From a47b43e2c62bec1afe94cff6e4ac6f45d6d9c906 Mon Sep 17 00:00:00 2001 From: Roberto Cortez Date: Thu, 16 Apr 2020 11:04:17 +0100 Subject: [PATCH] Fixes #269. Add LoggingInterceptor so we can see how to implement it without exposing secret keys. --- .../ConfigSourceInterceptorContext.java | 2 + .../LoggingConfigSourceInterceptor.java | 26 ++++++++++++ .../io/smallrye/config/SmallRyeConfig.java | 7 ++-- ...mallRyeConfigSourceInterceptorContext.java | 10 ++++- .../ConfigSourceLoggingInterceptorTest.java | 41 ------------------- .../LoggingConfigSourceInterceptorTest.java | 33 +++++++++++++++ .../config/inject/ConfigInjectionTest.java | 12 +++++- .../ConfigInjectionTestConfigFactory.java | 2 +- .../test/resources/config-values.properties | 2 +- 9 files changed, 86 insertions(+), 49 deletions(-) create mode 100644 implementation/src/main/java/io/smallrye/config/LoggingConfigSourceInterceptor.java delete mode 100644 implementation/src/test/java/io/smallrye/config/ConfigSourceLoggingInterceptorTest.java create mode 100644 implementation/src/test/java/io/smallrye/config/LoggingConfigSourceInterceptorTest.java diff --git a/implementation/src/main/java/io/smallrye/config/ConfigSourceInterceptorContext.java b/implementation/src/main/java/io/smallrye/config/ConfigSourceInterceptorContext.java index 1cf6208f0..6eff31ab2 100644 --- a/implementation/src/main/java/io/smallrye/config/ConfigSourceInterceptorContext.java +++ b/implementation/src/main/java/io/smallrye/config/ConfigSourceInterceptorContext.java @@ -14,4 +14,6 @@ public interface ConfigSourceInterceptorContext extends Serializable { * @return a {@link ConfigValue} with information about the key, lookup value and source ConfigSource. */ ConfigValue proceed(String name); + + SecretKeys getSecretKeys(); } diff --git a/implementation/src/main/java/io/smallrye/config/LoggingConfigSourceInterceptor.java b/implementation/src/main/java/io/smallrye/config/LoggingConfigSourceInterceptor.java new file mode 100644 index 000000000..3add55dde --- /dev/null +++ b/implementation/src/main/java/io/smallrye/config/LoggingConfigSourceInterceptor.java @@ -0,0 +1,26 @@ +package io.smallrye.config; + +import org.jboss.logging.Logger; + +public class LoggingConfigSourceInterceptor implements ConfigSourceInterceptor { + private static final Logger LOG = Logger.getLogger("io.smallrye.config"); + + @Override + public ConfigValue getValue(final ConfigSourceInterceptorContext context, final String name) { + final ConfigValue configValue = context.proceed(name); + if (context.getSecretKeys().isSecret(name)) { + return configValue; + } + + if (configValue != null) { + final String value = configValue.getValue(); + final String configLocation = configValue.getConfigSourceName() + ":" + configValue.getLineNumber(); + + LOG.infov("The config {0} was loaded from {1} with the value {2}", name, configLocation, value); + } else { + LOG.infov("The config {0} was not found", name); + } + + return configValue; + } +} diff --git a/implementation/src/main/java/io/smallrye/config/SmallRyeConfig.java b/implementation/src/main/java/io/smallrye/config/SmallRyeConfig.java index 25e505a74..1018f0f5e 100644 --- a/implementation/src/main/java/io/smallrye/config/SmallRyeConfig.java +++ b/implementation/src/main/java/io/smallrye/config/SmallRyeConfig.java @@ -168,7 +168,7 @@ private ConfigSourceInterceptorContext buildInterceptorChain(final SmallRyeConfi } } return null; - }, null); + }, null, secretKeys); // Security interceptor to prevent access to secret keys current = new SmallRyeConfigSourceInterceptorContext((ConfigSourceInterceptor) (context, name) -> { @@ -176,10 +176,11 @@ private ConfigSourceInterceptorContext buildInterceptorChain(final SmallRyeConfi throw new SecurityException("Not allowed to access secret key " + name); } return context.proceed(name); - }, current); + }, current, secretKeys); for (int i = interceptors.size() - 1; i >= 0; i--) { - current = new SmallRyeConfigSourceInterceptorContext(interceptors.get(i).getInterceptor(current), current); + current = new SmallRyeConfigSourceInterceptorContext( + interceptors.get(i).getInterceptor(current), current, secretKeys); } return current; diff --git a/implementation/src/main/java/io/smallrye/config/SmallRyeConfigSourceInterceptorContext.java b/implementation/src/main/java/io/smallrye/config/SmallRyeConfigSourceInterceptorContext.java index 846e41382..8009e1850 100644 --- a/implementation/src/main/java/io/smallrye/config/SmallRyeConfigSourceInterceptorContext.java +++ b/implementation/src/main/java/io/smallrye/config/SmallRyeConfigSourceInterceptorContext.java @@ -3,16 +3,24 @@ class SmallRyeConfigSourceInterceptorContext implements ConfigSourceInterceptorContext { private ConfigSourceInterceptor interceptor; private SmallRyeConfigSourceInterceptorContext next; + private SecretKeys secretKeys; SmallRyeConfigSourceInterceptorContext( final ConfigSourceInterceptor interceptor, - final SmallRyeConfigSourceInterceptorContext next) { + final SmallRyeConfigSourceInterceptorContext next, + final SecretKeys secretKeys) { this.interceptor = interceptor; this.next = next; + this.secretKeys = secretKeys; } @Override public ConfigValue proceed(final String name) { return interceptor.getValue(next, name); } + + @Override + public SecretKeys getSecretKeys() { + return secretKeys; + } } diff --git