Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update properties description according to current doc #43447

Merged
merged 15 commits into from
Dec 27, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -78,7 +78,7 @@ public class AadAuthenticationProperties implements InitializingBean {
private String redirectUriTemplate = "{baseUrl}/login/oauth2/code/";

/**
* App ID URI which might be used in the "aud" claim of an id_token. For instance, 'api://{applicationId}'.
* App ID URI that might be used in the "aud" claim of an 'id_token'. For instance, 'api://{applicationId}'.
* See Microsoft doc about APP ID URL for more details: https://learn.microsoft.com/azure/active-directory/develop/security-best-practices-for-app-registration#application-id-uri
*/
private String appIdUri;
@@ -90,33 +90,33 @@ public class AadAuthenticationProperties implements InitializingBean {
private final Map<String, Object> authenticateAdditionalParameters = new HashMap<>();

/**
* Connection Timeout(duration) for the JWKSet Remote URL call. The default value is `500s`.
* @deprecated If you want to configure this, please provide a RestOperations bean.
* Connection Timeout (duration) for the JWKSet Remote URL call. The default value is `500s`.
* @deprecated If you want to configure this, please provide a 'RestOperations' bean.
*/
@Deprecated
private Duration jwtConnectTimeout = Duration.ofMillis(RemoteJWKSet.DEFAULT_HTTP_CONNECT_TIMEOUT);

/**
* Read Timeout(duration) for the JWKSet Remote URL call. The default value is `500s`.
* @deprecated If you want to configure this, please provide a RestOperations bean.
* Read Timeout (duration) for the JWKSet Remote URL call. The default value is `500s`.
* @deprecated If you want to configure this, please provide a 'RestOperations' bean.
*/
@Deprecated
private Duration jwtReadTimeout = Duration.ofMillis(RemoteJWKSet.DEFAULT_HTTP_READ_TIMEOUT);

/**
* Size limit in Bytes of the JWKSet Remote URL call. The default value is `51200`.
* @deprecated If you want to configure this, please provide a RestOperations bean.
* @deprecated If you want to configure this, please provide a 'RestOperations' bean.
*/
@Deprecated
private int jwtSizeLimit = RemoteJWKSet.DEFAULT_HTTP_SIZE_LIMIT; /* bytes */

/**
* The lifespan(duration) of the cached JWK set before it expires. The default value is `5m`.
* The lifespan (duration) of the cached JWK set before it expires.
*/
private Duration jwkSetCacheLifespan = Duration.ofMinutes(5);

/**
* The refresh time(duration) of the cached JWK set before it expires. The default value is `5m`.
* The refresh time (duration) of the cached JWK set before it expires.
*/
private Duration jwkSetCacheRefreshTime = Duration.ofMinutes(5);

@@ -127,25 +127,24 @@ public class AadAuthenticationProperties implements InitializingBean {
private String postLogoutRedirectUri;

/**
* If true activates the stateless auth filter AADAppRoleStatelessAuthenticationFilter. The default is false which
* activates AADAuthenticationFilter.
* If true activates the stateless auth filter 'AADAppRoleStatelessAuthenticationFilter'. The default is false, which
* activates 'AADAuthenticationFilter'.
*/
private Boolean sessionStateless = false;

/**
* The OAuth2 authorization clients, contains the authorization grant type, client authentication method and scope.
* The clients will be converted to OAuth2 ClientRegistration, the other ClientRegistration information(such as client id, client secret) inherits from the delegated OAuth2 login client 'azure'.
* For instance,'
* authorization-clients.webapi.authorization-grant-type=on_behalf_of,
* authorization-clients.webapi.client-authentication-method=client_secret_post,
* authorization-clients.webapi.scopes[0]={WEB_API_APP_ID_URL}/WebApi.ExampleScope1,
* authorization-clients.webapi.scopes[0]={WEB_API_APP_ID_URL}/WebApi.ExampleScope2
* '.
* The clients will be converted to OAuth2 'ClientRegistration', the other 'ClientRegistration' information(such as client id, client secret) inherits from the delegated OAuth2 login client 'azure'.
* For instance,
* 'authorization-clients.webapi.authorization-grant-type=on_behalf_of',
* 'authorization-clients.webapi.client-authentication-method=client_secret_post',
* 'authorization-clients.webapi.scopes[0]={WEB_API_APP_ID_URL}/WebApi.ExampleScope1',
* 'authorization-clients.webapi.scopes[0]={WEB_API_APP_ID_URL}/WebApi.ExampleScope2'.
*/
private final Map<String, AuthorizationClientProperties> authorizationClients = new HashMap<>();

