Skip to content

Commit 90601bb

Browse files
johnychojohnycho
committed
Ensure property-defined Vault token is used when auth is TOKEN
Signed-off-by: johnycho <[email protected]>
1 parent 21ba671 commit 90601bb

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/environment/vault/SpringVaultTemplateBuilder.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,11 @@ public VaultTemplate build(VaultEnvironmentProperties vaultProperties) {
5858
}
5959

6060
private boolean isStaticToken(VaultEnvironmentProperties vaultProperties) {
61-
return vaultProperties.getAuthentication() == null && StringUtils.hasText(vaultProperties.getToken());
61+
boolean hasToken = StringUtils.hasText(vaultProperties.getToken());
62+
boolean isDefaultAuth = vaultProperties.getAuthentication() == null;
63+
boolean isTokenAuth = vaultProperties.getAuthentication() == VaultEnvironmentProperties.AuthenticationMethod.TOKEN;
64+
65+
return hasToken && (isDefaultAuth || isTokenAuth);
6266
}
6367

6468
}

spring-cloud-config-server/src/test/java/org/springframework/cloud/config/server/environment/vault/SpringVaultTemplateBuilderTest.java

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
import org.springframework.cloud.config.server.environment.ConfigTokenProvider;
2929
import org.springframework.cloud.config.server.environment.VaultEnvironmentProperties;
3030
import org.springframework.cloud.config.server.environment.vault.authentication.AppRoleClientAuthenticationProvider;
31+
import org.springframework.context.ApplicationContext;
3132
import org.springframework.context.support.StaticApplicationContext;
3233
import org.springframework.http.client.SimpleClientHttpRequestFactory;
3334
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
@@ -43,6 +44,9 @@
4344
import static com.github.tomakehurst.wiremock.client.WireMock.postRequestedFor;
4445
import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
4546
import static com.github.tomakehurst.wiremock.client.WireMock.verify;
47+
import static org.junit.jupiter.api.Assertions.assertThrows;
48+
import static org.mockito.Mockito.mock;
49+
import static org.mockito.Mockito.verifyNoInteractions;
4650

4751
/**
4852
* @author Kaveh Shamsi
@@ -124,6 +128,25 @@ void shouldUseAppRoleToken() {
124128
""")));
125129
}
126130

131+
@Test
132+
void buildShouldUseStaticTokenWhenAuthenticationIsToken() {
133+
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
134+
properties.setToken("my-static-token");
135+
properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.TOKEN);
136+
137+
ConfigTokenProvider defaultTokenProvider = mock(ConfigTokenProvider.class);
138+
ApplicationContext mockContext = mock(ApplicationContext.class);
139+
140+
SpringVaultTemplateBuilder builder = new SpringVaultTemplateBuilder(
141+
defaultTokenProvider,
142+
Collections.emptyList(),
143+
mockContext
144+
);
145+
146+
assertThrows(Exception.class, () -> builder.build(properties));
147+
verifyNoInteractions(defaultTokenProvider);
148+
}
149+
127150
private static StaticApplicationContext givenApplicationContext(ConfigTokenProvider defaultTokenProvider) {
128151
var context = new StaticApplicationContext();
129152
context.getBeanFactory()

0 commit comments

Comments
 (0)