From 44b395d7ba9a4d01d7858b61f066e8cb21c22607 Mon Sep 17 00:00:00 2001 From: Artem Vysochyn Date: Sun, 22 Sep 2024 11:23:31 +0300 Subject: [PATCH 1/8] Get rid of dependency on scalecube-commons, scalecube-config-vault --- pom.xml | 18 ++-- vault/pom.xml | 12 ++- .../vault/EnvironmentVaultTokenSupplier.java | 13 +++ .../vault/KubernetesVaultTokenSupplier.java | 63 ++++++++++++++ .../vault/VaultClientTokenSupplier.java | 87 ++++++++----------- .../vault/VaultServiceRolesInstaller.java | 2 +- .../vault/VaultServiceTokenSupplier.java | 11 ++- .../security/vault/VaultTokenSupplier.java | 9 ++ 8 files changed, 140 insertions(+), 75 deletions(-) create mode 100644 vault/src/main/java/io/scalecube/security/vault/EnvironmentVaultTokenSupplier.java create mode 100644 vault/src/main/java/io/scalecube/security/vault/KubernetesVaultTokenSupplier.java create mode 100644 vault/src/main/java/io/scalecube/security/vault/VaultTokenSupplier.java diff --git a/pom.xml b/pom.xml index 6c18a93..9e49c73 100644 --- a/pom.xml +++ b/pom.xml @@ -39,10 +39,8 @@ - 0.4.20 - 1.0.24 - 2020.0.32 + 5.1.0 2.15.1 2.0.7 0.11.2 @@ -59,17 +57,11 @@ - - - io.scalecube - scalecube-config-vault - ${scalecube-config.version} - - + - io.scalecube - scalecube-commons - ${scalecube-commons.version} + com.bettercloud + vault-java-driver + ${vault-java-driver.version} diff --git a/vault/pom.xml b/vault/pom.xml index 9316599..b08c066 100644 --- a/vault/pom.xml +++ b/vault/pom.xml @@ -1,5 +1,7 @@ - + 4.0.0 @@ -12,12 +14,8 @@ - io.scalecube - scalecube-config-vault - - - io.scalecube - scalecube-commons + com.bettercloud + vault-java-driver io.projectreactor diff --git a/vault/src/main/java/io/scalecube/security/vault/EnvironmentVaultTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/EnvironmentVaultTokenSupplier.java new file mode 100644 index 0000000..1dfc448 --- /dev/null +++ b/vault/src/main/java/io/scalecube/security/vault/EnvironmentVaultTokenSupplier.java @@ -0,0 +1,13 @@ +package io.scalecube.security.vault; + +import com.bettercloud.vault.VaultConfig; +import java.util.Objects; + +public class EnvironmentVaultTokenSupplier implements VaultTokenSupplier { + + public EnvironmentVaultTokenSupplier() {} + + public String getToken(VaultConfig config) { + return Objects.requireNonNull(config.getToken(), "vault token"); + } +} diff --git a/vault/src/main/java/io/scalecube/security/vault/KubernetesVaultTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/KubernetesVaultTokenSupplier.java new file mode 100644 index 0000000..214326f --- /dev/null +++ b/vault/src/main/java/io/scalecube/security/vault/KubernetesVaultTokenSupplier.java @@ -0,0 +1,63 @@ +package io.scalecube.security.vault; + +import com.bettercloud.vault.EnvironmentLoader; +import com.bettercloud.vault.Vault; +import com.bettercloud.vault.VaultConfig; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.Objects; +import java.util.Optional; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +public class KubernetesVaultTokenSupplier implements VaultTokenSupplier { + + private static final EnvironmentLoader ENVIRONMENT_LOADER = new EnvironmentLoader(); + + private String vaultRole = ENVIRONMENT_LOADER.loadVariable("VAULT_ROLE"); + + private String vaultJwtProvider = + Optional.ofNullable( + Optional.ofNullable(ENVIRONMENT_LOADER.loadVariable("VAULT_JWT_PROVIDER")) + .orElse(ENVIRONMENT_LOADER.loadVariable("VAULT_MOUNT_POINT"))) + .orElse("kubernetes"); + + private String serviceAccountTokenPath = + Optional.ofNullable(ENVIRONMENT_LOADER.loadVariable("SERVICE_ACCOUNT_TOKEN_PATH")) + .orElse("/var/run/secrets/kubernetes.io/serviceaccount/token"); + + public KubernetesVaultTokenSupplier() {} + + public KubernetesVaultTokenSupplier vaultRole(String vaultRole) { + this.vaultRole = vaultRole; + return this; + } + + public KubernetesVaultTokenSupplier vaultJwtProvider(String vaultJwtProvider) { + this.vaultJwtProvider = vaultJwtProvider; + return this; + } + + public KubernetesVaultTokenSupplier serviceAccountTokenPath(String serviceAccountTokenPath) { + this.serviceAccountTokenPath = serviceAccountTokenPath; + return this; + } + + @Override + public String getToken(VaultConfig config) { + Objects.requireNonNull(vaultRole, "vault role"); + Objects.requireNonNull(vaultJwtProvider, "jwt provider"); + Objects.requireNonNull(serviceAccountTokenPath, "k8s service account token path"); + try (Stream stream = Files.lines(Paths.get(serviceAccountTokenPath))) { + String jwt = stream.collect(Collectors.joining()); + return Objects.requireNonNull( + new Vault(config) + .auth() + .loginByJwt(vaultJwtProvider, vaultRole, jwt) + .getAuthClientToken(), + "vault token"); + } catch (Exception e) { + throw new RuntimeException(e); + } + } +} diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java index d4b080b..c7b032a 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java @@ -1,83 +1,62 @@ package io.scalecube.security.vault; -import static io.scalecube.utils.MaskUtil.mask; - import com.bettercloud.vault.VaultConfig; import com.bettercloud.vault.VaultException; -import io.scalecube.config.utils.ThrowableUtil; -import io.scalecube.config.vault.EnvironmentVaultTokenSupplier; -import io.scalecube.config.vault.KubernetesVaultTokenSupplier; -import io.scalecube.config.vault.VaultTokenSupplier; import