diff --git a/pom.xml b/pom.xml
index e0fccb4..1b5ec05 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,8 +4,8 @@
io.scalecube
- scalecube-parent-pom
- 0.2.19
+ scalecube-parent
+ 0.2.20
scalecube-security-parent
@@ -39,22 +39,22 @@
- 0.4.16
- 1.0.18
+ 0.4.18
+ 1.0.21
0.11.2
- 2020.0.10
- 2.11.0
- 1.7.30
- 1.26
+ 2020.0.23
+ 2.13.3
+ 1.7.36
- 3.1.0
+ 4.6.1
+ 5.8.2
1.3
- 5.4.2
- 5.0.0
- 1.15.1
-
- 5.5.0
+ 5.1.0
+ 1.17.4
+
+ https://maven.pkg.github.com/scalecube/scalecube-security
+
@@ -85,12 +85,6 @@
slf4j-api
${slf4j.version}
-
-
- org.yaml
- snakeyaml
- ${snakeyaml.version}
-
io.jsonwebtoken
@@ -115,18 +109,22 @@
pom
import
-
+
+
+ org.testcontainers
+ vault
+ ${testcontainers.version}
+
- net.java.dev.jna
- jna
- ${jna.version}
- test
+ com.bettercloud
+ vault-java-driver
+ ${vault-java-driver.version}
-
+
org.junit.jupiter
junit-jupiter-engine
@@ -140,23 +138,17 @@
test
- org.hamcrest
- hamcrest-all
- ${hamcrest.version}
+ org.mockito
+ mockito-junit-jupiter
+ ${mockito-junit-jupiter.version}
test
org.hamcrest
- hamcrest-core
+ hamcrest-all
${hamcrest.version}
test
-
- org.mockito
- mockito-junit-jupiter
- ${mockito.version}
- test
-
io.projectreactor
reactor-test
@@ -164,44 +156,4 @@
-
-
- deploy2Github
-
-
- github
- GitHub Packages
- https://maven.pkg.github.com/scalecube/scalecube-security
-
-
-
-
- deploy2Maven
-
-
- ossrh
- Central Repository OSSRH
- https://oss.sonatype.org/service/local/staging/deploy/maven2/
-
-
-
-
-
- org.sonatype.plugins
- nexus-staging-maven-plugin
-
-
- maven-source-plugin
-
-
- maven-javadoc-plugin
-
-
- maven-gpg-plugin
-
-
-
-
-
-
diff --git a/tokens/pom.xml b/tokens/pom.xml
index 5349c9a..696cfb9 100644
--- a/tokens/pom.xml
+++ b/tokens/pom.xml
@@ -35,13 +35,11 @@
org.testcontainers
vault
- ${testcontainers.version}
test
com.bettercloud
vault-java-driver
- ${vault-java-driver.version}
test
diff --git a/tokens/src/main/java/io/scalecube/security/tokens/jwt/JwksKeyProvider.java b/tokens/src/main/java/io/scalecube/security/tokens/jwt/JwksKeyProvider.java
index 6712a6f..af4ab56 100644
--- a/tokens/src/main/java/io/scalecube/security/tokens/jwt/JwksKeyProvider.java
+++ b/tokens/src/main/java/io/scalecube/security/tokens/jwt/JwksKeyProvider.java
@@ -84,7 +84,6 @@ public JwksKeyProvider readTimeout(Duration readTimeout) {
public Mono findKey(String kid) {
return computeKey(kid)
.switchIfEmpty(Mono.error(new KeyNotFoundException("Key was not found, kid: " + kid)))
- .doOnSubscribe(s -> LOGGER.debug("[findKey] Looking up key in jwks, kid: {}", kid))
.subscribeOn(Schedulers.boundedElastic())
.publishOn(Schedulers.boundedElastic());
}
diff --git a/vault/pom.xml b/vault/pom.xml
index 42af803..6afa9f7 100644
--- a/vault/pom.xml
+++ b/vault/pom.xml
@@ -28,8 +28,8 @@
slf4j-api
- org.yaml
- snakeyaml
+ com.fasterxml.jackson.dataformat
+ jackson-dataformat-yaml
diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java
index 97afa78..1e40dcb 100644
--- a/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java
+++ b/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java
@@ -87,7 +87,6 @@ public VaultClientTokenSupplier vaultRole(String vaultRole) {
public Mono getToken() {
return Mono.fromRunnable(this::validate)
.then(Mono.fromCallable(this::getToken0))
- .doOnSubscribe(s -> LOGGER.debug("[getToken] Getting vault client token"))
.doOnSuccess(s -> LOGGER.debug("[getToken][success] result: {}", mask(s)))
.doOnError(th -> LOGGER.error("[getToken][error] cause: {}", th.toString()));
}
diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java
index da8a0d6..2b1575a 100644
--- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java
+++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java
@@ -3,10 +3,14 @@
import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.rest.Rest;
import com.bettercloud.vault.rest.RestException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import io.scalecube.security.vault.VaultServiceRolesInstaller.ServiceRoles.Role;
import java.io.File;
import java.io.FileInputStream;
+import java.io.IOException;
import java.io.InputStream;
+import java.io.StringReader;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
@@ -17,8 +21,6 @@
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.yaml.snakeyaml.Yaml;
-import org.yaml.snakeyaml.constructor.Constructor;
import reactor.core.Exceptions;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
@@ -32,6 +34,8 @@ public final class VaultServiceRolesInstaller {
private static final List> DEFAULT_SERVICE_ROLES_SOURCES =
Collections.singletonList(new ResourcesServiceRolesSupplier());
+ private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(new YAMLFactory());
+
private String vaultAddress;
private Mono vaultTokenSupplier;
