List<PolarisConfigModifier> modifierList = modifierList(polarisConfigProperties, polarisContextProperties); List<PolarisConfigModifier> modifierList = modifierList(polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties);
return SDKContext.initContextByConfig(polarisContextProperties.configuration(modifierList, () -> { return SDKContext.initContextByConfig(polarisContextProperties.configuration(modifierList, () -> {
return loadPolarisConfigProperties(resolverContext, String.class, "spring.cloud.client.ip-address"); return loadPolarisConfigProperties(resolverContext, String.class, "spring.cloud.client.ip-address");
}, () -> { }, () -> {
@ -270,13 +285,14 @@ public class PolarisConfigDataLocationResolver implements
} }
private List<PolarisConfigModifier> modifierList(PolarisConfigProperties polarisConfigProperties, private List<PolarisConfigModifier> modifierList(PolarisConfigProperties polarisConfigProperties,
PolarisCryptoConfigProperties polarisCryptoConfigProperties,
PolarisContextProperties polarisContextProperties) { PolarisContextProperties polarisContextProperties) {
// add ModifyAddress and ConfigurationModifier to load SDKContext // add ModifyAddress and ConfigurationModifier to load SDKContext
List<PolarisConfigModifier> modifierList = new ArrayList<>(); List<PolarisConfigModifier> modifierList = new ArrayList<>();
ModifyAddress modifyAddress = new ModifyAddress(polarisContextProperties); ModifyAddress modifyAddress = new ModifyAddress(polarisContextProperties);
ConfigurationModifier configurationModifier = new ConfigurationModifier(polarisConfigProperties, ConfigurationModifier configurationModifier = new ConfigurationModifier(polarisConfigProperties,
polarisContextProperties); polarisCryptoConfigProperties, polarisContextProperties);
modifierList.add(modifyAddress); modifierList.add(modifyAddress);
modifierList.add(configurationModifier); modifierList.add(configurationModifier);
return modifierList; return modifierList;

@ -20,6 +20,7 @@ package com.tencent.cloud.polaris.config.configdata;
import java.util.Objects; import java.util.Objects;
import com.tencent.cloud.polaris.config.config.PolarisConfigProperties; import com.tencent.cloud.polaris.config.config.PolarisConfigProperties;
import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties;
import com.tencent.cloud.polaris.context.config.PolarisContextProperties; import com.tencent.cloud.polaris.context.config.PolarisContextProperties;
import org.springframework.boot.context.config.ConfigData; import org.springframework.boot.context.config.ConfigData;
@ -35,6 +36,8 @@ public class PolarisConfigDataResource extends ConfigDataResource {
private final PolarisConfigProperties polarisConfigProperties; private final PolarisConfigProperties polarisConfigProperties;
private final PolarisCryptoConfigProperties polarisCryptoConfigProperties;
private final PolarisContextProperties polarisContextProperties; private final PolarisContextProperties polarisContextProperties;
private final Profiles profiles; private final Profiles profiles;
@ -48,10 +51,12 @@ public class PolarisConfigDataResource extends ConfigDataResource {
private final String serviceName; private final String serviceName;
public PolarisConfigDataResource(PolarisConfigProperties polarisConfigProperties, public PolarisConfigDataResource(PolarisConfigProperties polarisConfigProperties,
PolarisCryptoConfigProperties polarisCryptoConfigProperties,
PolarisContextProperties polarisContextProperties, PolarisContextProperties polarisContextProperties,
Profiles profiles, boolean optional, Profiles profiles, boolean optional,
String fileName, String groupName, String serviceName) { String fileName, String groupName, String serviceName) {
this.polarisConfigProperties = polarisConfigProperties; this.polarisConfigProperties = polarisConfigProperties;
this.polarisCryptoConfigProperties = polarisCryptoConfigProperties;
this.polarisContextProperties = polarisContextProperties; this.polarisContextProperties = polarisContextProperties;
this.profiles = profiles; this.profiles = profiles;
this.optional = optional; this.optional = optional;
@ -64,6 +69,10 @@ public class PolarisConfigDataResource extends ConfigDataResource {
return polarisConfigProperties; return polarisConfigProperties;
} }
public PolarisCryptoConfigProperties getPolarisCryptoConfigProperties() {
return polarisCryptoConfigProperties;
}
public PolarisContextProperties getPolarisContextProperties() { public PolarisContextProperties getPolarisContextProperties() {
return polarisContextProperties; return polarisContextProperties;
} }
@ -99,6 +108,7 @@ public class PolarisConfigDataResource extends ConfigDataResource {
PolarisConfigDataResource that = (PolarisConfigDataResource) o; PolarisConfigDataResource that = (PolarisConfigDataResource) o;
return optional == that.optional && return optional == that.optional &&
polarisConfigProperties.equals(that.polarisConfigProperties) && polarisConfigProperties.equals(that.polarisConfigProperties) &&
polarisCryptoConfigProperties.equals(that.polarisCryptoConfigProperties) &&
polarisContextProperties.equals(that.polarisContextProperties) && polarisContextProperties.equals(that.polarisContextProperties) &&
profiles.equals(that.profiles) && profiles.equals(that.profiles) &&
fileName.equals(that.fileName) && fileName.equals(that.fileName) &&
@ -108,6 +118,7 @@ public class PolarisConfigDataResource extends ConfigDataResource {
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(polarisConfigProperties, polarisContextProperties, profiles, optional, fileName, groupName, serviceName); return Objects.hash(polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties, profiles,
optional, fileName, groupName, serviceName);
} }
} }

@ -77,6 +77,13 @@
"type": "java.lang.String", "type": "java.lang.String",
"defaultValue": "./polaris/backup/config", "defaultValue": "./polaris/backup/config",
"description": "Where to load config file, polaris or local." "description": "Where to load config file, polaris or local."
},
{
"name": "spring.cloud.polaris.config.crypto.enabled",
"type": "java.lang.Boolean",
"defaultValue": "true",
"description": "Whether to open the configuration crypto.",
"sourceType": "com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties"
} }
] ]
} }

Loading…
Cancel
Save