/**
* Type of the Azure AD application. Supported types are: WEB_APPLICATION, RESOURCE_SERVER, RESOURCE_SERVER_WITH_OBO, WEB_APPLICATION_AND_RESOURCE_SERVER. The value can be inferred by dependencies, only 'web_application_and_resource_server' must be configured manually.
* The type of the Microsoft Entra application. Supported types are: 'WEB_APPLICATION', 'RESOURCE_SERVER', 'RESOURCE_SERVER_WITH_OBO', 'WEB_APPLICATION_AND_RESOURCE_SERVER'. The value can be inferred by dependencies, only 'web_application_and_resource_server' must be configured manually.
*/
private AadApplicationType applicationType;

@@ -187,17 +186,17 @@ public void setApplicationType(AadApplicationType applicationType) {
public static class UserGroupProperties {

/**
* The group names can be used to construct GrantedAuthority.
* The group names can be used to construct 'GrantedAuthority'.
*/
private List<String> allowedGroupNames = new ArrayList<>();

/**
* The group IDs can be used to construct GrantedAuthority.
* The group IDs can be used to construct 'GrantedAuthority'.
*/
private Set<String> allowedGroupIds = new HashSet<>();

/**
* Whether to use transitive way to get members. If "true", use "v1.0/me/transitiveMemberOf" to get members. Otherwise, use "v1.0/me/memberOf". The default value is `false`.
* Whether to use transitive way to get members. If "true", use "v1.0/me/transitiveMemberOf" to get members. Otherwise, use "v1.0/me/memberOf".
*/
private boolean useTransitiveMembers = false;

Original file line number Diff line number Diff line change
@@ -10,11 +10,11 @@
public class AadProfileEnvironmentProperties {

/**
* Azure Active Directory endpoint. For example: https://login.microsoftonline.com/
* Microsoft Entra endpoint. For example: 'https://login.microsoftonline.com/'
*/
private String activeDirectoryEndpoint;
/**
* Microsoft Graph endpoint. For example: https://graph.microsoft.com/
* Microsoft Graph endpoint. For example: 'https://graph.microsoft.com/'
*/
private String microsoftGraphEndpoint;

Original file line number Diff line number Diff line change
@@ -11,15 +11,15 @@

public class AadProfileProperties {
/**
* Azure Tenant ID.
* Azure Tenant ID. The values allowed for 'tenant-id' are: 'common', 'organizations', 'consumers', or the tenant ID.
*/
private String tenantId; // tenantId can not set to "common" here, otherwise we can not know whether it's set by customer or it is the default value.
/**
* Name of the Azure cloud to connect to. Supported types are: AZURE, AZURE_CHINA, AZURE_US_GOVERNMENT, OTHER. The default value is `AZURE`.
* Name of the Azure cloud to connect to. Supported types are: 'AZURE', 'AZURE_CHINA', 'AZURE_US_GOVERNMENT', 'OTHER'. The default value is 'AZURE'.
*/
private AzureProfileOptionsProvider.CloudType cloudType;
/**
* Properties to Azure Active Directory endpoints.
* Properties to Microsoft Entra endpoints.
*/
@NestedConfigurationProperty
private final AadProfileEnvironmentProperties environment = new AadProfileEnvironmentProperties();
Original file line number Diff line number Diff line change
@@ -33,12 +33,12 @@ public class AadResourceServerProperties implements InitializingBean {

/**
*
* Configure which claim in access token be returned in AuthenticatedPrincipal#getName. Example: If use the default value, and the access_token's "sub" scope value is "testValue", then AuthenticatedPrincipal#getName will return "testValue". The default value is `"sub"`.
* Configure which claim in access token be returned in 'AuthenticatedPrincipal#getName'. Example: If use the default value, and the access_token's "sub" scope value is "testValue", then 'AuthenticatedPrincipal#getName' will return "testValue". The default value is "sub".
*/
private String principalClaimName;

/**
* Configure which claim will be used to build GrantedAuthority, and prefix of the GrantedAuthority's string value. Example: If use the default value, and the access_token's "scp" scope value is "testValue", then GrantedAuthority with "SCOPE_testValue" will be created. The default value is `"scp" -> "SCOPE_", "roles" -> "APPROLE_"`.
* Configure which claim will be used to build 'GrantedAuthority', and prefix of the GrantedAuthority's string value. Example: If use the default value, and the access_token's "scp" scope value is "testValue", then 'GrantedAuthority' with 'SCOPE_testValue' will be created. The default value is `"scp" -> "SCOPE_", "roles" -> "APPROLE_"`.
*/
private Map<String, String> claimToAuthorityPrefixMap;

Original file line number Diff line number Diff line change
@@ -8,7 +8,7 @@
*/
public class AadB2cProfileProperties {
/**
* Azure Tenant ID.
* Azure Tenant ID. The values allowed for 'tenant-id' are: 'common', 'organizations', 'consumers', or the tenant ID.
*/
private String tenantId; // tenantId can not set to "common" here, otherwise we can not know whether it's set by customer or it is the default value.

