diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bfb8e7..e71a4cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ ## 0.7.0 [work in progress] -* [feature] Retrieval of health status via `getHealth()` +* [feature] Retrieval of health status via `getHealth()` (#15) +* [improvement] `seal()`, `unseal()` are now `void` and throw Exception on error (#12) ## 0.6.2 [2017-08-19] * [fix] Prevent potential NPE on SecretResponse getter diff --git a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java index 259be9b..ec1400c 100644 --- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java +++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java @@ -211,32 +211,25 @@ public class HTTPVaultConnector implements VaultConnector { } @Override - public final SealResponse sealStatus() { + public final SealResponse sealStatus() throws VaultConnectorException { try { String response = requestGet(PATH_SEAL_STATUS, new HashMap<>()); return jsonMapper.readValue(response, SealResponse.class); - } catch (VaultConnectorException | IOException e) { - e.printStackTrace(); - return null; + } catch (IOException e) { + throw new InvalidRequestException("Unable to parse response", e); } catch (URISyntaxException ignored) { /* this should never occur and may leak sensible information */ - return null; + throw new InvalidRequestException("Invalid URI format"); } } @Override - public final boolean seal() { - try { - requestPut(PATH_SEAL, new HashMap<>()); - return true; - } catch (VaultConnectorException e) { - e.printStackTrace(); - return false; - } + public final void seal() throws VaultConnectorException { + requestPut(PATH_SEAL, new HashMap<>()); } @Override - public final SealResponse unseal(final String key, final Boolean reset) { + public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException { Map param = new HashMap<>(); param.put("key", key); if (reset != null) @@ -244,9 +237,8 @@ public class HTTPVaultConnector implements VaultConnector { try { String response = requestPut(PATH_UNSEAL, param); return jsonMapper.readValue(response, SealResponse.class); - } catch (VaultConnectorException | IOException e) { - e.printStackTrace(); - return null; + } catch (IOException e) { + throw new InvalidResponseException("Unable to parse response", e); } } diff --git a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java index 1a71cea..b2351da 100644 --- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java +++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java @@ -42,32 +42,35 @@ public interface VaultConnector extends AutoCloseable { * Retrieve status of vault seal. * * @return Seal status + * @throws VaultConnectorException on error */ - SealResponse sealStatus(); + SealResponse sealStatus() throws VaultConnectorException; /** * Seal vault. * - * @return TRUE on success + * @throws VaultConnectorException on error */ - boolean seal(); + void seal() throws VaultConnectorException; /** * Unseal vault. * * @param key A single master share key * @param reset Discard previously provided keys (optional) - * @return TRUE on success + * @return Response with seal status + * @throws VaultConnectorException on error */ - SealResponse unseal(final String key, final Boolean reset); + SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException; /** * Unseal vault. * * @param key A single master share key - * @return TRUE on success + * @return Response with seal status + * @throws VaultConnectorException on error */ - default SealResponse unseal(final String key) { + default SealResponse unseal(final String key) throws VaultConnectorException { return unseal(key, null); } diff --git a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java index 8ed531d..35a145a 100644 --- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java +++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java @@ -118,22 +118,30 @@ public class HTTPVaultConnectorTest { * Test sealing and unsealing Vault. */ @Test - public void sealTest() { + public void sealTest() throws VaultConnectorException { SealResponse sealStatus = connector.sealStatus(); assumeFalse(sealStatus.isSealed()); /* Unauthorized sealing should fail */ - assertThat("Unauthorized sealing succeeded", connector.seal(), is(false)); - assertThat("Vault sealed, although sealing failed", sealStatus.isSealed(), is(false)); + try { + connector.seal(); + fail("Unauthorized sealing succeeded"); + } catch (VaultConnectorException e) { + assertThat("Vault sealed, although sealing failed", sealStatus.isSealed(), is(false)); + } /* Root user should be able to seal */ authRoot(); assumeTrue(connector.isAuthorized()); - assertThat("Sealing failed", connector.seal(), is(true)); - sealStatus = connector.sealStatus(); - assertThat("Vault not sealed", sealStatus.isSealed(), is(true)); - sealStatus = connector.unseal(KEY); - assertThat("Vault not unsealed", sealStatus.isSealed(), is(false)); + try { + connector.seal(); + sealStatus = connector.sealStatus(); + assertThat("Vault not sealed", sealStatus.isSealed(), is(true)); + sealStatus = connector.unseal(KEY); + assertThat("Vault not unsealed", sealStatus.isSealed(), is(false)); + } catch (VaultConnectorException e) { + fail("Sealing failed"); + } } /** @@ -155,9 +163,13 @@ public class HTTPVaultConnectorTest { // No seal vault and verify correct status. authRoot(); - connector.seal(); - assumeTrue(connector.sealStatus().isSealed()); - connector.resetAuth(); // SHould work unauthenticated + try { + connector.seal(); + assumeTrue(connector.sealStatus().isSealed()); + connector.resetAuth(); // SHould work unauthenticated + } catch (VaultConnectorException e) { + fail("Unexpected exception on sealing: " + e.getMessage()); + } try { res = connector.getHealth(); } catch (VaultConnectorException e) {