bump config server versions, add opt-in basic auth

TimHess · TimHess · commit d068ab8f3ed0 · 2025-08-15T10:36:10.000-05:00
diff --git a/config-server/Dockerfile b/config-server/Dockerfile
@@ -9,14 +9,14 @@ WORKDIR /scratch
 RUN apk update && apk add ca-certificates && apk add curl && apk add patch
 RUN curl --get https://start.spring.io/starter.zip \
         -d type=gradle-project \
-        -d bootVersion=3.4.1 \
+        -d bootVersion=3.5.4 \
         -d javaVersion=$JVM \
         -d groupId=io.steeltoe.docker \
         -d artifactId=configserver \
         -d applicationName=ConfigServer \
         -d language=java \
-        -d dependencies=cloud-config-server,actuator,cloud-eureka \
-        -d version=4.2.0 \
+        -d dependencies=cloud-config-server,actuator,cloud-eureka,security \
+        -d version=4.3.0 \
         --output configserver.zip
 RUN mkdir configserver && unzip -d configserver configserver.zip
 COPY metadata metadata
diff --git a/config-server/README.adoc b/config-server/README.adoc
@@ -26,6 +26,14 @@ $ docker run --publish 8888:8888 --volume /path/to/my/config:/config steeltoe.az
     --spring.cloud.config.server.native.searchLocations=file:///config
 ----
 
+.With Basic Auth
+----
+$ docker run --publish 8888:8888 steeltoe.azurecr.io/config-server \
+    --auth.enabled=true \
+    --auth.username=myCustomUser \
+    --auth.password=myCustomPassword
+----
+
 == Resources
 
 |===
diff --git a/config-server/metadata/ADDITIONAL_TAGS b/config-server/metadata/ADDITIONAL_TAGS
@@ -1 +1 @@
--t config-server:4.2 -t config-server:4 -t config-server:latest
+-t config-server:4.3 -t config-server:4 -t config-server:latest
diff --git a/config-server/metadata/IMAGE_VERSION b/config-server/metadata/IMAGE_VERSION
@@ -1 +1 @@
-4.2.0
+4.3.0
diff --git a/config-server/patches/addauth.patch b/config-server/patches/addauth.patch
@@ -0,0 +1,65 @@
+--- /dev/null
++++ configserver/src/main/java/io/steeltoe/docker/configserver/BasicOrNoAuthConfig.java	2025-08-15 13:15:18.461432100 -0500
+@@ -0,0 +1,62 @@
++package io.steeltoe.docker.configserver;
++
++import org.springframework.beans.factory.annotation.Value;
++import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
++import org.springframework.boot.autoconfigure.security.SecurityProperties;
++import org.springframework.context.annotation.Bean;
++import org.springframework.context.annotation.Configuration;
++import org.springframework.core.annotation.Order;
++import org.springframework.security.config.Customizer;
++import org.springframework.security.config.annotation.web.builders.HttpSecurity;
++import org.springframework.security.core.userdetails.User;
++import org.springframework.security.core.userdetails.UserDetailsService;
++import org.springframework.security.crypto.password.NoOpPasswordEncoder;
++import org.springframework.security.crypto.password.PasswordEncoder;
++import org.springframework.security.provisioning.InMemoryUserDetailsManager;
++import org.springframework.security.web.SecurityFilterChain;
++
++@Configuration
++public class BasicOrNoAuthConfig {
++
++    @Bean
++    @ConditionalOnProperty(prefix = "auth", name = "enabled", havingValue = "true")
++    public UserDetailsService userDetailsService(
++            @Value("${auth.username:devuser}") String username,
++            @Value("${auth.password:devpassword}") String password) {
++
++        return new InMemoryUserDetailsManager(
++            User.withUsername(username)
++                .password(password)
++                .roles("USER")
++                .build());
++    }
++
++    @SuppressWarnings("deprecation")
++    @Bean
++    @ConditionalOnProperty(prefix = "auth", name = "enabled", havingValue = "true")
++    public PasswordEncoder passwordEncoder() {
++        // For dev/test only — plaintext password
++        return NoOpPasswordEncoder.getInstance();
++    }
++
++    @Bean
++    @ConditionalOnProperty(prefix = "auth", name = "enabled", havingValue = "true")
++    @Order(SecurityProperties.BASIC_AUTH_ORDER)
++    public SecurityFilterChain basicAuthChain(HttpSecurity http) throws Exception {
++        http
++            .authorizeHttpRequests(auth -> auth.anyRequest().authenticated())
++            .httpBasic(Customizer.withDefaults())
++            .csrf(csrf -> csrf.disable());
++        return http.build();
++    }
++
++    @Bean
++    @ConditionalOnProperty(prefix = "auth", name = "enabled", havingValue = "false", matchIfMissing = true)
++    @Order(SecurityProperties.BASIC_AUTH_ORDER)
++    public SecurityFilterChain permitAllChain(HttpSecurity http) throws Exception {
++        http
++            .authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
++            .csrf(csrf -> csrf.disable());
++        return http.build();
++    }
++}
diff --git a/config-server/patches/application.properties.patch b/config-server/patches/application.properties.patch
@@ -1,6 +1,6 @@
 --- configserver/src/main/resources/application.properties	2024-02-21 15:43:09.000000000 -0600
-+++ configserver/src/main/resources/application.properties	2024-04-02 13:15:18.461432100 -0500
-@@ -0,0 +1,9 @@
++++ configserver/src/main/resources/application.properties	2025-08-15 13:15:18.461432100 -0500
+@@ -0,0 +1,10 @@
 +server.port = 8888
 +spring.cloud.config.server.git.uri = https://github.com/spring-cloud-samples/config-repo
 +eureka.client.enabled = false
@@ -10,3 +10,4 @@
 +eureka.instance.virtualhostname = configserver
 +eureka.instance.hostname = host.docker.internal
 +eureka.instance.instanceId = host.docker.internal:configserver:8888
++auth.enabled = false

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`--t config-server:4.2 -t config-server:4 -t config-server:latest`
	`1`	`+-t config-server:4.3 -t config-server:4 -t config-server:latest`