Spring Cloud Configuration Server - Spring Cloud Default
The Spring Cloud Configuration Server is able to handle git
or svn
based repositories that host CAS configuration.
Such repositories can either be local to the deployment, or they could be on the cloud in form of GitHub/BitBucket. Access to
cloud-based repositories can either be in form of a username/password, or via SSH so as long the appropriate keys are configured in the
CAS deployment environment which is really no different than how one would normally access a git repository via SSH.
The following settings and properties are available from the CAS configuration catalog:
spring.cloud.config.server.git.basedir=
Base directory for local working copy of repository.
|
spring.cloud.config.server.git.clone-on-start=false
Flag to indicate that the repository should be cloned on startup (not on demand). Generally leads to slower startup but faster first query.
|
spring.cloud.config.server.git.clone-submodules=false
Flag to indicate that the submodules in the repository should be cloned.
|
spring.cloud.config.server.git.default-label=
The default label to be used with the remote repository.
|
spring.cloud.config.server.git.delete-untracked-branches=false
Flag to indicate that the branch should be deleted locally if it's origin tracked branch was removed.
|
spring.cloud.config.server.git.force-pull=false
Flag to indicate that the repository should force pull. If true discard any local changes and take from remote repository.
|
spring.cloud.config.server.git.host-key=
Valid SSH host key. Must be set if hostKeyAlgorithm is also set.
|
spring.cloud.config.server.git.host-key-algorithm=
One of ssh-dss, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521. Must be set if hostKey is also set.
|
spring.cloud.config.server.git.ignore-local-ssh-settings=false
If true, use property-based instead of file-based SSH config.
|
spring.cloud.config.server.git.known-hosts-file=
Location of custom .known_hosts file.
|
spring.cloud.config.server.git.order=
The order of the environment repository.
|
spring.cloud.config.server.git.passphrase=
Passphrase for unlocking your ssh private key.
|
spring.cloud.config.server.git.password=
Password for authentication with remote repository.
|
spring.cloud.config.server.git.preferred-authentications=
Override server authentication method order. This should allow for evading login prompts if server has keyboard-interactive authentication before the publickey method.
|
spring.cloud.config.server.git.private-key=
Valid SSH private key. Must be set if ignoreLocalSshSettings is true and Git URI is SSH format.
|
spring.cloud.config.server.git.proxy=
HTTP proxy configuration.
|
spring.cloud.config.server.git.refresh-rate=0
Time (in seconds) between refresh of the git repository.
|
spring.cloud.config.server.git.repos=
Map of repository identifier to location and other properties.
|
spring.cloud.config.server.git.search-paths=
Search paths to use within local working copy. By default searches only the root.
|
spring.cloud.config.server.git.skip-ssl-validation=false
Flag to indicate that SSL certificate validation should be bypassed when communicating with a repository served over an HTTPS connection.
|
spring.cloud.config.server.git.strict-host-key-checking=true
If false, ignore errors with host key.
|
spring.cloud.config.server.git.timeout=5
Timeout (in seconds) for obtaining HTTP or SSH connection (if applicable), defaults to 5 seconds.
|
spring.cloud.config.server.git.try-master-branch=true
To maintain compatibility we will try the master branch in addition to main when we try to fetch the default branch.
|
spring.cloud.config.server.git.uri=
URI of remote repository.
|
spring.cloud.config.server.git.username=
Username for authentication with remote repository.
|
spring.cloud.config.server.svn.basedir=
Base directory for local working copy of repository.
|
spring.cloud.config.server.svn.default-label=
The default label to be used with the remote repository.
|
spring.cloud.config.server.svn.order=
The order of the environment repository.
|
spring.cloud.config.server.svn.passphrase=
Passphrase for unlocking your ssh private key.
|
spring.cloud.config.server.svn.password=
Password for authentication with remote repository.
|
spring.cloud.config.server.svn.search-paths=
Search paths to use within local working copy. By default searches only the root.
|
spring.cloud.config.server.svn.strict-host-key-checking=true
Reject incoming SSH host keys from remote servers not in the known host list.
|
spring.cloud.config.server.svn.uri=
URI of remote repository.
|
spring.cloud.config.server.svn.username=
Username for authentication with remote repository.
|
Configuration Metadata
The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.
Be Selective
This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.
YAGNI
Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.
Naming Convention
Property names can be specified in very relaxed terms. For instance cas.someProperty
, cas.some-property
, cas.some_property
are all valid names. While all
forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where
this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those
that might be presented to the system via an external library or framework such as Spring Boot, etc.
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
Settings and properties that are controlled by the CAS platform directly always begin with the prefix cas
. All other settings are controlled and provided
to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with
the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition
or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the
way you intend.
Validation
Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be
recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system
property SKIP_CONFIG_VALIDATION
that should be set to true
. Additional validation processes are also handled
via Configuration Metadata and property migrations applied automatically on
startup by Spring Boot and family.
Indexed Settings
CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value
. The index [0]
is meant to be
incremented by the adopter to allow for distinct multiple configuration blocks.
The configuration modules provide here may also be used verbatim inside a CAS server overlay and do not exclusively belong to a Spring Cloud Configuration server. While this module is primarily useful when inside the Spring Cloud Configuration server, it nonetheless may also be used inside a CAS server overlay directly to fetch settings from a source.
Needless to say, the repositories could use both YAML and properties syntax to host configuration files.
The default profile is activated using spring.profiles.active=default
.
Again, in all of the above strategies, an adopter is encouraged to only keep and maintain properties needed for their particular deployment. It is UNNECESSARY to grab a copy of all CAS settings and move them to an external location. Settings that are defined by the external configuration location or repository are able to override what is provided by CAS as a default.