java.util.Objects; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import reactor.core.Exceptions; import reactor.core.publisher.Mono; import reactor.core.scheduler.Schedulers; -public final class VaultClientTokenSupplier { +public class VaultClientTokenSupplier { private static final Logger LOGGER = LoggerFactory.getLogger(VaultClientTokenSupplier.class); - private String vaultAddress; - private String vaultToken; - private String vaultRole; - - public VaultClientTokenSupplier() {} - - private VaultClientTokenSupplier(VaultClientTokenSupplier other) { - this.vaultAddress = other.vaultAddress; - this.vaultToken = other.vaultToken; - this.vaultRole = other.vaultRole; - } - - private VaultClientTokenSupplier copy() { - return new VaultClientTokenSupplier(this); - } + private final String vaultAddress; + private final String vaultToken; + private final String vaultRole; - private void validate() { + /** + * Constructor. + * + * @param vaultAddress vaultAddress + * @param vaultToken vaultToken (must not set be together with vaultRole) + * @param vaultRole vaultRole (must not set be together with vaultToken) + */ + public VaultClientTokenSupplier(String vaultAddress, String vaultToken, String vaultRole) { + this.vaultAddress = vaultAddress; + this.vaultToken = vaultToken; + this.vaultRole = vaultRole; if (isNullOrNoneOrEmpty(vaultAddress)) { throw new IllegalArgumentException("Vault address is required"); } if (isNullOrNoneOrEmpty(vaultToken) && isNullOrNoneOrEmpty(vaultRole)) { throw new IllegalArgumentException( - "Vault auth scheme is required (specify either VAULT_ROLE or VAULT_TOKEN)"); + "Vault auth scheme is required (specify either vaultToken or vaultRole)"); } } /** - * Setter for vaultAddress. + * Returns new instance of {@link VaultClientTokenSupplier}. * * @param vaultAddress vaultAddress - * @return new instance with applied setting - */ - public VaultClientTokenSupplier vaultAddress(String vaultAddress) { - final VaultClientTokenSupplier c = copy(); - c.vaultAddress = vaultAddress; - return c; - } - - /** - * Setter for vaultToken. - * * @param vaultToken vaultToken - * @return new instance with applied setting + * @return new instance of {@link VaultClientTokenSupplier} */ - public VaultClientTokenSupplier vaultToken(String vaultToken) { - final VaultClientTokenSupplier c = copy(); - c.vaultToken = vaultToken; - return c; + public static VaultClientTokenSupplier supplierByToken(String vaultAddress, String vaultToken) { + return new VaultClientTokenSupplier(vaultAddress, vaultToken, null); } /** - * Setter for vaultRole. + * Returns new instance of {@link VaultClientTokenSupplier}. * + * @param vaultAddress vaultAddress * @param vaultRole vaultRole - * @return new instance with applied setting + * @return new instance of {@link VaultClientTokenSupplier} */ - public VaultClientTokenSupplier vaultRole(String vaultRole) { - final VaultClientTokenSupplier c = copy(); - c.vaultRole = vaultRole; - return c; + public static VaultClientTokenSupplier supplierByRole(String vaultAddress, String vaultRole) { + return new VaultClientTokenSupplier(vaultAddress, null, vaultRole); } /** @@ -86,8 +65,7 @@ public VaultClientTokenSupplier vaultRole(String vaultRole) { * @return vault client token */ public Mono getToken() { - return Mono.fromRunnable(this::validate) - .then(Mono.fromCallable(this::getToken0)) + return Mono.fromCallable(this::getToken0) .subscribeOn(Schedulers.boundedElastic()) .doOnSuccess(s -> LOGGER.debug("[getToken][success] result: {}", mask(s))) .doOnError(th -> LOGGER.error("[getToken][error] cause: {}", th.toString())); @@ -103,7 +81,7 @@ private String getToken0() { LOGGER.warn( "Taking KubernetesVaultTokenSupplier by precedence rule, " + "ignoring EnvironmentVaultTokenSupplier " - + "(specify either VAULT_ROLE or VAULT_TOKEN, not both)"); + + "(specify either vaultToken or vaultRole, not both)"); } vaultTokenSupplier = new KubernetesVaultTokenSupplier().vaultRole(vaultRole); vaultConfig = new VaultConfig().address(vaultAddress).build(); @@ -114,7 +92,7 @@ private String getToken0() { return vaultTokenSupplier.getToken(vaultConfig); } catch (VaultException e) { - throw ThrowableUtil.propagate(e); + throw Exceptions.propagate(e); } } @@ -124,4 +102,11 @@ private static boolean isNullOrNoneOrEmpty(String value) { || "null".equals(value) || value.isEmpty(); } + + private static String mask(String data) { + if (data == null || data.length() < 5) { + return "*****"; + } + return data.replace(data.substring(2, data.length() - 2), "***"); + } } diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java index 2b1575a..71e498b 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java @@ -25,7 +25,7 @@ import reactor.core.publisher.Mono; import reactor.core.scheduler.Schedulers; -public final class VaultServiceRolesInstaller { +public class VaultServiceRolesInstaller { private static final Logger LOGGER = LoggerFactory.getLogger(VaultServiceRolesInstaller.class); diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java index c7ba25e..cf36eae 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java @@ -1,7 +1,5 @@ package io.scalecube.security.vault; -import static io.scalecube.utils.MaskUtil.mask; - import com.bettercloud.vault.json.Json; import