Merge pull request #11 from AO-StreetArt/enableConsulConfiguration

Add Vault Configuration, get Mongo Authentication info from Vault

Dockerfile

@@ -9,5 +9,8 @@ FROM openjdk:8-jdk-alpine
 MAINTAINER Alex Barry
 VOLUME /tmp
 ADD build/libs/avc-0.0.1.jar app.jar
+ADD src/resources/vault.properties vault.properties
+ADD src/resources/log4j2.yaml log4j2.yaml
+ADD src/resources/application.properties application.properties
 ENV JAVA_OPTS=""
 ENTRYPOINT exec java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar /app.jar

build.gradle

@@ -59,7 +59,8 @@ dependencies {
 	compile('com.fasterxml.jackson.dataformat:jackson-dataformat-yaml')
 	compile('com.fasterxml.jackson.core:jackson-annotations')
   compile('org.springframework.retry:spring-retry')
-  compile group: 'org.springframework.boot', name: 'spring-boot-starter-aop', version: '2.0.5.RELEASE'
+  compile('org.springframework.boot:spring-boot-starter-aop:2.0.5.RELEASE')
+  compile('org.springframework.vault:spring-vault-core:2.1.0.RELEASE')
 	runtime('org.springframework.boot:spring-boot-devtools')
   errorprone 'com.google.errorprone:error_prone_core:2.2.0'
 	compileOnly('org.projectlombok:lombok')

src/main/java/com/ao/avc/AvcApplication.java

@@ -1,47 +1,109 @@
 package com.ao.avc;
 
+import com.ao.avc.auth.BasicCredentials;
+
 import com.mongodb.Mongo;
 import com.mongodb.MongoClient;
+import com.mongodb.MongoCredential;
+import com.mongodb.ServerAddress;
 import com.mongodb.client.MongoDatabase;
 import com.mongodb.client.gridfs.GridFSBucket;
 import com.mongodb.client.gridfs.GridFSBuckets;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.solr.SolrAutoConfiguration;
 import org.springframework.cloud.client.discovery.DiscoveryClient;
+import org.springframework.context.annotation.Import;
+import org.springframework.context.annotation.PropertySource;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.mongodb.config.AbstractMongoConfiguration;
 import org.springframework.data.mongodb.gridfs.GridFsTemplate;
 import org.springframework.retry.annotation.EnableRetry;
+import org.springframework.vault.config.EnvironmentVaultConfiguration;
+import org.springframework.vault.core.VaultOperations;
+import org.springframework.vault.support.VaultResponseSupport;
 
 @EnableDiscoveryClient
 @Configuration
 @EnableRetry
 @EnableAutoConfiguration
+@Import(EnvironmentVaultConfiguration.class)
 @SpringBootApplication(exclude = {SolrAutoConfiguration.class})
 public class AvcApplication extends AbstractMongoConfiguration {
 
   // Hostname of Mongo Connection
-  @Value("${server.mongo.host}")
-  private String mongoHost;
+  @Value("${server.mongo.hosts:localhost}")
+  private String mongoHosts;
 
-  // Hostname of Mongo Port
-  @Value("${server.mongo.port}")
+  // Port of Mongo Connection
+  @Value("${server.mongo.port:27017}")
   private int mongoPort;
 
+  // Is Authentication Active in the Mongo Connection
+  @Value("${server.mongo.auth.active:false}")
+  private boolean mongoAuthActive;
+
+  // Is Vault Authentication Loading Active
+  // If true, we'll load Mongo Auth info from Vault prior to connecting
+  @Value("${server.mongo.auth.vault.active:false}")
+  private boolean mongoVaultAuthActive;
+
+  // Username of the Mongo Connection
+  @Value("${server.mongo.auth.username:mongo}")
+  private String mongoUsername;
+
+  // Password of the Mongo Connection
+  @Value("${server.mongo.auth.password:mongo}")
+  private String mongoPassword;
+
+  @Autowired
+  private VaultOperations operations;
+
   @Bean
   public GridFsTemplate gridFsTemplate() throws Exception {
     return new GridFsTemplate(mongoDbFactory(), mappingMongoConverter());
   }
 
