From 2f312d3937645d2a20bf0d0330c944e72d49aa89 Mon Sep 17 00:00:00 2001 From: Stefan Kalscheuer Date: Sun, 8 Jan 2017 12:45:07 +0100 Subject: [PATCH] Read/write/list arbitrary keys --- pom.xml | 2 +- .../jvault/connector/HTTPVaultConnector.java | 17 +++-- .../jvault/connector/VaultConnector.java | 67 +++++++++++++++++-- 3 files changed, 71 insertions(+), 15 deletions(-) diff --git a/pom.xml b/pom.xml index e341724..566420c 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ de.stklcode.jvault connector - 0.4.1 + 0.5.0-SNAPSHOT jar diff --git a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java index ee1558f..4a205fd 100644 --- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java +++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java @@ -58,7 +58,6 @@ public class HTTPVaultConnector implements VaultConnector { private static final String PATH_AUTH_USERPASS = "auth/userpass/login/"; private static final String PATH_AUTH_APPID = "auth/app-id/"; private static final String PATH_AUTH_APPROLE = "auth/approle/"; - private static final String PATH_SECRET = "secret"; private static final String PATH_REVOKE = "sys/revoke/"; private final ObjectMapper jsonMapper; @@ -463,12 +462,12 @@ public class HTTPVaultConnector implements VaultConnector { } @Override - public SecretResponse readSecret(final String key) throws VaultConnectorException { + public SecretResponse read(final String key) throws VaultConnectorException { if (!isAuthorized()) throw new AuthorizationRequiredException(); /* Request HTTP response and parse Secret */ try { - String response = requestGet(PATH_SECRET + "/" + key, new HashMap<>()); + String response = requestGet(key, new HashMap<>()); return jsonMapper.readValue(response, SecretResponse.class); } catch (IOException e) { throw new InvalidResponseException("Unable to parse response", e); @@ -479,12 +478,12 @@ public class HTTPVaultConnector implements VaultConnector { } @Override - public List listSecrets(final String path) throws VaultConnectorException { + public List list(final String path) throws VaultConnectorException { if (!isAuthorized()) throw new AuthorizationRequiredException(); try { - String response = requestGet(PATH_SECRET + "/" + path + "/?list=true", new HashMap<>()); + String response = requestGet(path + "/?list=true", new HashMap<>()); SecretListResponse secrets = jsonMapper.readValue(response, SecretListResponse.class); return secrets.getKeys(); } catch (IOException e) { @@ -496,7 +495,7 @@ public class HTTPVaultConnector implements VaultConnector { } @Override - public void writeSecret(final String key, final String value) throws VaultConnectorException { + public void write(final String key, final String value) throws VaultConnectorException { if (!isAuthorized()) throw new AuthorizationRequiredException(); @@ -505,17 +504,17 @@ public class HTTPVaultConnector implements VaultConnector { Map param = new HashMap<>(); param.put("value", value); - if (!requestPost(PATH_SECRET + "/" + key, param).equals("")) + if (!requestPost(key, param).equals("")) throw new InvalidResponseException("Received response where none was expected."); } @Override - public void deleteSecret(String key) throws VaultConnectorException { + public void delete(String key) throws VaultConnectorException { if (!isAuthorized()) throw new AuthorizationRequiredException(); /* Request HTTP response and expect empty result */ - String response = requestDelete(PATH_SECRET + "/" + key); + String response = requestDelete(key); /* Response should be code 204 without content */ if (!response.equals("")) diff --git a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java index ad01b81..554b43e 100644 --- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java +++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java @@ -17,6 +17,7 @@ package de.stklcode.jvault.connector; import de.stklcode.jvault.connector.exception.AuthorizationRequiredException; +import de.stklcode.jvault.connector.exception.InvalidRequestException; import de.stklcode.jvault.connector.exception.VaultConnectorException; import de.stklcode.jvault.connector.model.*; import de.stklcode.jvault.connector.model.response.*; @@ -32,6 +33,8 @@ import java.util.List; * @since 0.1 */ public interface VaultConnector { + String PATH_SECRET = "secret"; + /** * Reset authorization information. */ @@ -358,39 +361,93 @@ public interface VaultConnector { boolean isAuthorized(); /** - * Retrieve secret form Vault. + * Retrieve any nodes content from Vault. + * + * @param key Secret identifier + * @return Secret response + * @throws VaultConnectorException on error + * @since 0.5.0 + */ + SecretResponse read(final String key) throws VaultConnectorException; + + /** + * Retrieve secret from Vault. + * Prefix "secret/" is automatically added to key. * * @param key Secret identifier * @return Secret response * @throws VaultConnectorException on error */ - SecretResponse readSecret(final String key) throws VaultConnectorException; + default SecretResponse readSecret(final String key) throws VaultConnectorException { + return read(PATH_SECRET + "/" + key); + } + + /** + * List available nodes from Vault. + * + * @param path Root path to search + * @return List of secret keys + * @throws VaultConnectorException on error + * @since 0.5.0 + */ + List list(final String path) throws VaultConnectorException; /** * List available secrets from Vault. + * Prefix "secret/" is automatically added to path. * * @param path Root path to search * @return List of secret keys * @throws VaultConnectorException on error */ - List listSecrets(final String path) throws VaultConnectorException; + default List listSecrets(final String path) throws VaultConnectorException { + return list(PATH_SECRET + "/" + path); + } + + /** + * Write value to Vault. + * Prefix "secret/" is automatically added to path. + * + * @param key Secret path + * @param value Secret value + * @throws VaultConnectorException on error + * @since 0.5.0 + */ + void write(final String key, final String value) throws VaultConnectorException; /** * Write secret to Vault. + * Prefix "secret/" is automatically added to path. * * @param key Secret path * @param value Secret value * @throws VaultConnectorException on error */ - void writeSecret(final String key, final String value) throws VaultConnectorException; + default void writeSecret(final String key, final String value) throws VaultConnectorException { + if (key == null || key.isEmpty()) + throw new InvalidRequestException("Secret path must not be empty."); + write(PATH_SECRET + "/" + key, value); + } + + /** + * Delete key from Vault. + * + * @param key Secret path + * @throws VaultConnectorException on error + * @since 0.5.0 + */ + void delete(final String key) throws VaultConnectorException; /** * Delete secret from Vault. + * Prefix "secret/" is automatically added to path. * * @param key Secret path * @throws VaultConnectorException on error */ - void deleteSecret(final String key) throws VaultConnectorException; + default void deleteSecret(final String key) throws VaultConnectorException { + delete(PATH_SECRET + "/" + key); + } /** * Revoke given lease immediately.