com.bettercloud.vault.rest.Rest; import com.bettercloud.vault.rest.RestException; @@ -16,7 +14,7 @@ import reactor.core.publisher.Mono; import reactor.core.scheduler.Schedulers; -public final class VaultServiceTokenSupplier { +public class VaultServiceTokenSupplier { private static final Logger LOGGER = LoggerFactory.getLogger(VaultServiceTokenSupplier.class); @@ -161,4 +159,11 @@ private String buildServiceTokenUri(Map tags) { .add(serviceTokenNameBuilder.apply(serviceRole, tags)) .toString(); } + + private static String mask(String data) { + if (data == null || data.length() < 5) { + return "*****"; + } + return data.replace(data.substring(2, data.length() - 2), "***"); + } } diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultTokenSupplier.java new file mode 100644 index 0000000..6ded3b4 --- /dev/null +++ b/vault/src/main/java/io/scalecube/security/vault/VaultTokenSupplier.java @@ -0,0 +1,9 @@ +package io.scalecube.security.vault; + +import com.bettercloud.vault.VaultConfig; + +@FunctionalInterface +public interface VaultTokenSupplier { + + String getToken(VaultConfig config); +} From 3dd178d9d507c162b09003c0afe4cab86029d4df Mon Sep 17 00:00:00 2001 From: Artem Vysochyn Date: Sun, 22 Sep 2024 11:55:38 +0300 Subject: [PATCH 2/8] WIP --- pom.xml | 1 - .../vault/VaultClientTokenSupplier.java | 112 ------------------ 2 files changed, 113 deletions(-) delete mode 100644 vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java diff --git a/pom.xml b/pom.xml index 9e49c73..967aeff 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,6 @@ 4.6.1 5.8.2 1.3 - 5.1.0 1.17.4 https://maven.pkg.github.com/scalecube/scalecube-security diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java deleted file mode 100644 index c7b032a..0000000 --- a/vault/src/main/java/io/scalecube/security/vault/VaultClientTokenSupplier.java +++ /dev/null @@ -1,112 +0,0 @@ -package io.scalecube.security.vault; - -import com.bettercloud.vault.VaultConfig; -import com.bettercloud.vault.VaultException; -import java.util.Objects; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import reactor.core.Exceptions; -import reactor.core.publisher.Mono; -import reactor.core.scheduler.Schedulers; - -public class VaultClientTokenSupplier { - - private static final Logger LOGGER = LoggerFactory.getLogger(VaultClientTokenSupplier.class); - - private final String vaultAddress; - private final String vaultToken; - private final String vaultRole; - - /** - * Constructor. - * - * @param vaultAddress vaultAddress - * @param vaultToken vaultToken (must not set be together with vaultRole) - * @param vaultRole vaultRole (must not set be together with vaultToken) - */ - public VaultClientTokenSupplier(String vaultAddress, String vaultToken, String vaultRole) { - this.vaultAddress = vaultAddress; - this.vaultToken = vaultToken; - this.vaultRole = vaultRole; - if (isNullOrNoneOrEmpty(vaultAddress)) { - throw new IllegalArgumentException("Vault address is required"); - } - if (isNullOrNoneOrEmpty(vaultToken) && isNullOrNoneOrEmpty(vaultRole)) { - throw new IllegalArgumentException( - "Vault auth scheme is required (specify either vaultToken or vaultRole)"); - } - } - - /** - * Returns new instance of {@link VaultClientTokenSupplier}. - * - * @param vaultAddress vaultAddress - * @param vaultToken vaultToken - * @return new instance of {@link VaultClientTokenSupplier} - */ - public static VaultClientTokenSupplier supplierByToken(String vaultAddress, String vaultToken) { - return new VaultClientTokenSupplier(vaultAddress, vaultToken, null); - } - - /** - * Returns new instance of {@link VaultClientTokenSupplier}. - * - * @param vaultAddress vaultAddress - * @param vaultRole vaultRole - * @return new instance of {@link VaultClientTokenSupplier} - */ - public static VaultClientTokenSupplier supplierByRole(String vaultAddress, String vaultRole) { - return new VaultClientTokenSupplier(vaultAddress, null, vaultRole); - } - - /** - * Obtains vault client token. - * - * @return vault client token - */ - public Mono getToken() { - return Mono.fromCallable(this::getToken0) - .subscribeOn(Schedulers.boundedElastic()) - .doOnSuccess(s -> LOGGER.debug("[getToken][success] result: {}", mask(s))) - .doOnError(th -> LOGGER.error("[getToken][error] cause: {}", th.toString())); - } - - private String getToken0() { - try { - VaultTokenSupplier vaultTokenSupplier; - VaultConfig vaultConfig; - - if (!isNullOrNoneOrEmpty(vaultRole)) { - if (!isNullOrNoneOrEmpty(vaultToken)) { - LOGGER.warn( - "Taking KubernetesVaultTokenSupplier by precedence rule, " - + "ignoring EnvironmentVaultTokenSupplier " - + "(specify either vaultToken or vaultRole, not both)"); - } - vaultTokenSupplier = new KubernetesVaultTokenSupplier().vaultRole(vaultRole); - vaultConfig = new VaultConfig().address(vaultAddress).build(); - } else { - vaultTokenSupplier = new EnvironmentVaultTokenSupplier(); - vaultConfig = new VaultConfig().address(vaultAddress).token(vaultToken).build(); - } - - return vaultTokenSupplier.getToken(vaultConfig); - } catch (VaultException e) { - throw Exceptions.propagate(e); - } - } - - private static boolean isNullOrNoneOrEmpty(String value) { - return Objects.isNull(value) - || "none".equalsIgnoreCase(value) - || "null".equals(value) - || value.isEmpty(); - } - - private