   @Override
   public MongoClient mongoClient() {
-    return new MongoClient(mongoHost, mongoPort);
+    // Setup the list of Mongo Addresses
+    List<ServerAddress> mongoAdressList = new ArrayList<ServerAddress>();
+    String[] addressArray = mongoHosts.split(",");
+    for (String address : addressArray) {
+      mongoAdressList.add(new ServerAddress(address, mongoPort));
+    }
+
+    // Pull authentication information
+    if (mongoAuthActive) {
+      BasicCredentials mongoCreds;
+      if (mongoVaultAuthActive) {
+        VaultResponseSupport<BasicCredentials> response =
+            operations.read("AVC_MONGO_CREDENTIALS", BasicCredentials.class);
+        mongoCreds = response.getData();
+      } else {
+        mongoCreds = new BasicCredentials();
+        mongoCreds.setUsername(mongoUsername);
+        mongoCreds.setPassword(mongoPassword);
+      }
+
+      List<MongoCredential> mongoCredsList = new ArrayList<MongoCredential>();
+      mongoCredsList.add(MongoCredential.createCredential(mongoCreds.getUsername(), "_avc", mongoCreds.getPassword().toCharArray()));
+
+      // Return a DB Client with Authentication
+      return new MongoClient(mongoAdressList, mongoCredsList);
+    }
+
+    // Return a DB Client without Authentication
+    return new MongoClient(mongoAdressList);
   }
 
   @Override

src/main/java/com/ao/avc/auth/BasicCredentials.java

@@ -0,0 +1,30 @@
+/*
+Apache2 License Notice
+Copyright 2017 Alex Barry
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package com.ao.avc.auth;
+
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+public class BasicCredentials {
+
+  private String username;
+  private String password;
+
+}

src/main/java/com/ao/avc/controller/AssetController.java

@@ -54,6 +54,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
+import org.springframework.vault.core.VaultOperations;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;

src/main/resources/application.properties

@@ -1,6 +1,3 @@
-# Mongo information
-server.mongo.host: localhost
-server.mongo.port: 27017
 # Port for HTTP API
 server.port: 5635
 # Port for management exposures
@@ -11,23 +8,57 @@ management.address: 127.0.0.1
 spring.application.name=Avc
 # Spring Profile
 spring.profiles.active=dev
+# Asset File Upload Limits
+spring.http.multipart.max-file-size=128MB
+spring.http.multipart.max-request-size=128MB
+# Logging
+logging.level.org.springframework=INFO
+logging.level.org.apache.http=INFO
+logging.level.org.mongodb=INFO
+logging.level.org.hibernate=INFO
+
+# Mongo information
+
+# Comma Separated List of hosts
+server.mongo.hosts: localhost
+
+# Port to connect on
+server.mongo.port: 27017
+
+# Authentication Settings
+server.mongo.auth.active: false
+server.mongo.auth.vault.active: false
+server.mongo.auth.username: mongo
+server.mongo.auth.password: mongo
+
 # Consul Setup
+
+# Connection
 spring.cloud.consul.host=localhost
 spring.cloud.consul.port=8500
+
+# Discovery
 spring.cloud.consul.discovery.enabled=true
 spring.cloud.consul.discovery.register=true
 spring.cloud.consul.discovery.preferIpAddress=false
 spring.cloud.consul.discovery.healthCheckPath=${management.context-path}/health
 spring.cloud.consul.discovery.healthCheckInterval=15s
+
+# Configuration
+# spring.cloud.consul.config.acl-token=true
 spring.cloud.consul.config.enabled=true
 spring.cloud.consul.config.prefix=configuration
 spring.cloud.consul.config.defaultContext=apps
 spring.cloud.consul.config.profileSeparator='::'
-# Asset File Upload Limits
-spring.http.multipart.max-file-size=128MB
-spring.http.multipart.max-request-size=128MB
-# Logging
-logging.level.org.springframework=INFO
-logging.level.org.apache.http=INFO
-logging.level.org.mongodb=INFO
-logging.level.org.hibernate=INFO
+
+# Vault Setup
+
+vault.uri=https://localhost:8200
+vault.token=00000000-0000-0000-0000-000000000000
+# vault.app-role.role-id=
+# vault.app-role.secret-id=
+# vault.ssl.key-store=
+# vault.ssl.key-store-password=
+# vault.ssl.trust-store=
+# vault.ssl.trust-store-password=
+# vault.authentication=TOKEN

src/main/resources/vault.properties

@@ -0,0 +1,9 @@
+vault.uri=https://localhost:8200
+vault.token=00000000-0000-0000-0000-000000000000
+# vault.app-role.role-id=
+# vault.app-role.secret-id=
+# vault.ssl.key-store=
+# vault.ssl.key-store-password=
+# vault.ssl.trust-store=
+# vault.ssl.trust-store-password=
+# vault.authentication=TOKEN