Load settings from external properties/yaml configuration files.
The following settings and properties are available from the CAS configuration catalog:
spring.cloud.config.server.default-application-name=application
Default application name when incoming requests do not have a specific one.
|
spring.cloud.config.server.default-label=
Default repository label when incoming requests do not have a specific label.
|
spring.cloud.config.server.default-profile=default
Default application profile when incoming requests do not have a specific one.
|
spring.profiles.active=
Comma-separated list of active profiles. Can be overridden by a command line switch.
|
Configuration Metadata
The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.
Be Selective
This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.
YAGNI
Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.
Naming Convention
Property names can be specified in very relaxed terms. For instance cas.someProperty
, cas.some-property
, cas.some_property
are all valid names. While all
forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where
this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those
that might be presented to the system via an external library or framework such as Spring Boot, etc.
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
Settings and properties that are controlled by the CAS platform directly always begin with the prefix cas
. All other settings are controlled and provided
to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with
the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition
or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the
way you intend.
Validation
Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be
recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system
property SKIP_CONFIG_VALIDATION
that should be set to true
. Additional validation processes are also handled
via Configuration Metadata and property migrations applied automatically on
startup by Spring Boot and family.
Indexed Settings
CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value
. The index [0]
is meant to be
incremented by the adopter to allow for distinct multiple configuration blocks.
Git Repository
Allow the CAS Spring Cloud configuration server to load settings from an internal/external Git repository. This then allows CAS to become a client of the configuration server, consuming settings over HTTP where needed.
The following settings and properties are available from the CAS configuration catalog:
spring.cloud.config.server.git.basedir=
Base directory for local working copy of repository.
|
spring.cloud.config.server.git.clone-on-start=false
Flag to indicate that the repository should be cloned on startup (not on demand). Generally leads to slower startup but faster first query.
|
spring.cloud.config.server.git.clone-submodules=false
Flag to indicate that the submodules in the repository should be cloned.
|
spring.cloud.config.server.git.default-label=
The default label to be used with the remote repository.
|
spring.cloud.config.server.git.delete-untracked-branches=false
Flag to indicate that the branch should be deleted locally if it's origin tracked branch was removed.
|
spring.cloud.config.server.git.force-pull=false
Flag to indicate that the repository should force pull. If true discard any local changes and take from remote repository.
|
spring.cloud.config.server.git.host-key=
Valid SSH host key. Must be set if hostKeyAlgorithm is also set.
|
spring.cloud.config.server.git.host-key-algorithm=
One of ssh-dss, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521. Must be set if hostKey is also set.
|
spring.cloud.config.server.git.ignore-local-ssh-settings=false
If true, use property-based instead of file-based SSH config.
|
spring.cloud.config.server.git.known-hosts-file=
Location of custom .known_hosts file.
|
spring.cloud.config.server.git.order=
The order of the environment repository.
|
spring.cloud.config.server.git.passphrase=
Passphrase for unlocking your ssh private key.
|
spring.cloud.config.server.git.password=
Password for authentication with remote repository.
|
spring.cloud.config.server.git.preferred-authentications=
Override server authentication method order. This should allow for evading login prompts if server has keyboard-interactive authentication before the publickey method.
|
spring.cloud.config.server.git.private-key=
Valid SSH private key. Must be set if ignoreLocalSshSettings is true and Git URI is SSH format.
|
spring.cloud.config.server.git.proxy=
HTTP proxy configuration.
|
spring.cloud.config.server.git.refresh-rate=0
Time (in seconds) between refresh of the git repository.
|
spring.cloud.config.server.git.repos=
Map of repository identifier to location and other properties.
|
spring.cloud.config.server.git.search-paths=
Search paths to use within local working copy. By default searches only the root.
|
spring.cloud.config.server.git.skip-ssl-validation=false
Flag to indicate that SSL certificate validation should be bypassed when communicating with a repository served over an HTTPS connection.
|
spring.cloud.config.server.git.strict-host-key-checking=true
If false, ignore errors with host key.
|
spring.cloud.config.server.git.timeout=5
Timeout (in seconds) for obtaining HTTP or SSH connection (if applicable), defaults to 5 seconds.
|
spring.cloud.config.server.git.try-master-branch=true
To maintain compatibility we will try the master branch in addition to main when we try to fetch the default branch.
|
spring.cloud.config.server.git.uri=
URI of remote repository.
|
spring.cloud.config.server.git.username=
Username for authentication with remote repository.
|
spring.profiles.active=
Comma-separated list of active profiles. Can be overridden by a command line switch.
|
Configuration Metadata
The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.
Be Selective
This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.
YAGNI
Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.
Naming Convention
Property names can be specified in very relaxed terms. For instance cas.someProperty
, cas.some-property
, cas.some_property
are all valid names. While all
forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where
this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those
that might be presented to the system via an external library or framework such as Spring Boot, etc.
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
Settings and properties that are controlled by the CAS platform directly always begin with the prefix cas
. All other settings are controlled and provided
to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with
the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition
or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the
way you intend.
Validation
Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be
recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system
property SKIP_CONFIG_VALIDATION
that should be set to true
. Additional validation processes are also handled
via Configuration Metadata and property migrations applied automatically on
startup by Spring Boot and family.
Indexed Settings
CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value
. The index [0]
is meant to be
incremented by the adopter to allow for distinct multiple configuration blocks.
The above configuration also applies to online git-based repositories such as Github, BitBucket, etc.