static String mask(String data) { - if (data == null || data.length() < 5) { - return "*****"; - } - return data.replace(data.substring(2, data.length() - 2), "***"); - } -} From 0fd1f156e7c132fde33f4401566054d4b3206af0 Mon Sep 17 00:00:00 2001 From: Artem Vysochyn Date: Sun, 22 Sep 2024 12:41:28 +0300 Subject: [PATCH 3/8] Cleanup --- .../vault/EnvironmentVaultTokenSupplier.java | 13 ---- .../vault/KubernetesVaultTokenSupplier.java | 63 ------------------- .../vault/VaultServiceRolesInstaller.java | 11 ++-- .../security/vault/VaultTokenSupplier.java | 9 --- 4 files changed, 7 insertions(+), 89 deletions(-) delete mode 100644 vault/src/main/java/io/scalecube/security/vault/EnvironmentVaultTokenSupplier.java delete mode 100644 vault/src/main/java/io/scalecube/security/vault/KubernetesVaultTokenSupplier.java delete mode 100644 vault/src/main/java/io/scalecube/security/vault/VaultTokenSupplier.java diff --git a/vault/src/main/java/io/scalecube/security/vault/EnvironmentVaultTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/EnvironmentVaultTokenSupplier.java deleted file mode 100644 index 1dfc448..0000000 --- a/vault/src/main/java/io/scalecube/security/vault/EnvironmentVaultTokenSupplier.java +++ /dev/null @@ -1,13 +0,0 @@ -package io.scalecube.security.vault; - -import com.bettercloud.vault.VaultConfig; -import java.util.Objects; - -public class EnvironmentVaultTokenSupplier implements VaultTokenSupplier { - - public EnvironmentVaultTokenSupplier() {} - - public String getToken(VaultConfig config) { - return Objects.requireNonNull(config.getToken(), "vault token"); - } -} diff --git a/vault/src/main/java/io/scalecube/security/vault/KubernetesVaultTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/KubernetesVaultTokenSupplier.java deleted file mode 100644 index 214326f..0000000 --- a/vault/src/main/java/io/scalecube/security/vault/KubernetesVaultTokenSupplier.java +++ /dev/null @@ -1,63 +0,0 @@ -package io.scalecube.security.vault; - -import com.bettercloud.vault.EnvironmentLoader; -import com.bettercloud.vault.Vault; -import com.bettercloud.vault.VaultConfig; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.util.Objects; -import java.util.Optional; -import java.util.stream.Collectors; -import java.util.stream.Stream; - -public class KubernetesVaultTokenSupplier implements VaultTokenSupplier { - - private static final EnvironmentLoader ENVIRONMENT_LOADER = new EnvironmentLoader(); - - private String vaultRole = ENVIRONMENT_LOADER.loadVariable("VAULT_ROLE"); - - private String vaultJwtProvider = - Optional.ofNullable( - Optional.ofNullable(ENVIRONMENT_LOADER.loadVariable("VAULT_JWT_PROVIDER")) - .orElse(ENVIRONMENT_LOADER.loadVariable("VAULT_MOUNT_POINT"))) - .orElse("kubernetes"); - - private String serviceAccountTokenPath = - Optional.ofNullable(ENVIRONMENT_LOADER.loadVariable("SERVICE_ACCOUNT_TOKEN_PATH")) - .orElse("/var/run/secrets/kubernetes.io/serviceaccount/token"); - - public KubernetesVaultTokenSupplier() {} - - public KubernetesVaultTokenSupplier vaultRole(String vaultRole) { - this.vaultRole = vaultRole; - return this; - } - - public KubernetesVaultTokenSupplier vaultJwtProvider(String vaultJwtProvider) { - this.vaultJwtProvider = vaultJwtProvider; - return this; - } - - public KubernetesVaultTokenSupplier serviceAccountTokenPath(String serviceAccountTokenPath) { - this.serviceAccountTokenPath = serviceAccountTokenPath; - return this; - } - - @Override - public String getToken(VaultConfig config) { - Objects.requireNonNull(vaultRole, "vault role"); - Objects.requireNonNull(vaultJwtProvider, "jwt provider"); - Objects.requireNonNull(serviceAccountTokenPath, "k8s service account token path"); - try (Stream stream = Files.lines(Paths.get(serviceAccountTokenPath))) { - String jwt = stream.collect(Collectors.joining()); - return Objects.requireNonNull( - new Vault(config) - .auth() - .loginByJwt(vaultJwtProvider, vaultRole, jwt) - .getAuthClientToken(), - "vault token"); - } catch (Exception e) { - throw new RuntimeException(e); - } - } -} diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java index 71e498b..874e82c 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java @@ -459,11 +459,14 @@ public FileServiceRolesSupplier(String file) { public ServiceRoles get() { try { final File file = new File(this.file); - return file.exists() - ? OBJECT_MAPPER.readValue(new FileInputStream(file), ServiceRoles.class) - : null; + if (!file.exists()) { + return null; + } + try (final FileInputStream fis = new FileInputStream(file)) { + return OBJECT_MAPPER.readValue(fis, ServiceRoles.class); + } } catch (Exception e) { - throw Exceptions.propagate(e); + throw new RuntimeException(e); } } diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultTokenSupplier.java deleted file mode 100644 index 6ded3b4..0000000 --- a/vault/src/main/java/io/scalecube/security/vault/VaultTokenSupplier.java +++ /dev/null @@ -1,9 +0,0 @@ -package io.scalecube.security.vault; - -import com.bettercloud.vault.VaultConfig; - -@FunctionalInterface -public interface VaultTokenSupplier { - - String getToken(VaultConfig config); -} From cc37d5340228d9505dccaf24c3b7017d2f2b3e64 Mon Sep 17 00:00:00 2001 From: Artem Vysochyn Date: Sun, 22 Sep 2024 13:57:03 +0300 Subject: [PATCH 4/8] Cleanup --- vault/pom.xml | 4 - .../vault/VaultServiceRolesInstaller.java | 307 +++++++----------- .../vault/VaultServiceTokenSupplier.java | 165 ++++------ 3 files changed, 178 insertions(+), 298 deletions(-) diff --git a/vault/pom.xml b/vault/pom.xml index b08c066..5c3e073 100644 --- a/vault/pom.xml +++ b/vault/pom.xml @@ -17,10 +17,6 @@ com.bettercloud vault-java-driver - - io.projectreactor - reactor-core - org.slf4j slf4j-api diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java index 874e82c..160c9ba 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java @@ -21,9 +21,6 @@ import java.util.function.Supplier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import reactor.core.Exceptions; -import reactor.core.publisher.Mono; -import reactor.core.scheduler.Schedulers; public class VaultServiceRolesInstaller { @@ -36,197 +33,61 @@ public class VaultServiceRolesInstaller { private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(new YAMLFactory()); - private String vaultAddress; - private Mono vaultTokenSupplier; - private Supplier keyNameSupplier; - private Function roleNameBuilder; - private List> serviceRolesSources = DEFAULT_SERVICE_ROLES_SOURCES; - private String keyAlgorithm = "RS256"; - private String keyRotationPeriod = "1h"; - private String keyVerificationTtl = "1h"; - private String roleTtl = "1m"; - - public VaultServiceRolesInstaller() {} - - private VaultServiceRolesInstaller(VaultServiceRolesInstaller other) { - this.vaultAddress = other.vaultAddress; - this.vaultTokenSupplier = other.vaultTokenSupplier; - this.keyNameSupplier = other.keyNameSupplier; - this.roleNameBuilder = other.roleNameBuilder; - this.serviceRolesSources = other.serviceRolesSources; - this.keyAlgorithm = other.keyAlgorithm; - this.keyRotationPeriod = other.keyRotationPeriod; - this.keyVerificationTtl = other.keyVerificationTtl; - this.roleTtl = other.roleTtl; + private final String vaultAddress; + private final Supplier vaultTokenSupplier; + private final Supplier keyNameSupplier; + private final Function roleNameBuilder; + private final List> serviceRolesSources; + private final String keyAlgorithm; + private final String keyRotationPeriod; + private final String keyVerificationTtl; + private final String roleTtl; + + private VaultServiceRolesInstaller(Builder builder) { + this.vaultAddress = builder.vaultAddress; + this.vaultTokenSupplier = builder.vaultTokenSupplier; + this.keyNameSupplier = builder.keyNameSupplier; + this.roleNameBuilder = builder.roleNameBuilder; + this.serviceRolesSources = builder.serviceRolesSources; + this.keyAlgorithm = builder.keyAlgorithm; + this.keyRotationPeriod = builder.keyRotationPeriod; + this.keyVerificationTtl = builder.keyVerificationTtl; + this.roleTtl = builder.roleTtl; } - private VaultServiceRolesInstaller copy() { - return new VaultServiceRolesInstaller(this); + public static Builder builder() { + return new Builder(); } /** - * Setter for vaultAddress. - * - * @param vaultAddress vaultAddress - * @return new instance with applied setting + * Builds vault oidc micro-infrastructure (identity roles and keys) to use it for + * machine-to-machine authentication. */ - public VaultServiceRolesInstaller vaultAddress(String vaultAddress) { - final VaultServiceRolesInstaller c = copy(); - c.vaultAddress = vaultAddress; - return c; - } - - /** - * Setter for vaultTokenSupplier. - * - * @param vaultTokenSupplier vaultTokenSupplier - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller vaultTokenSupplier(Mono vaultTokenSupplier) { - final VaultServiceRolesInstaller c = copy(); - c.vaultTokenSupplier = vaultTokenSupplier; - return c; - } - - /** - * Setter for keyNameSupplier. - * - * @param keyNameSupplier keyNameSupplier - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller keyNameSupplier(Supplier keyNameSupplier) { - final VaultServiceRolesInstaller c = copy(); - c.keyNameSupplier = keyNameSupplier; - return c; - } - - /** - * Setter for roleNameBuilder. - * - * @param roleNameBuilder roleNameBuilder - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller roleNameBuilder(Function roleNameBuilder) { - final VaultServiceRolesInstaller c = copy(); - c.roleNameBuilder = roleNameBuilder; - return c; - } - - /** - * Setter for serviceRolesSources. - * - * @param serviceRolesSources serviceRolesSources - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller serviceRolesSources( - List> serviceRolesSources) { - final VaultServiceRolesInstaller c = copy(); - c.serviceRolesSources = serviceRolesSources; - return c; - } - - /** - * Setter for serviceRolesSources. - * - * @param serviceRolesSources serviceRolesSources - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller serviceRolesSources( - Supplier... serviceRolesSources) { - final VaultServiceRolesInstaller c = copy(); - c.serviceRolesSources = Arrays.asList(serviceRolesSources); - return c; - } - - /** - * Setter for keyAlgorithm. - * - * @param keyAlgorithm keyAlgorithm - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller keyAlgorithm(String keyAlgorithm) { - final VaultServiceRolesInstaller c = copy(); - c.keyAlgorithm = keyAlgorithm; - return c; - } - - /** - * Setter for keyRotationPeriod. - * - * @param keyRotationPeriod keyRotationPeriod - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller keyRotationPeriod(String keyRotationPeriod) { - final VaultServiceRolesInstaller c = copy(); - c.keyRotationPeriod = keyRotationPeriod; - return c; - } - - /** - * Setter for keyVerificationTtl. - * - * @param keyVerificationTtl keyVerificationTtl - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller keyVerificationTtl(String keyVerificationTtl) { - final VaultServiceRolesInstaller c = copy(); - c.keyVerificationTtl = keyVerificationTtl; - return c; - } - - /** - * Setter for roleTtl. - * - * @param roleTtl roleTtl - * @return new instance with applied setting - */ - public VaultServiceRolesInstaller roleTtl(String roleTtl) { - final VaultServiceRolesInstaller c = copy(); - c.roleTtl = roleTtl; - return c; - } - - /** - * Reads {@code inputFileName} and builds vault oidc micro-infrastructure (identity roles and - * keys) to use it for machine-to-machine authentication. - */ - public Mono install() { - return Mono.defer(this::install0) - .subscribeOn(Schedulers.boundedElastic()) - .doOnError(th -> LOGGER.error("Failed to install serviceRoles, cause: {}", th.toString())); - } - - private Mono install0() { + public void install() { if (isNullOrNoneOrEmpty(vaultAddress)) { LOGGER.debug("Skipping serviceRoles installation, vaultAddress not set"); - return Mono.empty(); + return; } final ServiceRoles serviceRoles = loadServiceRoles(); if (serviceRoles == null || serviceRoles.roles.isEmpty()) { LOGGER.debug("Skipping serviceRoles installation, serviceRoles not set"); - return Mono.empty(); - } - - return Mono.defer(() -> vaultTokenSupplier) - .doOnSuccess( - token -> { - final Rest rest = new Rest().header(VAULT_TOKEN_HEADER, token); - - final String keyName = keyNameSupplier.get(); - createVaultIdentityKey(rest.url(buildVaultIdentityKeyUri(keyName)), keyName); - - for (Role role : serviceRoles.roles) { - String roleName = roleNameBuilder.apply(role.role); - createVaultIdentityRole( - rest.url(buildVaultIdentityRoleUri(roleName)), - keyName, - roleName, - role.permissions); - } - }) - .doOnSuccess(s -> LOGGER.debug("Installed serviceRoles ({})", serviceRoles)) - .then(); + return; + } + + final String token = vaultTokenSupplier.get(); + final Rest rest = new Rest().header(VAULT_TOKEN_HEADER, token); + + final String keyName = keyNameSupplier.get(); + createVaultIdentityKey(rest.url(buildVaultIdentityKeyUri(keyName)), keyName); + + for (Role role : serviceRoles.roles) { + String roleName = roleNameBuilder.apply(role.role); + createVaultIdentityRole( + rest.url(buildVaultIdentityRoleUri(roleName)), keyName, roleName, role.permissions); + } + + LOGGER.debug("Installed serviceRoles ({})", serviceRoles); } private ServiceRoles loadServiceRoles() { @@ -235,14 +96,9 @@ private ServiceRoles loadServiceRoles() { } for (Supplier serviceRolesSource : serviceRolesSources) { - try { - final ServiceRoles serviceRoles = serviceRolesSource.get(); - if (serviceRoles != null) { - return serviceRoles; - } - } catch (Throwable th) { - LOGGER.warn( - "Failed to load serviceRoles from {}, cause {}", serviceRolesSource, th.getMessage()); + final ServiceRoles serviceRoles = serviceRolesSource.get(); + if (serviceRoles != null) { + return serviceRoles; } } @@ -271,7 +127,7 @@ private void createVaultIdentityKey(Rest rest, String keyName) { try { verifyOk(rest.body(body).post().getStatus(), "createVaultIdentityKey"); } catch (RestException e) { - throw Exceptions.propagate(e); + throw new RuntimeException(e); } } @@ -290,7 +146,7 @@ private void createVaultIdentityRole( try { verifyOk(rest.body(body).post().getStatus(), "createVaultIdentityRole"); } catch (RestException e) { - throw Exceptions.propagate(e); + throw new RuntimeException(e); } } @@ -477,4 +333,73 @@ public String toString() { .toString(); } } + + public static class Builder { + + private String vaultAddress; + private Supplier vaultTokenSupplier; + private Supplier keyNameSupplier; + private Function roleNameBuilder; + private List> serviceRolesSources = DEFAULT_SERVICE_ROLES_SOURCES; + private String keyAlgorithm = "RS256"; + private String keyRotationPeriod = "1h"; + private String keyVerificationTtl = "1h"; + private String roleTtl = "1m"; + + private Builder() {} + + public Builder vaultAddress(String vaultAddress) { + this.vaultAddress = vaultAddress; + return this; + } + + public Builder vaultTokenSupplier(Supplier vaultTokenSupplier) { + this.vaultTokenSupplier = vaultTokenSupplier; + return this; + } + + public Builder keyNameSupplier(Supplier keyNameSupplier) { + this.keyNameSupplier = keyNameSupplier; + return this; + } + + public Builder roleNameBuilder(Function roleNameBuilder) { + this.roleNameBuilder = roleNameBuilder; + return this; + } + + public Builder serviceRolesSources(List> serviceRolesSources) { + this.serviceRolesSources = serviceRolesSources; + return this; + } + + public Builder serviceRolesSources(Supplier... serviceRolesSources) { + this.serviceRolesSources = Arrays.asList(serviceRolesSources); + return this; + } + + public Builder keyAlgorithm(String keyAlgorithm) { + this.keyAlgorithm = keyAlgorithm; + return this; + } + + public Builder keyRotationPeriod(String keyRotationPeriod) { + this.keyRotationPeriod = keyRotationPeriod; + return this; + } + + public Builder