Original file line number Diff line number Diff line change
@@ -54,7 +54,7 @@ public class AadB2cProperties implements InitializingBean {
private final AadB2cCredentialProperties credential = new AadB2cCredentialProperties();

/**
* App ID URI which might be used in the "aud" claim of a token. For instance, 'https://{hostname}/{applicationId}'.
* App ID URI that might be used in the "aud" claim of a token. For instance, 'https://{hostname}/{applicationId}'.
* See Microsoft doc about APP ID URL for more details: https://learn.microsoft.com/azure/active-directory/develop/security-best-practices-for-app-registration#application-id-uri
*/
private String appIdUri;
@@ -81,7 +81,7 @@ public class AadB2cProperties implements InitializingBean {
private int jwtSizeLimit = RemoteJWKSet.DEFAULT_HTTP_SIZE_LIMIT; /* bytes */

/**
* Redirect url after logout.
* Redirect URL after logout.
*/
private String logoutSuccessUrl = DEFAULT_LOGOUT_SUCCESS_URL;

@@ -97,7 +97,7 @@ public class AadB2cProperties implements InitializingBean {
private String userNameAttributeName;

/**
* Reply url after get authorization code.
* Reply URL after get authorization code.
*/
private String replyUrl = "{baseUrl}/login/oauth2/code/";

Original file line number Diff line number Diff line change
@@ -30,23 +30,23 @@ public class AzureCosmosProperties extends AbstractAzureServiceConfigurationProp
private final ClientConfigurationProperties client = new ClientConfigurationProperties();

/**
* Endpoint of the Cosmos DB.
* Endpoint of the Azure Cosmos DB instance.
*/
private String endpoint;
/**
* Key to authenticate for accessing the Cosmos DB.
* Key to authenticate for accessing the Azure Cosmos DB instance.
*/
private String key;
/**
* Database name of the Cosmos DB.
* Database name of the Azure Cosmos DB instance.
*/
private String database;
/**
* Resource token to authenticate for accessing the Cosmos DB.
* Resource token to authenticate for accessing the Azure Cosmos DB instance.
*/
private String resourceToken;
/**
* Whether to enable client telemetry which will periodically collect database operations aggregation statistics,
* Whether to enable client telemetry, which will periodically collect database operations aggregation statistics,
* system information like cpu/memory and send it to cosmos monitoring service, which will be helpful during
* debugging.
*/
@@ -56,11 +56,11 @@ public class AzureCosmosProperties extends AbstractAzureServiceConfigurationProp
*/
private Boolean endpointDiscoveryEnabled;
/**
* Whether to enable connections sharing across multiple Cosmos Clients.
* Whether to enable connections sharing across multiple Azure Cosmos DB Clients.
*/
private Boolean connectionSharingAcrossClientsEnabled;
/**
* Whether to only return the headers and status code in Cosmos DB response in case of Create, Update and Delete
* Whether to only return the headers and status code in Azure Cosmos DB response in case of Create, Update and Delete
* operations on CosmosItem. If set to false, service doesn't return payload in the response.
*/
private Boolean contentResponseOnWriteEnabled;
Original file line number Diff line number Diff line change
@@ -30,7 +30,7 @@ public abstract class AzureEventHubsCommonProperties extends AbstractAzureAmqpCo
/**
* A custom endpoint address when connecting to the Event Hubs service. This can be useful when your network does
* not allow connecting to the standard Azure Event Hubs endpoint address, but does allow connecting through an
* intermediary. For example: https://my.custom.endpoint.com:55300.
* intermediary. For example: 'https://my.custom.endpoint.com:55300'.
*/
private String customEndpointAddress;

Original file line number Diff line number Diff line change
@@ -50,7 +50,7 @@ public class AzureServiceBusJmsProperties implements InitializingBean, Passwordl
* Whether to enable supporting azure identity token credentials.
*
* If the value is true, then 'spring.jms.servicebus.namespace' must be set.
* If the passwordlessEnabled is true, it will try to authenticate connections with Azure AD.
* If the passwordlessEnabled is true, it will try to authenticate connections with Microsoft Entra ID.
*/
private boolean passwordlessEnabled = false;

