feat:support configuration encryption.

Tencent · Oct 16, 2023 · e7eda1d · e7eda1d
1 parent 9ce470e
commit e7eda1d
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,3 +15,4 @@
 - [feat: add circuit breaker actuator.](https://github.com/Tencent/spring-cloud-tencent/pull/1172)
 - [feat: add metadata transfer for http header via spring.cloud.tencent.metadata.headers.](https://github.com/Tencent/spring-cloud-tencent/pull/1174)
 - [fix:remove bcprov-jdk15on dependency.](https://github.com/Tencent/spring-cloud-tencent/pull/1178)
+- [feat:support configuration encryption.](https://github.com/Tencent/spring-cloud-tencent/pull/1182)
diff --git a/...-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java b/...-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java
@@ -19,14 +19,17 @@
 package com.tencent.cloud.polaris.config;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 import com.tencent.cloud.common.constant.OrderConstant;
 import com.tencent.cloud.common.util.AddressUtils;
 import com.tencent.cloud.polaris.config.config.PolarisConfigProperties;
+import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties;
 import com.tencent.cloud.polaris.context.PolarisConfigModifier;
 import com.tencent.cloud.polaris.context.config.PolarisContextProperties;
 import com.tencent.polaris.factory.config.ConfigurationImpl;
+import com.tencent.polaris.factory.config.configuration.ConfigFilterConfigImpl;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -46,11 +49,15 @@ public class ConfigurationModifier implements PolarisConfigModifier {
 
 	private final PolarisConfigProperties polarisConfigProperties;
 
+	private final PolarisCryptoConfigProperties polarisCryptoConfigProperties;
+
 	private final PolarisContextProperties polarisContextProperties;
 
 	public ConfigurationModifier(PolarisConfigProperties polarisConfigProperties,
+			PolarisCryptoConfigProperties polarisCryptoConfigProperties,
 			PolarisContextProperties polarisContextProperties) {
 		this.polarisConfigProperties = polarisConfigProperties;
+		this.polarisCryptoConfigProperties = polarisCryptoConfigProperties;
 		this.polarisContextProperties = polarisContextProperties;
 	}
 
@@ -65,6 +72,13 @@ else if (StringUtils.equalsIgnoreCase(polarisConfigProperties.getDataSource(), D
 		else {
 			throw new RuntimeException("Unsupported config data source");
 		}
+
+		ConfigFilterConfigImpl configFilterConfig = configuration.getConfigFile().getConfigFilterConfig();
+		configFilterConfig.setEnable(polarisCryptoConfigProperties.isEnabled());
+		if (polarisCryptoConfigProperties.isEnabled()) {
+			configFilterConfig.getChain().add("crypto");
+			configFilterConfig.getPlugin().put("crypto", Collections.singletonMap("type", "AES"));
+		}
 	}
 
 	private void initByLocalDataSource(ConfigurationImpl configuration) {

diff --git a/...c/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java b/...c/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java
@@ -23,6 +23,7 @@
 import com.tencent.cloud.polaris.config.adapter.PolarisPropertySourceManager;
 import com.tencent.cloud.polaris.config.condition.ConditionalOnReflectRefreshType;
 import com.tencent.cloud.polaris.config.config.PolarisConfigProperties;
+import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties;
 import com.tencent.cloud.polaris.context.PolarisSDKContextManager;
 import com.tencent.cloud.polaris.context.config.PolarisContextAutoConfiguration;
 import com.tencent.cloud.polaris.context.config.PolarisContextProperties;
@@ -54,6 +55,12 @@ public PolarisConfigProperties polarisProperties() {
 	}
 
 	@Bean
+	public PolarisCryptoConfigProperties polarisCryptoConfigProperties() {
+		return new PolarisCryptoConfigProperties();
+	}
+
+	@Bean
+	@ConditionalOnMissingBean
 	public PolarisPropertySourceManager polarisPropertySourceManager() {
 		return new PolarisPropertySourceManager();
 	}
@@ -80,8 +87,9 @@ public PolarisConfigFileLocator polarisConfigFileLocator(
 	@Bean
 	@ConditionalOnConnectRemoteServerEnabled
 	public ConfigurationModifier configurationModifier(PolarisConfigProperties polarisConfigProperties,
+			PolarisCryptoConfigProperties polarisCryptoConfigProperties,
 			PolarisContextProperties polarisContextProperties) {
-		return new ConfigurationModifier(polarisConfigProperties, polarisContextProperties);
+		return new ConfigurationModifier(polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties);
 	}
 
 	@Bean

diff --git a/.../src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java b/.../src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java
@@ -0,0 +1,41 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ *
+ */
+package com.tencent.cloud.polaris.config.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * polaris config module bootstrap configs.
+ *
+ * @author lepdou 2022-03-10
+ */
+@ConfigurationProperties("spring.cloud.polaris.config.crypto")
+public class PolarisCryptoConfigProperties {
+	/**
+	 * Whether to open the configuration crypto.
+	 */
+	private boolean enabled = true;
+
+	public boolean isEnabled() {
+		return enabled;
+	}
+
+	public void setEnabled(boolean enabled) {
+		this.enabled = enabled;
+	}
+}
diff --git a/...-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/...-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -64,7 +64,14 @@
       "name": "spring.cloud.polaris.config.local-file-root-path",
       "type": "java.lang.String",
       "defaultValue": "./polaris/backup/config",
-      "description": "The root path of config files, only used in local mode."
+      "description": "Where to load config file, polaris or local."
+    },
+    {
+      "name": "spring.cloud.polaris.config.crypto.enabled",
+      "type": "java.lang.Boolean",
+      "defaultValue": "true",
+      "description": "Whether to open the configuration crypto.",
+      "sourceType": "com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties"
     }
   ]
 }