keyVerificationTtl(String keyVerificationTtl) { + this.keyVerificationTtl = keyVerificationTtl; + return this; + } + + public Builder roleTtl(String roleTtl) { + this.roleTtl = roleTtl; + return this; + } + + public VaultServiceRolesInstaller build() { + return new VaultServiceRolesInstaller(this); + } + } } diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java index cf36eae..7838df3 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java @@ -8,11 +8,9 @@ import java.util.Objects; import java.util.StringJoiner; import java.util.function.BiFunction; +import java.util.function.Supplier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import reactor.core.Exceptions; -import reactor.core.publisher.Mono; -import reactor.core.scheduler.Schedulers; public class VaultServiceTokenSupplier { @@ -20,112 +18,38 @@ public class VaultServiceTokenSupplier { private static final String VAULT_TOKEN_HEADER = "X-Vault-Token"; - private String serviceRole; - private String vaultAddress; - private Mono vaultTokenSupplier; - private BiFunction, String> serviceTokenNameBuilder; - - public VaultServiceTokenSupplier() {} - - private VaultServiceTokenSupplier(VaultServiceTokenSupplier other) { - this.serviceRole = other.serviceRole; - this.vaultAddress = other.vaultAddress; - this.vaultTokenSupplier = other.vaultTokenSupplier; - this.serviceTokenNameBuilder = other.serviceTokenNameBuilder; - } - - private VaultServiceTokenSupplier copy() { - return new VaultServiceTokenSupplier(this); - } - - private void validate() { - Objects.requireNonNull(serviceRole, "VaultServiceTokenSupplier.serviceRole"); - Objects.requireNonNull(vaultAddress, "VaultServiceTokenSupplier.vaultAddress"); - Objects.requireNonNull(vaultTokenSupplier, "VaultServiceTokenSupplier.vaultTokenSupplier"); - Objects.requireNonNull( - serviceTokenNameBuilder, "VaultServiceTokenSupplier.serviceTokenNameBuilder"); - } - - /** - * Setter for serviceRole. - * - * @param serviceRole serviceRole - * @return new instance with applied setting - */ - public VaultServiceTokenSupplier serviceRole(String serviceRole) { - final VaultServiceTokenSupplier c = copy(); - c.serviceRole = serviceRole; - return c; - } - - /** - * Setter for vaultAddress. - * - * @param vaultAddress vaultAddress - * @return new instance with applied setting - */ - public VaultServiceTokenSupplier vaultAddress(String vaultAddress) { - final VaultServiceTokenSupplier c = copy(); - c.vaultAddress = vaultAddress; - return c; - } - - /** - * Setter for vaultTokenSupplier. - * - * @param vaultTokenSupplier vaultTokenSupplier - * @return new instance with applied setting - */ - public VaultServiceTokenSupplier vaultTokenSupplier(Mono vaultTokenSupplier) { - final VaultServiceTokenSupplier c = copy(); - c.vaultTokenSupplier = vaultTokenSupplier; - return c; - } - - /** - * Setter for serviceTokenNameBuilder. - * - * @param serviceTokenNameBuilder serviceTokenNameBuilder; inputs for this function are {@code - * serviceRole} and {@code tags} attributes - * @return new instance with applied setting - */ - public VaultServiceTokenSupplier serviceTokenNameBuilder( - BiFunction, String> serviceTokenNameBuilder) { - final VaultServiceTokenSupplier c = copy(); - c.serviceTokenNameBuilder = serviceTokenNameBuilder; - return c; + private final String vaultAddress; + private final String serviceRole; + private final Supplier vaultTokenSupplier; + private final BiFunction, String> serviceTokenNameBuilder; + + private VaultServiceTokenSupplier(Builder builder) { + this.vaultAddress = Objects.requireNonNull(builder.vaultAddress, "vaultAddress"); + this.serviceRole = Objects.requireNonNull(builder.serviceRole, "serviceRole"); + this.vaultTokenSupplier = + Objects.requireNonNull(builder.vaultTokenSupplier, "vaultTokenSupplier"); + this.serviceTokenNameBuilder = + Objects.requireNonNull(builder.serviceTokenNameBuilder, "serviceTokenNameBuilder"); } /** * Obtains vault service token (aka identity token or oidc token). * - * @param tags tags attributes; along with {@code serviceRole} will be applied on {@code + * @param tags tags attributes, along with {@code serviceRole} will be applied on {@code * serviceTokenNameBuilder} * @return vault service token */ - public Mono getToken(Map tags) { - return Mono.fromRunnable(this::validate) - .then(Mono.defer(() -> vaultTokenSupplier)) - .subscribeOn(Schedulers.boundedElastic()) - .flatMap( - vaultToken -> { - final String uri = buildServiceTokenUri(tags); - return Mono.fromCallable(() -> rpcGetToken(uri, vaultToken)) - .doOnSuccess( - s -> - LOGGER.debug( - "[getToken][success] uri='{}', tags={}, result: {}", - uri, - tags, - mask(s))) - .doOnError( - th -> - LOGGER.error( - "[getToken][error] uri='{}', tags={}, cause: {}", - uri, - tags, - th.toString())); - }); + public String getToken(Map tags) { + try { + final String vaultToken = vaultTokenSupplier.get(); + final String uri = toServiceTokenUri(tags); + final String token = rpcGetToken(uri, vaultToken); + LOGGER.debug("[getToken][success] uri={}, tags={}, result={}", uri, tags, mask(token)); + return token; + } catch (Exception ex) { + LOGGER.error("[getToken][error] tags={}, cause: {}", tags, ex.toString()); + throw new RuntimeException(ex); + } } private static String rpcGetToken(String uri, String