Original file line number Diff line number Diff line change
@@ -13,15 +13,15 @@
public class AzureProfileConfigurationProperties extends AzureProfileOptionsAdapter {

/**
* Tenant ID for Azure resources.
* Tenant ID for Azure resources. The values allowed for 'tenant-id' are: 'common', 'organizations', 'consumers', or the tenant ID.
*/
private String tenantId;
/**
* Subscription ID to use when connecting to Azure resources.
*/
private String subscriptionId;
/**
* Name of the Azure cloud to connect to. Supported types are: AZURE, AZURE_CHINA, AZURE_US_GOVERNMENT, OTHER. The default value is `AZURE`.
* Name of the Azure cloud to connect to. Supported types are: 'AZURE', 'AZURE_CHINA', 'AZURE_US_GOVERNMENT', 'OTHER'. The default value is 'AZURE'.
*/
private AzureProfileOptionsProvider.CloudType cloudType;

@@ -92,11 +92,11 @@ public static final class AzureEnvironmentConfigurationProperties implements Azu
*/
private String galleryEndpoint;
/**
* The Azure Active Directory endpoint to connect to.
* The Microsoft Entra endpoint to connect to.
*/
private String activeDirectoryEndpoint;
/**
* The Azure Active Directory resource ID.
* The Microsoft Entra resource ID.
*/
private String activeDirectoryResourceId;
/**
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@
public class ProxyConfigurationProperties implements ProxyOptionsProvider.ProxyOptions {

/**
* Type of the proxy. For instance of http, 'http', 'socks4', 'socks5'. For instance of amqp, 'http', 'socks'.
* The type of the proxy. For instance of http, 'http', 'socks4', 'socks5'. For instance of amqp, 'http', 'socks'.
*/
private String type;
/**
Original file line number Diff line number Diff line change
@@ -14,7 +14,7 @@
public class StorageRetryConfigurationProperties extends RetryConfigurationProperties implements StorageRetry {

/**
* Secondary Storage account to retry requests against. if the primary region becomes unavailable. For instance, 'https://{storage-account-name}-secondary.file.storage.azure.net'.
* Secondary Storage account to retry requests against if the primary region becomes unavailable. For instance, 'https://{storage-account-name}-secondary.file.storage.azure.net'.
*/
private String secondaryHost;
/**
Original file line number Diff line number Diff line change
@@ -423,7 +423,7 @@
{
"name": "spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id",
"type": "java.lang.String",
"description": "Tenant ID for Azure resources.",
"description": "Tenant ID for Azure resources. The values allowed for 'tenant-id' are: 'common', 'organizations', 'consumers', or the tenant ID.",
"sourceType": "com.azure.spring.cloud.autoconfigure.implementation.properties.core.profile.AzureProfileConfigurationProperties"
},
{
@@ -453,7 +453,7 @@
{
"name": "spring.cloud.azure.keyvault.secret.property-sources[0].proxy.type",
"type": "java.lang.String",
"description": "Type of the proxy. For instance of http, 'http', 'socks4', 'socks5'. For instance of amqp, 'http', 'socks'.",
"description": "The type of the proxy. For instance of http, 'http', 'socks4', 'socks5'. For instance of amqp, 'http', 'socks'.",
"sourceType": "com.azure.spring.cloud.autoconfigure.implementation.properties.core.proxy.ProxyConfigurationProperties"
},
{
@@ -587,7 +587,7 @@
{
"name": "spring.datasource.azure.profile.tenant-id",
"type": "java.lang.String",
"description": "Tenant ID for Azure resources.",
"description": "Tenant ID for Azure resources. The values allowed for 'tenant-id' are: 'common', 'organizations', 'consumers', or the tenant ID.",
"sourceType": "com.azure.spring.cloud.autoconfigure.implementation.passwordless.properties.AzureJdbcPasswordlessProperties"
},
{
Original file line number Diff line number Diff line change
@@ -61,11 +61,11 @@ public class AzureEnvironmentProperties implements AzureProfileOptionsProvider.A
*/
private String galleryEndpoint;
/**
* The Azure Active Directory endpoint to connect to.
* The Microsoft Entra endpoint to connect to.
*/
private String activeDirectoryEndpoint;
/**
* The Azure Active Directory resource id.
* The Microsoft Entra resource id.
*/
private String activeDirectoryResourceId;
/**
Loading