Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add API for PropertySource resource location retrieval #24504

Closed
spencergibb opened this issue Dec 14, 2020 · 4 comments
Closed

Add API for PropertySource resource location retrieval #24504

spencergibb opened this issue Dec 14, 2020 · 4 comments
Labels
type: enhancement A general enhancement
Milestone
2.4.2

Comments

@spencergibb
Copy link
Member

Spring Cloud Config Server verifies that any property sources it loads are from configured locations for security. To do that has used the property source name to get this information.

In boot 2.3.x we got classpath:/configs/application.yaml from applicationConfig: [classpath:/configs/application.yaml].

In boot 2.4.0 we updated the parsing logic in spring-cloud/spring-cloud-config@854060b

#24428 changed the property source names and hence broke config server. It has been updated again as seen in the issue below, but this is a brittle approach. We likely didn't say anything in the 2.3.x or prior timeline because it didn't change.

I've added support for checking the location by parsing classpath:/configs/ from Config resource 'class path resource [configs/application.yml]' via location 'classpath:/configs/' (document #0) which works for both 2.4.0 and 2.4.1.

spring-cloud/spring-cloud-config#1771

/cc @philwebb
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 14, 2020
@philwebb
Copy link
Member

This one is a bit tricky. If I've read the code correctly, you ideally want a way to get the ConfigDataLocation from a PropertySource? We unfortunately have an additional PropertySourceLoader abstraction to deal with.

The only ideas I've had so far are to either try to create some kind of registry that links a PropertySource to the ConfigDataLocation that created it, or, to somehow use OrginLookup. Another idea is to perhaps change ConfigDataEnvironmentPostProcessor.applyTo so that it accepts some kind of callback that could be used to track things on your side.

I definitely needs more thought.

@philwebb philwebb added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 16, 2020
@philwebb philwebb added this to the 2.4.2 milestone Dec 16, 2020
@philwebb philwebb changed the title API for PropertySource resource location Add API for PropertySource resource location retrieval Dec 16, 2020
@philwebb philwebb mentioned this issue Dec 16, 2020
Closed
@philwebb
Copy link
Member

@spencergibb I've pushed something to 2.4.x, can you take a look and see if you think it will work.

I hope you can update NativeEnvironmentRepository.findOne to setup tracking. Something like:

TrackingConfigDataEnvironmentUpdateListener listener = new TrackingConfigDataEnvironmentUpdateListener()
ConfigurableEnvironment environment = getEnvironment(config, profile, label, listener);
...
ConfigDataEnvironmentPostProcessor.applyTo(environment, resourceLoader, null,
    StringUtils.commaDelimitedListToStringArray(profile), listener);

The TrackingConfigDataEnvironmentUpdateListener can implement onPropertySourceAdded a stash the propertySource and location in a Map.

You can then hopefully update the clean(...) method to use that Map to get back the location for any given propertySource.

Let me know if that doesn't work and we can have another go.

@spencergibb
Copy link
Member Author

I'll take a look in an hour or so.

@philwebb philwebb reopened this Dec 16, 2020
@philwebb
Copy link
Member

philwebb commented Dec 16, 2020
edited

Reopening to make StandardConfigDataResource.getResource() public

philwebb added a commit that referenced this issue Dec 17, 2020
@philwebb
Make StandardConfigDataResource.getResource public
5ca01ce 
Update `StandardConfigDataResource`  to make the `getResource()` method
public so that it can be used by Spring Cloud.

Closes gh-24504
@kboczek kboczek mentioned this issue Apr 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
2.4.2
Development

No branches or pull requests
3 participants
@philwebb @spencergibb @spring-projects-issues