Refactored (un)seal methods to throw Exception instead of catching it (#12)
This commit is contained in:
parent
df7de5dd73
commit
a1784245a3
@ -1,5 +1,6 @@
|
|||||||
## 0.7.0 [work in progress]
|
## 0.7.0 [work in progress]
|
||||||
* [feature] Retrieval of health status via `getHealth()`
|
* [feature] Retrieval of health status via `getHealth()` (#15)
|
||||||
|
* [improvement] `seal()`, `unseal()` are now `void` and throw Exception on error (#12)
|
||||||
|
|
||||||
## 0.6.2 [2017-08-19]
|
## 0.6.2 [2017-08-19]
|
||||||
* [fix] Prevent potential NPE on SecretResponse getter
|
* [fix] Prevent potential NPE on SecretResponse getter
|
||||||
|
|||||||
@ -211,32 +211,25 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final SealResponse sealStatus() {
|
public final SealResponse sealStatus() throws VaultConnectorException {
|
||||||
try {
|
try {
|
||||||
String response = requestGet(PATH_SEAL_STATUS, new HashMap<>());
|
String response = requestGet(PATH_SEAL_STATUS, new HashMap<>());
|
||||||
return jsonMapper.readValue(response, SealResponse.class);
|
return jsonMapper.readValue(response, SealResponse.class);
|
||||||
} catch (VaultConnectorException | IOException e) {
|
} catch (IOException e) {
|
||||||
e.printStackTrace();
|
throw new InvalidRequestException("Unable to parse response", e);
|
||||||
return null;
|
|
||||||
} catch (URISyntaxException ignored) {
|
} catch (URISyntaxException ignored) {
|
||||||
/* this should never occur and may leak sensible information */
|
/* this should never occur and may leak sensible information */
|
||||||
return null;
|
throw new InvalidRequestException("Invalid URI format");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final boolean seal() {
|
public final void seal() throws VaultConnectorException {
|
||||||
try {
|
requestPut(PATH_SEAL, new HashMap<>());
|
||||||
requestPut(PATH_SEAL, new HashMap<>());
|
|
||||||
return true;
|
|
||||||
} catch (VaultConnectorException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final SealResponse unseal(final String key, final Boolean reset) {
|
public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
|
||||||
Map<String, String> param = new HashMap<>();
|
Map<String, String> param = new HashMap<>();
|
||||||
param.put("key", key);
|
param.put("key", key);
|
||||||
if (reset != null)
|
if (reset != null)
|
||||||
@ -244,9 +237,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
try {
|
try {
|
||||||
String response = requestPut(PATH_UNSEAL, param);
|
String response = requestPut(PATH_UNSEAL, param);
|
||||||
return jsonMapper.readValue(response, SealResponse.class);
|
return jsonMapper.readValue(response, SealResponse.class);
|
||||||
} catch (VaultConnectorException | IOException e) {
|
} catch (IOException e) {
|
||||||
e.printStackTrace();
|
throw new InvalidResponseException("Unable to parse response", e);
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -42,32 +42,35 @@ public interface VaultConnector extends AutoCloseable {
|
|||||||
* Retrieve status of vault seal.
|
* Retrieve status of vault seal.
|
||||||
*
|
*
|
||||||
* @return Seal status
|
* @return Seal status
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
*/
|
*/
|
||||||
SealResponse sealStatus();
|
SealResponse sealStatus() throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Seal vault.
|
* Seal vault.
|
||||||
*
|
*
|
||||||
* @return TRUE on success
|
* @throws VaultConnectorException on error
|
||||||
*/
|
*/
|
||||||
boolean seal();
|
void seal() throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unseal vault.
|
* Unseal vault.
|
||||||
*
|
*
|
||||||
* @param key A single master share key
|
* @param key A single master share key
|
||||||
* @param reset Discard previously provided keys (optional)
|
* @param reset Discard previously provided keys (optional)
|
||||||
* @return TRUE on success
|
* @return Response with seal status
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
*/
|
*/
|
||||||
SealResponse unseal(final String key, final Boolean reset);
|
SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unseal vault.
|
* Unseal vault.
|
||||||
*
|
*
|
||||||
* @param key A single master share key
|
* @param key A single master share key
|
||||||
* @return TRUE on success
|
* @return Response with seal status
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
*/
|
*/
|
||||||
default SealResponse unseal(final String key) {
|
default SealResponse unseal(final String key) throws VaultConnectorException {
|
||||||
return unseal(key, null);
|
return unseal(key, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -118,22 +118,30 @@ public class HTTPVaultConnectorTest {
|
|||||||
* Test sealing and unsealing Vault.
|
* Test sealing and unsealing Vault.
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void sealTest() {
|
public void sealTest() throws VaultConnectorException {
|
||||||
SealResponse sealStatus = connector.sealStatus();
|
SealResponse sealStatus = connector.sealStatus();
|
||||||
assumeFalse(sealStatus.isSealed());
|
assumeFalse(sealStatus.isSealed());
|
||||||
|
|
||||||
/* Unauthorized sealing should fail */
|
/* Unauthorized sealing should fail */
|
||||||
assertThat("Unauthorized sealing succeeded", connector.seal(), is(false));
|
try {
|
||||||
assertThat("Vault sealed, although sealing failed", sealStatus.isSealed(), is(false));
|
connector.seal();
|
||||||
|
fail("Unauthorized sealing succeeded");
|
||||||
|
} catch (VaultConnectorException e) {
|
||||||
|
assertThat("Vault sealed, although sealing failed", sealStatus.isSealed(), is(false));
|
||||||
|
}
|
||||||
|
|
||||||
/* Root user should be able to seal */
|
/* Root user should be able to seal */
|
||||||
authRoot();
|
authRoot();
|
||||||
assumeTrue(connector.isAuthorized());
|
assumeTrue(connector.isAuthorized());
|
||||||
assertThat("Sealing failed", connector.seal(), is(true));
|
try {
|
||||||
sealStatus = connector.sealStatus();
|
connector.seal();
|
||||||
assertThat("Vault not sealed", sealStatus.isSealed(), is(true));
|
sealStatus = connector.sealStatus();
|
||||||
sealStatus = connector.unseal(KEY);
|
assertThat("Vault not sealed", sealStatus.isSealed(), is(true));
|
||||||
assertThat("Vault not unsealed", sealStatus.isSealed(), is(false));
|
sealStatus = connector.unseal(KEY);
|
||||||
|
assertThat("Vault not unsealed", sealStatus.isSealed(), is(false));
|
||||||
|
} catch (VaultConnectorException e) {
|
||||||
|
fail("Sealing failed");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -155,9 +163,13 @@ public class HTTPVaultConnectorTest {
|
|||||||
|
|
||||||
// No seal vault and verify correct status.
|
// No seal vault and verify correct status.
|
||||||
authRoot();
|
authRoot();
|
||||||
connector.seal();
|
try {
|
||||||
assumeTrue(connector.sealStatus().isSealed());
|
connector.seal();
|
||||||
connector.resetAuth(); // SHould work unauthenticated
|
assumeTrue(connector.sealStatus().isSealed());
|
||||||
|
connector.resetAuth(); // SHould work unauthenticated
|
||||||
|
} catch (VaultConnectorException e) {
|
||||||
|
fail("Unexpected exception on sealing: " + e.getMessage());
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
res = connector.getHealth();
|
res = connector.getHealth();
|
||||||
} catch (VaultConnectorException e) {
|
} catch (VaultConnectorException e) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user