a/implementation/src/test/java/io/smallrye/config/ConfigSourceLoggingInterceptorTest.java b/implementation/src/test/java/io/smallrye/config/ConfigSourceLoggingInterceptorTest.java deleted file mode 100644 index 657cbe770..000000000 --- a/implementation/src/test/java/io/smallrye/config/ConfigSourceLoggingInterceptorTest.java +++ /dev/null @@ -1,41 +0,0 @@ -package io.smallrye.config; - -import org.eclipse.microprofile.config.Config; -import org.jboss.logging.Logger; -import org.junit.Assert; -import org.junit.Test; - -public class ConfigSourceLoggingInterceptorTest { - @Test - public void interceptor() { - SmallRyeConfig config = (SmallRyeConfig) buildConfig("my.prop", "1234"); - - final String value = config.getValue("my.prop", String.class); - Assert.assertEquals("1234", value); - } - - private static Config buildConfig(String... keyValues) { - return new SmallRyeConfigBuilder() - .addDefaultSources() - .withSources(KeyValuesConfigSource.config(keyValues)) - .withInterceptors(new LoggingConfigSourceInterceptor()) - .build(); - } - - private static class LoggingConfigSourceInterceptor implements ConfigSourceInterceptor { - private static final Logger LOG = Logger.getLogger("io.smallrye.config"); - - @Override - public ConfigValue getValue(final ConfigSourceInterceptorContext context, final String name) { - final ConfigValue configValue = context.proceed(name); - - final String key = configValue.getName(); - final String value = configValue.getValue(); - final String configSource = configValue.getConfigSourceName(); - - LOG.infov("The key {0} was loaded from {1} with the value {2}", key, configSource, value); - - return configValue; - } - } -} diff --git a/implementation/src/test/java/io/smallrye/config/LoggingConfigSourceInterceptorTest.java b/implementation/src/test/java/io/smallrye/config/LoggingConfigSourceInterceptorTest.java new file mode 100644 index 000000000..36567574f --- /dev/null +++ b/implementation/src/test/java/io/smallrye/config/LoggingConfigSourceInterceptorTest.java @@ -0,0 +1,33 @@ +package io.smallrye.config; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThrows; + +import java.util.NoSuchElementException; + +import org.eclipse.microprofile.config.Config; +import org.junit.Test; + +public class LoggingConfigSourceInterceptorTest { + @Test + public void interceptor() throws Exception { + SmallRyeConfig config = (SmallRyeConfig) buildConfig(); + + assertEquals("abc", config.getValue("my.prop", String.class)); + assertThrows(SecurityException.class, () -> config.getValue("secret", String.class)); + assertThrows(NoSuchElementException.class, () -> config.getValue("not.found", String.class)); + + // This would log the secret: + config.getSecretKeys().accessSecret(() -> config.getRawValue("secret")); + } + + private static Config buildConfig() throws Exception { + return new SmallRyeConfigBuilder() + .addDefaultSources() + .withSources(new ConfigValuePropertiesConfigSource( + LoggingConfigSourceInterceptorTest.class.getResource("/config-values.properties"))) + .withInterceptors(new LoggingConfigSourceInterceptor()) + .withSecretKeys("secret") + .build(); + } +} diff --git a/implementation/src/test/java/io/smallrye/config/inject/ConfigInjectionTest.java b/implementation/src/test/java/io/smallrye/config/inject/ConfigInjectionTest.java index 09a085f67..3072fa23e 100644 --- a/implementation/src/test/java/io/smallrye/config/inject/ConfigInjectionTest.java +++ b/implementation/src/test/java/io/smallrye/config/inject/ConfigInjectionTest.java @@ -50,6 +50,7 @@ public void afterClass() { @Test public void inject() { assertEquals("value", configBean.getConfig()); + assertEquals("value", configBean.getExpansion()); assertEquals("12345678", configBean.getSecret()); } @@ -59,14 +60,21 @@ public static class ConfigBean { @ConfigProperty(name = "config") private String config; @Inject + @ConfigProperty(name = "expansion") + private String expansion; + @Inject @ConfigProperty(name = "secret") private String secret; - public String getConfig() { + String getConfig() { return config; } - public String getSecret() { + String getExpansion() { + return expansion; + } + + String getSecret() { return secret; } } diff --git a/implementation/src/test/java/io/smallrye/config/inject/ConfigInjectionTestConfigFactory.java b/implementation/src/test/java/io/smallrye/config/inject/ConfigInjectionTestConfigFactory.java index b89f01d3e..bb0d9df4b 100644 --- a/implementation/src/test/java/io/smallrye/config/inject/ConfigInjectionTestConfigFactory.java +++ b/implementation/src/test/java/io/smallrye/config/inject/ConfigInjectionTestConfigFactory.java @@ -12,7 +12,7 @@ public SmallRyeConfig getConfigFor( return configProviderResolver.getBuilder().forClassLoader(classLoader) .addDefaultSources() .addDefaultInterceptors() - .withSources(KeyValuesConfigSource.config("config", "value", "secret", "12345678")) + .withSources(KeyValuesConfigSource.config("config", "value", "expansion", "${config}", "secret", "12345678")) .withSecretKeys("secret") .build(); } diff --git a/implementation/src/test/resources/config-values.properties b/implementation/src/test/resources/config-values.properties index f22753f97..8e3c16c07 100644 --- a/implementation/src/test/resources/config-values.properties +++ b/implementation/src/test/resources/config-values.properties @@ -7,7 +7,7 @@ my.prop=abc - +secret=secret