vaultToken) { @@ -142,7 +66,7 @@ private static String rpcGetToken(String uri, String vaultToken) { .get("token") .asString(); } catch (RestException e) { - throw Exceptions.propagate(e); + throw new RuntimeException(e); } } @@ -153,7 +77,7 @@ private static void verifyOk(int status) { } } - private String buildServiceTokenUri(Map tags) { + private String toServiceTokenUri(Map tags) { return new StringJoiner("/", vaultAddress, "") .add("/v1/identity/oidc/token") .add(serviceTokenNameBuilder.apply(serviceRole, tags)) @@ -166,4 +90,39 @@ private static String mask(String data) { } return data.replace(data.substring(2, data.length() - 2), "***"); } + + public static class Builder { + + private String vaultAddress; + private String serviceRole; + private Supplier vaultTokenSupplier; + private BiFunction, String> serviceTokenNameBuilder; + + private Builder() {} + + public Builder vaultAddress(String vaultAddress) { + this.vaultAddress = vaultAddress; + return this; + } + + public Builder serviceRole(String serviceRole) { + this.serviceRole = serviceRole; + return this; + } + + public Builder vaultTokenSupplier(Supplier vaultTokenSupplier) { + this.vaultTokenSupplier = vaultTokenSupplier; + return this; + } + + public Builder serviceTokenNameBuilder( + BiFunction, String> serviceTokenNameBuilder) { + this.serviceTokenNameBuilder = serviceTokenNameBuilder; + return this; + } + + public VaultServiceTokenSupplier builder() { + return new VaultServiceTokenSupplier(this); + } + } } From 09f7fbbee1857568c2a9877d2e639f06784e842b Mon Sep 17 00:00:00 2001 From: Artem Vysochyn Date: Sun, 22 Sep 2024 14:00:36 +0300 Subject: [PATCH 5/8] WIP --- .../io/scalecube/security/vault/VaultServiceRolesInstaller.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java index 160c9ba..589fd9c 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java @@ -299,7 +299,7 @@ public String toString() { public static class FileServiceRolesSupplier implements Supplier { - public static final String DEFAULT_FILE = "service_roles.yaml"; + public static final String DEFAULT_FILE = "service-roles.yaml"; private final String file; From 54a974bbcf72e488e1f748125d163009b89af9cd Mon Sep 17 00:00:00 2001 From: Artem Vysochyn Date: Sun, 22 Sep 2024 14:04:23 +0300 Subject: [PATCH 6/8] WIP --- .../scalecube/security/vault/VaultServiceTokenSupplier.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java index 7838df3..2c766b4 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java @@ -32,6 +32,10 @@ private VaultServiceTokenSupplier(Builder builder) { Objects.requireNonNull(builder.serviceTokenNameBuilder, "serviceTokenNameBuilder"); } + public static Builder builder() { + return new Builder(); + } + /** * Obtains vault service token (aka identity token or oidc token). * From fd12de97435d2a7b84cfee62f13a5bac0401e5c2 Mon Sep 17 00:00:00 2001 From: Artem Vysochyn Date: Sun, 22 Sep 2024 14:16:07 +0300 Subject: [PATCH 7/8] WIP --- .../vault/VaultServiceRolesInstaller.java | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java index 589fd9c..74d3c95 100644 --- a/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java +++ b/vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java @@ -3,6 +3,8 @@ import com.bettercloud.vault.json.Json; import com.bettercloud.vault.rest.Rest; import com.bettercloud.vault.rest.RestException; +import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility; +import com.fasterxml.jackson.annotation.PropertyAccessor; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; import io.scalecube.security.vault.VaultServiceRolesInstaller.ServiceRoles.Role; @@ -31,7 +33,8 @@ public class VaultServiceRolesInstaller { private static final List> DEFAULT_SERVICE_ROLES_SOURCES = Collections.singletonList(new ResourcesServiceRolesSupplier()); - private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(new YAMLFactory()); + private static final ObjectMapper OBJECT_MAPPER = + new ObjectMapper(new YAMLFactory()).setVisibility(PropertyAccessor.FIELD, Visibility.ANY); private final String vaultAddress; private final Supplier vaultTokenSupplier; @@ -181,12 +184,13 @@ public static class ServiceRoles { private List roles; - public List getRoles() { + public List roles() { return roles; } - public void setRoles(List roles) { + public ServiceRoles roles(List roles) { this.roles = roles; + return this; } @Override @@ -201,20 +205,22 @@ public static class Role { private String role; private List permissions; - public String getRole() { + public String role() { return role; } - public void setRole(String role) { + public Role role(String role) { this.role = role; + return this; } - public List getPermissions() { + public List permissions() { return permissions; } - public void setPermissions(List permissions) { + public Role permissions(List permissions) { this.permissions = permissions; + return this; } @Override From e8f215bacbccf7a69fb7aba6e5e060be9530f2b2 Mon Sep 17 00:00:00 2001 From: Artem Vysochyn Date: Sat, 28 Sep 2024 18:56:35 +0300 Subject: [PATCH 8/8] Bump testcontainers -> 1.20.1 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 967aeff..a8b40f8 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,7 @@ 4.6.1 5.8.2 1.3 - 1.17.4 + 1.20.1 https://maven.pkg.github.com/scalecube/scalecube-security