Fix symmetric encryption

[ojhughes]

Setting property encrypt.key to enable symmetric encryption does not work since Dalston SR2. This can be verified using the endpoint /encrypt/status Fixed by creating a default TextEncryptorLocator when the 'encrypt.key is set

[dsyer]

The class name SymmetricKeyEncryptor implies it is something to do with symmetric keys, but the @Autowired will succeed for any TextEncryptor. I'm kind of worried that this is duplicating a code path in spring-cloud-commons somewhere.

[codecov-io]

Codecov Report

Merging #760 into 1.3.x will increase coverage by 0.09%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##            1.3.x     #760      +/-   ##
==========================================
+ Coverage   75.59%   75.68%   +0.09%     
==========================================
  Files          81       82       +1     
  Lines        2651     2653       +2     
  Branches      379      379              
==========================================
+ Hits         2004     2008       +4     
+ Misses        486      484       -2     
  Partials      161      161

Impacted Files	Coverage Δ
...fig/SymmetricKeyEncryptorLocatorConfiguration.java	100% <100%> (ø)
...fig/server/config/EncryptionAutoConfiguration.java	90.47% <0%> (ø)	⬆️
...config/server/encryption/EncryptionController.java	63.95% <0%> (+2.32%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ebbe75d...af278a4. Read the comment docs.

[dsyer]

I see why this is needed now. But for consistency can we put the new config class in EncryptionAutoConfiguration with all the others (assuming that it's still possible to meet the conditional constraints)?

[ojhughes]

@dsyer I originally had it inEncryptionAutoConfiguration but there was a circular reference with https://github.com/spring-cloud/spring-cloud-config/blob/master/spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/config/EncryptionAutoConfiguration.java#L81. Moving it to a class not loaded in the bootstrap context resolved it.

Using a Qualifier could be an option but felt that might preclude how other clients might be providing a TextEncryptorLocator

[dsyer]

Yeah, we'd need to add another condition to prevent the cycle. We need it anyway because if the user provides both encrypt.key and encrypt.key-store.location then we'll end up with 2 TextEncryptorLocators won't we?

[ojhughes]

should having both encrypt.key and encrypt.keystore be disallowed as there would be no way to choose which encryption method to use?

[dsyer]

Yes, I guess it would make sense to fail in a helpful way (rather than just a no-unique bean exception). That's a nice to have.

[dsyer]

I took your test and organized the config files a bit differently in fe42a1d. Thanks. Might be worth testing with your concrete use cases.