private Supplier keyNameSupplier;
@@ -189,23 +193,18 @@ public VaultServiceRolesInstaller roleTtl(String roleTtl) {
public Mono install() {
return Mono.defer(this::install0)
.subscribeOn(Schedulers.boundedElastic())
- .doOnSubscribe(s -> LOGGER.debug("[install] Installing vault service roles"))
- .doOnSuccess(s -> LOGGER.debug("[install][success] Installed vault service roles"))
- .doOnError(
- th ->
- LOGGER.error(
- "[install][error] Failed to install vault service roles, cause: {}",
- th.toString()))
- .then();
+ .doOnError(th -> LOGGER.error("Failed to install serviceRoles, cause: {}", th.toString()));
}
private Mono install0() {
if (isNullOrNoneOrEmpty(vaultAddress)) {
+ LOGGER.debug("Skipping serviceRoles installation, vaultAddress not set");
return Mono.empty();
}
final ServiceRoles serviceRoles = loadServiceRoles();
if (serviceRoles == null || serviceRoles.roles.isEmpty()) {
+ LOGGER.debug("Skipping serviceRoles installation, serviceRoles not set");
return Mono.empty();
}
@@ -214,7 +213,7 @@ private Mono install0() {
token -> {
final Rest rest = new Rest().header(VAULT_TOKEN_HEADER, token);
- String keyName = keyNameSupplier.get();
+ final String keyName = keyNameSupplier.get();
createVaultIdentityKey(rest.url(buildVaultIdentityKeyUri(keyName)), keyName);
for (Role role : serviceRoles.roles) {
@@ -226,6 +225,7 @@ private Mono install0() {
role.permissions);
}
})
+ .doOnSuccess(s -> LOGGER.debug("Installed serviceRoles ({})", serviceRoles))
.then();
}
@@ -242,7 +242,7 @@ private ServiceRoles loadServiceRoles() {
}
} catch (Throwable th) {
LOGGER.warn(
- "Fail to load ServiceRoles from {}, cause {}", serviceRolesSource, th.getMessage());
+ "Failed to load serviceRoles from {}, cause {}", serviceRolesSource, th.getMessage());
}
}
@@ -333,6 +333,13 @@ public void setRoles(List roles) {
this.roles = roles;
}
+ @Override
+ public String toString() {
+ return new StringJoiner(", ", ServiceRoles.class.getSimpleName() + "[", "]")
+ .add("roles=" + roles)
+ .toString();
+ }
+
public static class Role {
private String role;
@@ -353,6 +360,14 @@ public List getPermissions() {
public void setPermissions(List permissions) {
this.permissions = permissions;
}
+
+ @Override
+ public String toString() {
+ return new StringJoiner(", ", Role.class.getSimpleName() + "[", "]")
+ .add("role='" + role + "'")
+ .add("permissions=" + permissions)
+ .toString();
+ }
}
}
@@ -372,11 +387,15 @@ public ResourcesServiceRolesSupplier(String fileName) {
@Override
public ServiceRoles get() {
- ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
- InputStream inputStream = classLoader.getResourceAsStream(fileName);
- return inputStream != null
- ? new Yaml(new Constructor(ServiceRoles.class)).load(inputStream)
- : null;
+ try {
+ ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
+ InputStream inputStream = classLoader.getResourceAsStream(fileName);
+ return inputStream != null
+ ? OBJECT_MAPPER.readValue(inputStream, ServiceRoles.class)
+ : null;
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
}
@Override
@@ -403,8 +422,14 @@ public EnvironmentServiceRolesSupplier(String envKey) {
@Override
public ServiceRoles get() {
- final String value = System.getenv(envKey);
- return value != null ? new Yaml(new Constructor(ServiceRoles.class)).load(value) : null;
+ try {
+ final String value = System.getenv(envKey);
+ return value != null
+ ? OBJECT_MAPPER.readValue(new StringReader(value), ServiceRoles.class)
+ : null;
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
}
@Override
@@ -435,7 +460,7 @@ public ServiceRoles get() {
try {
final File file = new File(this.file);
return file.exists()
- ? new Yaml(new Constructor(ServiceRoles.class)).load(new FileInputStream(file))
+ ? OBJECT_MAPPER.readValue(new FileInputStream(file), ServiceRoles.class)
: null;
} catch (Exception e) {
throw Exceptions.propagate(e);
diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java
index 5965189..62c1d0b 100644
--- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java
+++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java
@@ -111,12 +111,6 @@ public Mono getToken(Map tags) {
vaultToken -> {
final String uri = buildServiceTokenUri(tags);
return Mono.fromCallable(() -> rpcGetToken(uri, vaultToken))
- .doOnSubscribe(
- s ->
- LOGGER.debug(
- "[getToken] Getting vault service token, uri='{}', tags={}",
- uri,
- tags))
.doOnSuccess(
s ->
LOGGER.debug(
@@ -134,7 +128,7 @@ public Mono getToken(Map tags) {
});
}
- private String rpcGetToken(String uri, String vaultToken) {
+ private static String rpcGetToken(String uri, String vaultToken) {
try {
final RestResponse response =
new Rest().header(VAULT_TOKEN_HEADER, vaultToken).url(uri).get();